Vulnerability Summary for the Week of March 20, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
404like_project -- 404like | A vulnerability was found in 404like Plugin up to 1.0.2. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | 2023-03-21 | 9.8 | CVE-2012-10009 MISC MISC MISC MISC |
admin_log_project -- admin_log | Cross-Site Request Forgery (CSRF) vulnerability in David Gwyer Admin Log plugin <= 1.50 versions. | 2023-03-20 | 8.8 | CVE-2023-23721 MISC |
adobe -- coldfusion | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | 2023-03-23 | 8.6 | CVE-2023-26360 MISC |
adobe -- coldfusion | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. | 2023-03-23 | 9.8 | CVE-2023-26359 MISC |
adobe -- creative_cloud | Creative Cloud version 5.9.1 (and earlier) is affected by an Untrusted Search Path vulnerability that might allow attackers to execute their own programs, access unauthorized data files, or modify configuration in unexpected ways. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. | 2023-03-22 | 7.8 | CVE-2023-26358 MISC |
adobe -- illustrator | Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-03-22 | 7.8 | CVE-2023-25859 MISC |
adobe -- illustrator | Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-03-22 | 7.8 | CVE-2023-25860 MISC |
adobe -- illustrator | Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-03-22 | 7.8 | CVE-2023-25861 MISC |
adobe -- illustrator | Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-03-22 | 7.8 | CVE-2023-26426 MISC |
air_cargo_management_system_project -- air_cargo_management_system | A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/transactions/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223556. | 2023-03-22 | 9.8 | CVE-2023-1564 MISC MISC MISC |
alphaware_-_simple_e-commerce_system_project -- alphaware_-_simple_e-commerce_system | A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file function/edit_customer.php. The manipulation of the argument firstname/mi/lastname with the input a' RLIKE SLEEP(5) AND 'dAbu'='dAbu leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-223406 is the identifier assigned to this vulnerability. | 2023-03-20 | 9.8 | CVE-2023-1502 MISC MISC |
alphaware_-_simple_e-commerce_system_project -- alphaware_-_simple_e-commerce_system | A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file admin/admin_index.php. The manipulation of the argument username/password with the input admin' AND (SELECT 8062 FROM (SELECT(SLEEP(5)))meUD)-- hLiX leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223407. | 2023-03-20 | 9.8 | CVE-2023-1503 MISC MISC |
alphaware_-_simple_e-commerce_system_project -- alphaware_-_simple_e-commerce_system | A vulnerability classified as critical was found in SourceCodester Alphaware Simple E-Commerce System 1.0. This vulnerability affects unknown code. The manipulation of the argument email/password with the input test1%40test.com ' AND (SELECT 6077 FROM (SELECT(SLEEP(5)))dltn) AND 'PhRa'='PhRa leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223408. | 2023-03-20 | 9.8 | CVE-2023-1504 MISC MISC |
alphaware_-_simple_e-commerce_system_project -- alphaware_-_simple_e-commerce_system | An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id. | 2023-03-19 | 9.8 | CVE-2023-26905 MISC |
ansible-semaphore -- ansible_semaphore | api/auth.go in Ansible Semaphore before 2.8.89 mishandles authentication. | 2023-03-18 | 9.8 | CVE-2023-28609 MISC MISC |
answer -- answer | Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | 9.8 | CVE-2023-1537 MISC CONFIRM |
answer -- answer | Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | 8.8 | CVE-2023-1543 MISC CONFIRM |
apache -- sling_resource_merger | Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2. | 2023-03-20 | 7.5 | CVE-2023-26513 MISC |
arubanetworks -- clearpass_policy_manager | A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of this vulnerability allows an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform. | 2023-03-22 | 8.8 | CVE-2023-25594 MISC |
atm-consulting -- dolibarr_module_quicksupplierprice | A vulnerability, which was classified as critical, has been found in ATM Consulting dolibarr_module_quicksupplierprice up to 1.1.6. Affected by this issue is the function upatePrice of the file script/interface.php. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.7 is able to address this issue. The name of the patch is ccad1e4282b0e393a32fcc852e82ec0e0af5446f. It is recommended to upgrade the affected component. VDB-223382 is the identifier assigned to this vulnerability. | 2023-03-20 | 9.8 | CVE-2022-4933 MISC MISC MISC MISC |
automatic_question_paper_generator_system_project -- automatic_question_paper_generator_system | A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/courses/view_course.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223285 was assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1441 MISC MISC MISC |
automatic_question_paper_generator_system_project -- automatic_question_paper_generator_system | A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file users/question_papers/manage_question_paper.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223336. | 2023-03-17 | 9.8 | CVE-2023-1474 MISC MISC MISC |
automatic_question_paper_generator_system_project -- automatic_question_paper_generator_system | A vulnerability, which was classified as critical, was found in SourceCodester Automatic Question Paper Generator System 1.0. Affected is an unknown function of the file users/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223284. | 2023-03-17 | 8.8 | CVE-2023-1440 MISC MISC MISC |
canteen_management_system_project -- canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file changeUsername.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223304. | 2023-03-17 | 9.8 | CVE-2023-1459 MISC MISC MISC |
canteen_management_system_project -- canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file createCategories.php. The manipulation of the argument categoriesStatus leads to sql injection. The attack can be initiated remotely. VDB-223306 is the identifier assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1461 MISC MISC MISC |
canteen_management_system_project -- canteen_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0. This issue affects the function query of the file createuser.php. The manipulation of the argument uemail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223337 was assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1475 MISC MISC MISC |
centralite -- pearl_firmware | A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message. | 2023-03-17 | 7.5 | CVE-2023-24678 MISC MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In version 1.13.0, when Cilium is started, there is a short period when Cilium eBPF programs are not attached to the host. During this period, the host does not implement any of Cilium's featureset. This can cause disruption to newly established connections during this period due to the lack of Load Balancing, or can cause Network Policy bypass due to the lack of Network Policy enforcement during the window. This vulnerability impacts any Cilium-managed endpoints on the node (such as Kubernetes Pods), as well as the host network namespace (including Host Firewall). This vulnerability is fixed in Cilium 1.13.1 or later. Cilium releases 1.12.x, 1.11.x, and earlier are not affected. There are no known workarounds. | 2023-03-17 | 9.8 | CVE-2023-27595 MISC MISC MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, under specific conditions, Cilium may misattribute the source IP address of traffic to a cluster, identifying external traffic as coming from the host on which Cilium is running. As a consequence, network policies for that cluster might be bypassed, depending on the specific network policies enabled. This issue only manifests when Cilium is routing IPv6 traffic and NodePorts are used to route traffic to pods. IPv6 and endpoint routes are both disabled by default. The problem has been fixed and is available on versions 1.11.15, 1.12.8, and 1.13.1. As a workaround, disable IPv6 routing. | 2023-03-17 | 7.3 | CVE-2023-27594 MISC MISC MISC MISC |
cloudflare -- cloudflared | A vulnerability has been discovered in cloudflared's installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process. Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised. The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices. | 2023-03-21 | 7.8 | CVE-2023-1314 MISC MISC |
codesys -- multiple_products | In multiple products of CODESYS v3 in multiple versions a remote low privileged user could utilize this vulnerability to read and modify system files and OS resources or DoS the device. | 2023-03-23 | 8.8 | CVE-2022-4224 MISC |
codesys -- runtime_system | The CODESYS runtime system in multiple versions allows an remote low privileged attacker to use a path traversal vulnerability to access and modify all system files as well as DoS the device. | 2023-03-23 | 8.8 | CVE-2018-25048 MISC |
collection.js_project -- collection.js | Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. | 2023-03-18 | 7.5 | CVE-2023-26113 MISC MISC MISC MISC MISC |
contiki-ng -- contiki-ng | Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. In versions 4.8 and prior, an out-of-bounds write can occur in the BLE L2CAP module of the Contiki-NG operating system. The network stack of Contiki-NG uses a global buffer (packetbuf) for processing of packets, with the size of PACKETBUF_SIZE. In particular, when using the BLE L2CAP module with the default configuration, the PACKETBUF_SIZE value becomes larger then the actual size of the packetbuf. When large packets are processed by the L2CAP module, a buffer overflow can therefore occur when copying the packet data to the packetbuf. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be worked around by applying the patch manually. | 2023-03-17 | 9.8 | CVE-2023-28116 MISC MISC |
courtbouillon -- cairosvg | CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service. Version 2.7.0 disables CairoSVG's ability to access other files online by default. | 2023-03-20 | 7.1 | CVE-2023-27586 MISC MISC MISC MISC |
custom_content_shortcode_project -- custom_content_shortcode | The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability. | 2023-03-20 | 8.8 | CVE-2023-0340 MISC |
dell -- powermax_os | Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | 2023-03-17 | 7.4 | CVE-2021-21548 MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, some user provided URLs were being passed to FastImage without SSRF protection. Insufficient protections could enable attackers to trigger outbound network connections from the Discourse server to private IP addresses. This affects any site running the `tests-passed` or `beta` branches versions 3.1.0.beta2 and prior. This issue is patched in version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-03-17 | 8.1 | CVE-2023-28112 MISC MISC MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Prior to version 3.1.0.beta3 of the `beta` and `tests-passed` branches, attackers are able to bypass Discourse's server-side request forgery (SSRF) protection for private IPv4 addresses by using a IPv4-mapped IPv6 address. The issue is patched in the latest beta and tests-passed version of Discourse. version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-03-17 | 7.5 | CVE-2023-28111 MISC MISC MISC |
e-commerce_system_project -- e-commerce_system | A vulnerability, which was classified as critical, has been found in SourceCodester E-Commerce System 1.0. This issue affects some unknown processing of the file /ecommerce/admin/settings/setDiscount.php. The manipulation of the argument id with the input 201737 AND (SELECT 8973 FROM (SELECT(SLEEP(5)))OoAD) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223409 was assigned to this vulnerability. | 2023-03-20 | 9.8 | CVE-2023-1505 MISC MISC |
e-commerce_system_project -- e-commerce_system | A vulnerability, which was classified as critical, was found in SourceCodester E-Commerce System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223410 is the identifier assigned to this vulnerability. | 2023-03-20 | 9.8 | CVE-2023-1506 MISC MISC |
e-commerce_system_project -- e-commerce_system | A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability. | 2023-03-22 | 9.8 | CVE-2023-1557 MISC MISC |
fastxml -- jackson-databind | jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization. | 2023-03-18 | 7.5 | CVE-2021-46877 MISC MISC |
filseclab -- twister_antivirus | A vulnerability was found in Filseclab Twister Antivirus 8. It has been declared as problematic. This vulnerability affects the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223288. | 2023-03-17 | 7.5 | CVE-2023-1443 MISC MISC MISC MISC |
galaxyproject -- galaxy | Galaxy is an open-source platform for data analysis. All supported versions of Galaxy are affected prior to 22.01, 22.05, and 23.0 are affected by an insufficient permission check. Unsupported versions are likely affected as far back as the functionality of Visualizations/Pages exists. Due to this issue, an attacker can modify or delete any Galaxy Visualization or Galaxy Page given they know the encoded ID of it. Additionally, they can copy or import any Galaxy Visualization given they know the encoded ID of it. Patches are available for versions 22.01, 22.05, and 23.0. For the changes to take effect, you must restart all Galaxy server processes. There are no supported workarounds. | 2023-03-20 | 7.5 | CVE-2023-27578 MISC MISC MISC MISC |
gentoo -- soko | Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | 2023-03-20 | 9.8 | CVE-2023-28424 MISC MISC |
gnu -- org_mode | org-babel-execute:latex in ob-latex.el in Org Mode through 9.6.1 for GNU Emacs allows attackers to execute arbitrary commands via a file name or directory name that contains shell metacharacters. | 2023-03-19 | 9.8 | CVE-2023-28617 MISC MISC MISC |
google -- chrome | Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | 2023-03-21 | 9.8 | CVE-2023-1529 MISC MISC |
google -- chrome | Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1528 MISC MISC |
google -- chrome | Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1530 MISC MISC |
google -- chrome | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1531 MISC MISC |
google -- chrome | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1532 MISC MISC |
google -- chrome | Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1533 MISC MISC |
google -- chrome | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-21 | 8.8 | CVE-2023-1534 MISC MISC |
gpac -- gpac | A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. This affects the function gf_m2ts_process_sdt of the file media_tools/mpegts.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223293 was assigned to this vulnerability. | 2023-03-17 | 7.8 | CVE-2023-1448 MISC MISC MISC MISC |
gpac -- gpac | A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. This vulnerability affects the function gf_av1_reset_state of the file media_tools/av_parsers.c. The manipulation leads to double free. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223294 is the identifier assigned to this vulnerability. | 2023-03-17 | 7.8 | CVE-2023-1449 MISC MISC MISC MISC |
gpac -- gpac | A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file filters/load_text.c. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier VDB-223297 was assigned to this vulnerability. | 2023-03-17 | 7.8 | CVE-2023-1452 MISC MISC MISC MISC |
hkcms_project -- hkcms | A vulnerability, which was classified as problematic, was found in HkCms 2.2.4.230206. This affects an unknown part of the file /admin.php/appcenter/local.html?type=addon of the component External Plugin Handler. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223365 was assigned to this vulnerability. | 2023-03-18 | 8.8 | CVE-2023-1482 MISC MISC MISC |
ibm -- aspera_faspex | IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | 2023-03-21 | 8.8 | CVE-2023-27874 MISC MISC |
ibm -- aspera_faspex | IBM Aspera Faspex 4.4.2 could allow a remote attacker to obtain sensitive credential information for an external user, using a specially crafted SQL query. IBM X-Force ID: 249613. | 2023-03-21 | 7.5 | CVE-2023-27871 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 247597. | 2023-03-21 | 9.8 | CVE-2023-25684 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. IBM X-Force ID: 247630. | 2023-03-22 | 8.8 | CVE-2023-25924 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an attacker to upload files that could be used in a denial of service attack due to incorrect authorization. IBM X-Force ID: 247629. | 2023-03-21 | 7.5 | CVE-2023-25923 MISC MISC |
ibos -- ibos | A vulnerability classified as critical has been found in IBOS 4.5.5. Affected is an unknown function of the file ApiController.php. The manipulation of the argument emailids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223380. | 2023-03-18 | 9.8 | CVE-2023-1494 MISC MISC MISC |
irc_twitter_announcer_bot_project -- irc_twitter_announcer_bot | A vulnerability, which was classified as critical, was found in Zarthus IRC Twitter Announcer Bot up to 1.1.0. This affects the function get_tweets of the file lib/twitterbot/plugins/twitter_announcer.rb. The manipulation of the argument tweet leads to command injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. The name of the patch is 6b1941b7fc2c70e1f40981b43c84a2c20cc12bd3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223383. | 2023-03-20 | 9.8 | CVE-2015-10096 MISC MISC MISC MISC |
jeecg -- jeecg-boot | A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299. | 2023-03-17 | 9.8 | CVE-2023-1454 MISC MISC MISC |
jenkins -- absint_a3 | Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2023-03-22 | 7.1 | CVE-2023-28685 MISC |
joomunited -- wp_meta_seo | The WP Meta SEO WordPress plugin before 4.5.3 does not properly sanitize and escape inputs into SQL queries, leading to a blind SQL Injection vulnerability that can be exploited by subscriber+ users. | 2023-03-20 | 8.8 | CVE-2023-0875 MISC |
judging_management_system_project -- judging_management_system | A vulnerability was found in SourceCodester Judging Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file summary_results.php. The manipulation of the argument main_event_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223549 was assigned to this vulnerability. | 2023-03-22 | 9.8 | CVE-2023-1556 MISC MISC MISC |
kaml_project -- kaml | kaml provides YAML support for kotlinx.serialization. Prior to version 0.53.0, applications that use kaml to parse untrusted input containing anchors and aliases may consume excessive memory and crash. Version 0.53.0 and later default to refusing to parse YAML documents containing anchors and aliases. There are no known workarounds. | 2023-03-20 | 7.5 | CVE-2023-28118 MISC MISC MISC |
knplabs -- snappy | Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the `file_exists()` function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. This can lead to remote code execution especially when snappy is used with frameworks with documented POP chains like Laravel/Symfony vulnerable developer code. If a user can control the output file from the `generateFromHtml()` function, it will invoke deserialization. This vulnerability is capable of remote code execution if Snappy is used with frameworks or developer code with vulnerable POP chains. It has been fixed in version 1.4.2. | 2023-03-17 | 9.8 | CVE-2023-28115 MISC MISC MISC MISC MISC MISC |
linux -- linux_kernel | A use-after-free flaw was found in Linux kernel before 5.19.2. This issue occurs in cmd_hdl_filter in drivers/staging/rtl8712/rtl8712_cmd.c, allowing an attacker to launch a local denial of service attack and gain escalation of privileges. | 2023-03-22 | 7.8 | CVE-2022-4095 MISC |
linux -- linux_kernel | In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. | 2023-03-19 | 7.8 | CVE-2022-48423 MISC MISC |
linux -- linux_kernel | In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. | 2023-03-19 | 7.8 | CVE-2022-48424 MISC MISC |
linux -- linux_kernel | In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs. | 2023-03-19 | 7.8 | CVE-2022-48425 MISC MISC |
linux -- linux_kernel | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root. This issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2. | 2023-03-22 | 7.8 | CVE-2023-1281 MISC MISC |
medical_certificate_generator_app_project -- medical_certificate_generator_app | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223558 is the identifier assigned to this vulnerability. | 2023-03-22 | 9.8 | CVE-2023-1566 MISC MISC MISC |
medicine_tracker_system_project -- medicine_tracker_system | A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0. This issue affects some unknown processing of the file medicines/view_details.php of the component GET Parameter Handler. The manipulation of the argument GET leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223283. | 2023-03-17 | 9.8 | CVE-2023-1439 MISC MISC MISC |
medicine_tracker_system_project -- medicine_tracker_system | A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. This affects an unknown part of the file Users.php?f=save_user. The manipulation of the argument firstname/middlename/lastname/username/password leads to improper authentication. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223311. | 2023-03-17 | 9.8 | CVE-2023-1464 MISC MISC |
megafeis -- bofei_dbd\+ | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to unlock model(s) without authorization via arbitrary API requests. | 2023-03-21 | 8.1 | CVE-2022-45636 MISC MISC |
metagauss -- profilegrid | The ProfileGrid WordPress plugin before 5.3.1 provides an AJAX endpoint for resetting a user password but does not implement proper authorization. This allows a user with low privileges, such as subscriber, to change the password of any account, including Administrator ones. | 2023-03-20 | 8.8 | CVE-2023-0940 MISC |
miniflux_project -- miniflux | Miniflux is a feed reader. Prior to version 2.0.43, an unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the `METRICS_COLLECTOR` configuration option is enabled and `METRICS_ALLOWED_NETWORKS` is set to `127.0.0.1/8` (the default). A patch is available in Miniflux 2.0.43. As a workaround, set `METRICS_COLLECTOR` to `false` (default) or run Miniflux behind a trusted reverse-proxy. | 2023-03-17 | 7.5 | CVE-2023-27591 MISC MISC MISC MISC |
monitoring_of_students_cyber_accounts_system_project -- monitoring_of_students_cyber_accounts_system | A vulnerability classified as critical was found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223363. | 2023-03-18 | 9.8 | CVE-2023-1480 MISC MISC MISC |
netgate -- pfsense | A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml. | 2023-03-17 | 8.8 | CVE-2023-27253 MISC MISC |
netgear -- rbs750_firmware | A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2023-03-21 | 8.8 | CVE-2022-37337 MISC |
netgear -- rbs750_firmware | A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | 2023-03-21 | 8.8 | CVE-2022-38452 MISC |
netgear -- rbs750_firmware | A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | 2023-03-21 | 7.2 | CVE-2022-36429 MISC |
obox -- launchpad_-_coming_soon_\&_maintenance_mode_plugin | Cross-Site Request Forgery (CSRF) vulnerability in Obox Themes Launchpad – Coming Soon & Maintenance Mode plugin <= 1.0.13 versions. | 2023-03-17 | 8.8 | CVE-2022-46854 MISC |
online_pizza_ordering_system_project -- online_pizza_ordering_system | A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. This vulnerability affects unknown code of the file admin/ajax.php?action=login2 of the component Login Page. The manipulation of the argument email with the input abc%40qq.com' AND (SELECT 9110 FROM (SELECT(SLEEP(5)))XSlc) AND 'jFNl'='jFNl leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223300. | 2023-03-17 | 9.8 | CVE-2023-1455 MISC MISC |
online_pizza_ordering_system_project -- online_pizza_ordering_system | A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file admin/ajax.php?action=save_user of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to initiate the attack remotely. The identifier VDB-223305 was assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1460 MISC MISC |
openbsd -- openssh | ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. | 2023-03-17 | 9.8 | CVE-2023-28531 MISC |
otrs -- otrs | Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 2023-03-20 | 7.8 | CVE-2023-1250 MISC |
pacsrapor -- pacsrapor | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. | 2023-03-21 | 9.8 | CVE-2023-1153 MISC |
paradox -- ipr512_firmware | An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters. | 2023-03-21 | 7.5 | CVE-2023-24709 MISC MISC |
pimcore -- pimcore | SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. | 2023-03-22 | 8.8 | CVE-2023-1578 CONFIRM MISC |
prestashop -- eo_tags | The eo_tags package before 1.3.0 for PrestaShop allows SQL injection via an HTTP User-Agent or Referer header. | 2023-03-21 | 9.8 | CVE-2023-27569 MISC MISC |
prestashop -- eo_tags | The eo_tags package before 1.4.19 for PrestaShop allows SQL injection via a crafted _ga cookie. | 2023-03-21 | 9.8 | CVE-2023-27570 MISC MISC |
qykcms -- qykcms | A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. It has been classified as problematic. This affects an unknown part of the file /admin_system/api.php of the component Update Handler. The manipulation of the argument downurl leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223287. | 2023-03-17 | 7.2 | CVE-2023-1442 MISC MISC MISC |
responsive_hotel_site_project -- responsive_hotel_site | A vulnerability classified as critical has been found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file messages.php of the component Newsletter Log Handler. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223398 is the identifier assigned to this vulnerability. | 2023-03-19 | 9.8 | CVE-2023-1498 MISC MISC MISC |
rockoa -- rockoa | A vulnerability, which was classified as critical, was found in RockOA 2.3.2. This affects the function runAction of the file acloudCosAction.php.SQL. The manipulation of the argument fileid leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223401 was assigned to this vulnerability. | 2023-03-19 | 8.8 | CVE-2023-1501 MISC MISC MISC |
rockwellautomation -- thinmanager | In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker could potentially exploit this vulnerability to upload arbitrary files to any directory on the disk drive where ThinServer.exe is installed. The attacker could overwrite existing executable files with attacker-controlled, malicious contents, potentially causing remote code execution. | 2023-03-22 | 9.8 | CVE-2023-27855 MISC |
rockwellautomation -- thinmanager | In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to download arbitrary files on the disk drive where ThinServer.exe is installed. | 2023-03-22 | 7.5 | CVE-2023-27856 MISC |
ruifang-tech -- rebuild | A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability. | 2023-03-19 | 8.8 | CVE-2023-1495 MISC MISC MISC MISC |
samsung -- exynos_modem_5300_firmware | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribute in the SDP (Session Description Protocol) module. | 2023-03-23 | 9.8 | CVE-2023-26496 MISC MISC MISC |
samsung -- exynos_modem_5300_firmware | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute. | 2023-03-21 | 9.8 | CVE-2023-26497 MISC MISC MISC |
samsung -- exynos_modem_5300_firmware | An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module. | 2023-03-23 | 9.8 | CVE-2023-26498 MISC MISC MISC |
schneider-electric -- custom_reports | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow the creation of a malicious report file in the IGSS project report directory, this could lead to remote code execution when a victim eventually opens the report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior) | 2023-03-21 | 8.8 | CVE-2023-27980 CONFIRM |
schneider-electric -- custom_reports | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists in Custom Reports that could cause a remote code execution when a victim tries to open a malicious report. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | 8.8 | CVE-2023-27981 MISC |
schneider-electric -- custom_reports | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause manipulation of dashboard files in the IGSS project report directory, when an attacker sends specific crafted messages to the Data Server TCP port, this could lead to remote code execution when a victim eventually opens a malicious dashboard file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | 8.8 | CVE-2023-27982 CONFIRM |
schneider-electric -- custom_reports | A CWE-20: Improper Input Validation vulnerability exists in Custom Reports that could cause a macro to be executed, potentially leading to remote code execution when a user opens a malicious report file planted by an attacker. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | 8.8 | CVE-2023-27984 MISC |
schneider-electric -- custom_reports | A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | 7.8 | CVE-2023-27978 MISC |
simple_and_beautiful_shopping_cart_system_project -- simple_and_beautiful_shopping_cart_system | A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. This affects an unknown part of the file uploadera.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223551. | 2023-03-22 | 9.8 | CVE-2023-1558 MISC MISC MISC |
simple_and_nice_shopping_cart_script_project -- simple_and_nice_shopping_cart_script | A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script 1.0. It has been rated as critical. This issue affects some unknown processing of the file uploaderm.php. The manipulation of the argument submit leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223397 was assigned to this vulnerability. | 2023-03-19 | 9.8 | CVE-2023-1497 MISC MISC MISC |
simple_art_gallery_project -- simple_art_gallery | A vulnerability classified as critical was found in code-projects Simple Art Gallery 1.0. Affected by this vulnerability is an unknown functionality of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223399. | 2023-03-19 | 9.8 | CVE-2023-1499 MISC MISC MISC |
simple_music_player_project -- simple_music_player | A vulnerability classified as critical has been found in SourceCodester Simple Music Player 1.0. Affected is an unknown function of the file save_music.php. The manipulation of the argument filename leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223362 is the identifier assigned to this vulnerability. | 2023-03-18 | 9.8 | CVE-2023-1479 MISC MISC MISC |
simple_online_hotel_reservation_system_project -- simple_online_hotel_reservation_system | A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Affected is an unknown function of the file add_room.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. VDB-223554 is the identifier assigned to this vulnerability. | 2023-03-22 | 9.8 | CVE-2023-1561 MISC MISC MISC |
storage_unit_rental_management_system_project -- storage_unit_rental_management_system | A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. This vulnerability affects unknown code of the file classes/Users.php?f=save. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223552. | 2023-03-22 | 7.2 | CVE-2023-1559 MISC MISC MISC |
strangerstudios -- paid_memberships_pro | The Paid Memberships Pro WordPress plugin before 2.9.12 does not prevent subscribers from rendering shortcodes that concatenate attributes directly into an SQL query. | 2023-03-20 | 8.8 | CVE-2023-0631 MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(SLEEP(5)))FWlC) AND 'butz'='butz leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223325 was assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1466 MISC MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223326 is the identifier assigned to this vulnerability. | 2023-03-17 | 9.8 | CVE-2023-1467 MISC MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipulation of the argument date_from/date_to leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-223327. | 2023-03-17 | 9.8 | CVE-2023-1468 MISC MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555. | 2023-03-22 | 9.8 | CVE-2023-1563 MISC MISC MISC |
superior_faq_project -- superior_faq | Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2 versions. | 2023-03-20 | 8.8 | CVE-2023-22678 MISC |
teacms_project -- teacms | A vulnerability has been found in XiaoBingBy TeaCMS up to 2.0.2 and classified as critical. This vulnerability affects unknown code of the file /admin/getallarticleinfo. The manipulation of the argument searchInfo leads to sql injection. The attack can be initiated remotely. VDB-223366 is the identifier assigned to this vulnerability. | 2023-03-18 | 9.8 | CVE-2023-1483 MISC MISC MISC |
teampass -- teampass | SQL Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | 2023-03-21 | 7.5 | CVE-2023-1545 CONFIRM MISC |
tenda -- w20e_firmware | Tenda W20E v15.11.0.6 (US_W20EV4.0br_v15.11.0.6(1068_1546_841)_CN_TDC) is vulnerable to Buffer Overflow via function formIPMacBindModify. | 2023-03-19 | 9.8 | CVE-2023-26805 MISC |
tenda -- w20e_firmware | Tenda W20E v15.11.0.6(US_W20EV4.0br_v15.11.0.6(1068_1546_841 is vulnerable to Buffer Overflow via function formSetSysTime, | 2023-03-19 | 9.8 | CVE-2023-26806 MISC |
trendmicro -- txone_stellarone | TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his privileges to administrator level. With these privileges, an attacker could perform actions they are not authorized to. Please note: an attacker must first obtain a low-privileged authenticated user's profile on the target system in order to exploit this vulnerability. | 2023-03-22 | 8.8 | CVE-2023-25069 MISC MISC |
tshirtecommerce -- tshirtecommerce | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised product_id GET parameter in order to exploit an insecure parameter in the front controller file designer.php, which could lead to a SQL injection. This is exploited in the wild in March 2023. | 2023-03-22 | 9.8 | CVE-2023-27637 MISC MISC MISC |
tshirtecommerce -- tshirtecommerce | An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with a compromised tshirtecommerce_design_cart_id GET parameter in order to exploit an insecure parameter in the functions hookActionCartSave and updateCustomizationTable, which could lead to a SQL injection. This is exploited in the wild in March 2023. | 2023-03-22 | 9.8 | CVE-2023-27638 MISC MISC MISC |
universal_star_rating_project -- universal_star_rating | Cross-Site Request Forgery (CSRF) vulnerability in Chasil Universal Star Rating plugin <= 2.1.0 version. | 2023-03-17 | 8.8 | CVE-2022-46867 MISC |
utarit -- persolus | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | 2023-03-17 | 9.8 | CVE-2023-1152 MISC |
vadi -- digikent | Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20. | 2023-03-21 | 8.8 | CVE-2023-1462 MISC |
varta_storage -- multiple_products | Hard-coded credentials in Web-UI of multiple VARTA Storage products in multiple versions allows an unauthorized attacker to gain administrative access to the Web-UI via network. | 2023-03-23 | 9.1 | CVE-2022-22512 MISC |
watchdog -- anti-virus | A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. It has been rated as critical. Affected by this issue is the function 0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223298 is the identifier assigned to this vulnerability. | 2023-03-17 | 7.1 | CVE-2023-1453 MISC MISC MISC MISC |
wechat_sdk_python_project -- wechat_sdk_python | A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name of the patch is e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | 2023-03-21 | 9.8 | CVE-2018-25082 MISC MISC MISC MISC MISC |
wellintech -- kinghistorian | An integer conversion vulnerability exists in the SORBAx64.dll RecvPacket functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2023-03-20 | 9.8 | CVE-2022-43663 MISC |
wellintech -- kinghistorian | An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability. | 2023-03-20 | 7.5 | CVE-2022-45124 MISC |
wisecleaner -- wise_force_deleter | A vulnerability classified as problematic was found in Lespeed WiseCleaner Wise Force Deleter 1.5.3.54. This vulnerability affects the function 0x220004 in the library WiseUnlock64.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223372. | 2023-03-18 | 7.1 | CVE-2023-1486 MISC MISC MISC MISC |
wisecleaner -- wise_system_monitor | A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375. | 2023-03-18 | 7.8 | CVE-2023-1489 MISC MISC MISC MISC |
woocommerce_multiple_customer_addresses_\&_shipping_project -- woocommerce_multiple_customer_addresses_\&_shipping | The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not ensure that the address to add/update/retrieve/delete and duplicate belong to the user making the request, or is from a high privilege users, allowing any authenticated users, such as subscriber to add/update/duplicate/delete as well as retrieve addresses of other users. | 2023-03-20 | 8.8 | CVE-2023-0865 MISC |
wp-slimstat -- slimstat_analytics | The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. | 2023-03-20 | 8.8 | CVE-2023-0630 MISC |
xuxueli -- xxl-job | Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | 2023-03-21 | 7.5 | CVE-2023-27087 MISC |
xzjie_cms_project -- xzjie_cms | A vulnerability was found in xzjie cms up to 1.0.3 and classified as critical. This issue affects some unknown processing of the file /api/upload. The manipulation of the argument uploadFile leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-223367. | 2023-03-18 | 9.8 | CVE-2023-1484 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
accesspressthemes -- smart_logo_showcase_lite | The Responsive Clients Logo Gallery Plugin for WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0175 MISC |
adobe -- coldfusion | Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in Arbitrary file system read. Exploitation of this issue does not require user interaction, but does require administrator privileges. | 2023-03-23 | 4.9 | CVE-2023-26361 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-21615 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-21616 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-22252 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-22253 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-22254 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22256 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22257 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22258 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22259 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22260 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22261 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22262 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22263 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22264 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22265 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2023-03-22 | 5.4 | CVE-2023-22266 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2023-03-22 | 5.4 | CVE-2023-22269 MISC |
adobe -- experience_manager | Experience Manager versions 6.5.15.0 (and earlier) are affected by a Weak Cryptography for Passwords vulnerability that can lead to a security feature bypass. A low-privileged attacker can exploit this in order to decrypt a user's password. The attack complexity is high since a successful exploitation requires to already have in possession this encrypted secret. | 2023-03-22 | 5.3 | CVE-2023-22271 MISC |
adobe -- illustrator | Illustrator version 26.5.2 (and earlier) and 27.2.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-03-22 | 5.5 | CVE-2023-25862 MISC |
altanic -- no_api_amazon_affiliate | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Altanic No API Amazon Affiliate plugin <= 4.2.2 versions. | 2023-03-20 | 4.8 | CVE-2023-22680 MISC |
answer -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | 2023-03-21 | 5.4 | CVE-2023-1535 CONFIRM MISC |
answer -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. | 2023-03-21 | 5.4 | CVE-2023-1536 CONFIRM MISC |
answer -- answer | Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | 5.4 | CVE-2023-1542 MISC CONFIRM |
answer -- answer | Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | 5.3 | CVE-2023-1538 MISC CONFIRM |
answer -- answer | Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | 5.3 | CVE-2023-1540 CONFIRM MISC |
arubanetworks -- clearpass_policy_manager | Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-03-22 | 6.1 | CVE-2023-25593 MISC |
booking-wp-plugin -- bookly | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-03-17 | 6.1 | CVE-2023-1172 MISC MISC |
cilium -- cilium | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.11.15, 1.12.8, and 1.13.1, an attacker with access to a Cilium agent pod can write to `/opt/cni/bin` due to a `hostPath` mount of that directory in the agent pod. By replacing the CNI binary with their own malicious binary and waiting for the creation of a new pod on the node, the attacker can gain access to the underlying node. The issue has been fixed and the fix is available on versions 1.11.15, 1.12.8, and 1.13.1. Some workarounds are available. Kubernetes RBAC should be used to deny users and service accounts `exec` access to Cilium agent pods. In cases where a user requires `exec` access to Cilium agent pods, but should not have access to the underlying node, no workaround is possible. | 2023-03-17 | 5.5 | CVE-2023-27593 MISC MISC MISC MISC MISC MISC |
corebos -- corebos | Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. | 2023-03-21 | 5.4 | CVE-2023-1527 MISC CONFIRM |
custom_content_shortcode_project -- custom_content_shortcode | The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-03-20 | 5.4 | CVE-2023-0273 MISC |
dash10 -- oauth_server | The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 does not have CSRF check when deleting a client, and does not ensure that the object to be deleted is actually a client, which could allow attackers to make a logged in admin delete arbitrary client and post via a CSRF attack. | 2023-03-20 | 4.3 | CVE-2022-3894 MISC |
dash10 -- oauth_server | The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | 2023-03-20 | 4.3 | CVE-2022-4148 MISC |
datagear -- datagear | A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. This vulnerability affects unknown code of the component Plugin Handler. The manipulation leads to cross site scripting. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223564. | 2023-03-22 | 5.4 | CVE-2023-1572 MISC MISC MISC MISC MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Between versions 3.1.0.beta2 and 3.1.0.beta3 of the `tests-passed` branch, editing or responding to a chat message containing malicious content could lead to a cross-site scripting attack. This issue is patched in version 3.1.0.beta3 of the `tests-passed` branch. There are no known workarounds. | 2023-03-17 | 6.1 | CVE-2023-26040 MISC MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, a maliciously crafted URL can be included in a user's full name field to to carry out cross-site scripting attacks on sites with a disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. The vulnerability is patched in version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches. As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse. | 2023-03-17 | 5.4 | CVE-2023-25172 MISC MISC MISC MISC MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Prior to version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches, a user logged as an administrator can request backups multiple times, which will eat up all the connections to the DB. If this is done on a site using multisite, then it can affect the whole cluster. The vulnerability is patched in version 3.0.2 of the `stable` branch and version 3.1.0.beta3 of the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-03-17 | 4.9 | CVE-2023-28107 MISC MISC MISC MISC MISC |
discourse -- discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag is a count of all regular topics regardless of whether the topic is in a read restricted category or not. As a result, any users can technically poll a sensitive tag to determine if a new topic is created in a category which the user does not have excess to. In version 3.0.1 of the `stable` branch and version 3.1.0.beta2 of the `beta` and `tests-passed` branches, the count of topics displayed for a tag defaults to only counting regular topics which are not in read restricted categories. Staff users will continue to see a count of all topics regardless of the topic's category read restrictions. | 2023-03-17 | 4.3 | CVE-2023-23622 MISC MISC MISC MISC MISC |
e-commerce_system_project -- e-commerce_system | A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ecommerce/admin/category/controller.php of the component Category Name Handler. The manipulation of the argument CATEGORY leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223411. | 2023-03-20 | 6.1 | CVE-2023-1507 MISC MISC |
e-commerce_system_project -- e-commerce_system | A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/user/controller.php?action=edit. The manipulation of the argument U_NAME with the input <script>alert('1')</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223561 was assigned to this vulnerability. | 2023-03-22 | 5.4 | CVE-2023-1569 MISC MISC |
evilmartians -- imgproxy | Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. | 2023-03-19 | 5.4 | CVE-2023-1496 CONFIRM MISC |
feifeicms -- feifeicms | A vulnerability was found in FeiFeiCMS 2.7.130201. It has been classified as problematic. This affects an unknown part of the file \Public\system\slide_add.html of the component Extension Tool. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223557 was assigned to this vulnerability. | 2023-03-22 | 5.4 | CVE-2023-1565 MISC MISC MISC |
filseclab -- twister_antivirus | A vulnerability was found in Filseclab Twister Antivirus 8. It has been rated as critical. This issue affects the function 0x8011206B in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223289 was assigned to this vulnerability. | 2023-03-17 | 6.5 | CVE-2023-1444 MISC MISC MISC MISC |
filseclab -- twister_antivirus | A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Affected is the function 0x80112053 in the library fildds.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-223290 is the identifier assigned to this vulnerability. | 2023-03-17 | 5.5 | CVE-2023-1445 MISC MISC MISC MISC |
galaxyweblinks -- gallery_with_thumbnail_slider | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Galaxy Weblinks Gallery with thumbnail slider plugin <= 6.0 versions. | 2023-03-21 | 5.4 | CVE-2022-42485 MISC |
gc_testimonials_project -- gc_testimonials | Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. | 2023-03-17 | 6.1 | CVE-2022-45817 MISC |
getresponse -- getresponse | The GetResponse for WordPress plugin through 5.5.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0167 MISC |
getshortcodes -- shortcodes_ultimate | The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not ensure that posts to be displayed via some shortcodes are already public and can be accessed by the user making the request, allowing any authenticated users such as subscriber to view draft, private or even password protected posts. It is also possible to leak the password of protected posts | 2023-03-20 | 6.5 | CVE-2023-0890 MISC |
getshortcodes -- shortcodes_ultimate | The WordPress Shortcodes Plugin — Shortcodes Ultimate WordPress plugin before 5.12.8 does not validate the user meta to be retrieved via the user shortcode, allowing any authenticated users such as subscriber to retrieve arbitrary user meta (except the user_pass), such as the user email and activation key by default. | 2023-03-20 | 6.5 | CVE-2023-0911 MISC |
gotowp -- gotowp | The GoToWP WordPress plugin through 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0369 MISC |
hp -- integrated_lights-out_4 | A remote Cross-site Scripting vulnerability was discovered in HPE Integrated Lights-Out 6 (iLO 6), Integrated Lights-Out 5 (iLO 5) and Integrated Lights-Out 4 (iLO 4). HPE has provided software updates to resolve this vulnerability in HPE Integrated Lights-Out. | 2023-03-22 | 5.4 | CVE-2023-28083 MISC |
ibm -- aspera_faspex | IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654. | 2023-03-21 | 6.5 | CVE-2023-27873 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 247601. | 2023-03-21 | 5.5 | CVE-2023-25686 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247606. | 2023-03-22 | 5.3 | CVE-2023-25688 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 247618. | 2023-03-21 | 5.3 | CVE-2023-25689 MISC MISC |
ibm -- security_key_lifecycle_manager | IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. IBM X-Force ID: 247602. | 2023-03-21 | 4.3 | CVE-2023-25687 MISC MISC |
implecode -- ecommerce_product_catalog | The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-03-17 | 4.8 | CVE-2023-1470 MISC MISC |
joomunited -- wp_meta_seo | The WP Meta SEO WordPress plugin before 4.5.3 does not authorize several ajax actions, allowing low-privilege users to make updates to certain data and leading to an arbitrary redirect vulnerability. | 2023-03-20 | 6.1 | CVE-2023-0876 MISC |
magicform_project -- magicform | Reflected Cross-Site Scripting (XSS) vulnerability in Dmytriy.Cooperman MagicForm plugin <= 0.1 versions. | 2023-03-20 | 6.1 | CVE-2022-47592 MISC |
map_multi_marker_project -- map_multi_marker | Reflected Cross-Site Scripting (XSS) vulnerability in Mickael Austoni Map Multi Marker plugin <= 3.2.1 versions. | 2023-03-20 | 6.1 | CVE-2022-47591 MISC |
mapicoin_project -- mapicoin | A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The name of the patch is 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability. | 2023-03-21 | 6.1 | CVE-2016-15029 MISC MISC MISC |
mattermost -- mattermost | Mattermost fails to check the "Show Full Name" setting when rendering the result for the /plugins/focalboard/api/v2/users API call, allowing an attacker to learn the full name of a board owner. | 2023-03-22 | 4.3 | CVE-2023-1562 MISC |
maxpcsecure -- anti_virus_plus | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376. | 2023-03-18 | 5.5 | CVE-2023-1490 MISC MISC MISC MISC |
maxpcsecure -- anti_virus_plus | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability. | 2023-03-18 | 5.5 | CVE-2023-1491 MISC MISC MISC MISC |
maxpcsecure -- anti_virus_plus | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been declared as problematic. This vulnerability affects the function 0x220019 in the library MaxProc64.sys of the component IoControlCode Handler. The manipulation of the argument SystemBuffer leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-223378 is the identifier assigned to this vulnerability. | 2023-03-18 | 5.5 | CVE-2023-1492 MISC MISC MISC MISC |
maxpcsecure -- anti_virus_plus | A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been rated as problematic. This issue affects the function 0x220019 in the library MaxProctetor64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223379. | 2023-03-18 | 5.5 | CVE-2023-1493 MISC MISC MISC MISC |
medicine_tracker_system_project -- medicine_tracker_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Affected by this issue is some unknown functionality of the file app/?page=medicines/manage_medicine. The manipulation of the argument name/description with the input <script>alert('2')</script> leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-223292. | 2023-03-17 | 6.1 | CVE-2023-1447 MISC MISC |
miniflux_project -- miniflux | Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the `html.ServerError` is returned unescaped without the expected Content Security Policy header added to valid responses. By creating an RSS feed item with the inline description containing an `<img>` tag with a `srcset` attribute pointing to an invalid URL like `http:a<script>alert(1)</script>`, we can coerce the proxy handler into an error condition where the invalid URL is returned unescaped and in full. This results in JavaScript execution on the Miniflux instance as soon as the user is convinced (e.g. by a message in the alt text) to open the broken image. An attacker can execute arbitrary JavaScript in the context of a victim Miniflux user when they open a broken image in a crafted RSS feed. This can be used to perform actions on the Miniflux instance as that user and gain administrative access to the Miniflux instance if it is reachable and the victim is an administrator. A patch is available in version 2.0.43. As a workaround sisable image proxy; default value is `http-only`. | 2023-03-17 | 5.4 | CVE-2023-27592 MISC MISC MISC MISC MISC MISC MISC |
misp-project -- malware_information_sharing_platform | js/event-graph.js in MISP before 2.4.169 allows XSS via event-graph node tooltips. | 2023-03-18 | 6.1 | CVE-2023-28606 MISC MISC |
misp-project -- malware_information_sharing_platform | js/event-graph.js in MISP before 2.4.169 allows XSS via the event-graph relationship tooltip. | 2023-03-18 | 6.1 | CVE-2023-28607 MISC MISC |
monitoring_of_students_cyber_accounts_system_project -- monitoring_of_students_cyber_accounts_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Monitoring of Students Cyber Accounts System 1.0. Affected by this issue is some unknown functionality of the file modules/balance/index.php?view=balancelist of the component POST Parameter Handler. The manipulation of the argument id with the input "><script>alert(111)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223364. | 2023-03-18 | 6.1 | CVE-2023-1481 MISC MISC MISC |
mp4v2_project -- mp4v2 | A vulnerability was found in MP4v2 2.1.2 and classified as problematic. This issue affects the function DumpTrack of the file mp4trackdump.cpp. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223295. | 2023-03-17 | 5.5 | CVE-2023-1450 MISC MISC MISC MISC |
mp4v2_project -- mp4v2 | A vulnerability was found in MP4v2 2.1.2. It has been classified as problematic. Affected is the function mp4v2::impl::MP4Track::GetSampleFileOffset of the file mp4track.cpp. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223296. | 2023-03-17 | 5.5 | CVE-2023-1451 MISC MISC MISC MISC |
netgear -- rbs750_firmware | A cleartext transmission vulnerability exists in the Remote Management functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. | 2023-03-21 | 5.9 | CVE-2022-38458 MISC |
nooz_project -- nooz | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Mighty Digital Nooz plugin <= 1.6.0 versions. | 2023-03-20 | 4.8 | CVE-2023-25794 MISC |
nsthemes -- advanced_social_pixel | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes Advanced Social Pixel plugin <= 2.1.1 versions. | 2023-03-20 | 4.8 | CVE-2023-24381 MISC |
online_exam_software_\ -- _eexamhall_project | Cross-Site Request Forgery (CSRF) vulnerability in Aarvanshinfotech Online Exam Software: eExamhall plugin <= 4.0 versions. | 2023-03-20 | 6.5 | CVE-2023-22681 MISC |
otrs -- otrs | Improper Input Validation vulnerability in OTRS AG OTRS (Ticket Actions modules), OTRS AG ((OTRS)) Community Edition (Ticket Actions modules) allows Cross-Site Scripting (XSS).This issue affects OTRS: from 7.0.X before 7.0.42; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 2023-03-20 | 6.1 | CVE-2023-1248 MISC |
pacsrapor -- pacsrapor | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. | 2023-03-21 | 6.1 | CVE-2023-1154 MISC |
page_loading_effects_project -- page_loading_effects | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Esstat17 Page Loading Effects plugin <= 2.0.0 versions. | 2023-03-20 | 4.8 | CVE-2023-23718 MISC |
pimcore -- pimcore | Pimcore is an open source data and experience management platform. Versions prior to 10.5.19 have an unsecured tooltip field in DataObject class definition. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Users should upgrade to version 10.5.19 or, as a workaround, apply the patch manually. | 2023-03-20 | 6.1 | CVE-2023-28429 MISC MISC MISC |
pimcore -- pimcore | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | 2023-03-20 | 5.4 | CVE-2023-1515 CONFIRM MISC |
pimcore -- pimcore | Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.19. | 2023-03-20 | 4.8 | CVE-2023-1517 CONFIRM MISC |
pixedelic -- camera_slideshow | Reflected Cross-Site Scripting (XSS) vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin <= 1.4.0.1 versions. | 2023-03-20 | 6.1 | CVE-2023-22682 MISC |
rapid7 -- insightvm | Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | 2023-03-20 | 6.1 | CVE-2023-0681 MISC |
rapidload -- rapidload_power-up_for_autoptimize | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. Actions include resetting the API key, accessing or deleting log files, and deleting cache among others. | 2023-03-17 | 6.3 | CVE-2023-1472 MISC MISC |
react_webcam_project -- react_webcam | The React Webcam WordPress plugin through 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0365 MISC |
real.kit_project -- real.kit | The real.Kit WordPress plugin before 5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0364 MISC |
redis -- redis | Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10. | 2023-03-20 | 5.5 | CVE-2023-28425 MISC MISC MISC |
robogallery -- gallery_images_ape | Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Galleryape Gallery Images Ape plugin <= 2.2.8 versions. | 2023-03-21 | 5.4 | CVE-2022-41785 MISC |
rockwellautomation -- modbus_tcp_server_add_on_instructions | Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information. | 2023-03-17 | 4.3 | CVE-2023-0027 MISC |
saan -- world_clock | The Saan World Clock WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0145 MISC |
service_area_postcode_checker_project -- service_area_postcode_checker | Auth. (admin+) vulnerability in Second2none Service Area Postcode Checker plugin <= 2.0.8 versions. | 2023-03-20 | 4.8 | CVE-2023-25782 MISC |
simple_art_gallery_project -- simple_art_gallery | A vulnerability, which was classified as problematic, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file adminHome.php. The manipulation of the argument about_info leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223400. | 2023-03-19 | 6.1 | CVE-2023-1500 MISC MISC MISC |
slideshow_se_project -- slideshow_se | Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. | 2023-03-17 | 5.4 | CVE-2022-43461 MISC |
squidex.io -- squidex | Squidex before 7.4.0 was discovered to contain a squid.svg cross-site scripting (XSS) vulnerability. | 2023-03-18 | 6.1 | CVE-2023-24278 MISC MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assign/assign.php. The manipulation of the argument sid leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223559. | 2023-03-22 | 6.1 | CVE-2023-1567 MISC MISC MISC |
student_study_center_desk_management_system_project -- student_study_center_desk_management_system | A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file /admin/reports/index.php of the component GET Parameter Handler. The manipulation of the argument date_to leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223560. | 2023-03-22 | 5.4 | CVE-2023-1568 MISC MISC MISC |
teampass -- teampass | Improper Authorization in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | 2023-03-17 | 5.4 | CVE-2023-1463 CONFIRM MISC |
tinytiff_project -- tinytiff | A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0. This issue affects some unknown processing of the file tinytiffreader.c of the component File Handler. The manipulation leads to buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223553 was assigned to this vulnerability. | 2023-03-22 | 5.5 | CVE-2023-1560 MISC MISC MISC MISC |
tipsandtricks-hq -- wp_express_checkout | The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrator-level access to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: This can potentially be exploited by lower-privileged users if the `Admin Dashboard Access Permission` setting it set for those users to access the dashboard. | 2023-03-17 | 4.8 | CVE-2023-1469 MISC MISC |
tribe29 -- checkmk | HTML Email Injection in Tribe29 Checkmk <=2.1.0p23; <=2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails | 2023-03-20 | 5.4 | CVE-2023-22288 MISC |
university_information_management_system_project -- university_information_management_system | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Izmir Katip Celebi University UBYS allows Stored XSS.This issue affects UBYS: before 23.03.16. | 2023-03-20 | 5.4 | CVE-2023-0320 MISC |
vektor-inc -- vk_all_in_one_expansion_unit | The VK All in One Expansion Unit WordPress plugin before 9.87.1.0 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2023-03-20 | 6.1 | CVE-2023-0937 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-41696 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-43512 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-45121 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-45468 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-46286 MISC |
visam -- vbase_automation_base | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-03-21 | 5.5 | CVE-2022-46300 MISC |
watchdog -- anti-virus | A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Affected by this vulnerability is the function 0x80002004/0x80002008 in the library wsdk-driver.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223291. | 2023-03-17 | 5.5 | CVE-2023-1446 MISC MISC MISC MISC |
wisecleaner -- wise_system_monitor | A vulnerability, which was classified as problematic, has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. This issue affects the function 0x9C40208C/0x9C402000/0x9C402084/0x9C402088/0x9C402004/0x9C4060C4/0x9C4060CC/0x9C4060D0/0x9C4060D4/0x9C40A0DC/0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-223373 was assigned to this vulnerability. | 2023-03-18 | 5.5 | CVE-2023-1487 MISC MISC MISC MISC |
wisecleaner -- wise_system_monitor | A vulnerability, which was classified as problematic, was found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54. Affected is the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-223374 is the identifier assigned to this vulnerability. | 2023-03-18 | 5.5 | CVE-2023-1488 MISC MISC MISC MISC |
wp-master -- feed_changer_\&_remover | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in WP-master.Ir Feed Changer & Remover plugin <= 0.2 versions. | 2023-03-20 | 4.8 | CVE-2023-25795 MISC |
wp_better_emails_project -- wp_better_emails | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nicolas Lemoine WP Better Emails plugin <= 0.4 versions. | 2023-03-20 | 4.8 | CVE-2023-22679 MISC |
wp_calendar_project -- wp_calendar | Stored Cross-Site Scripting (XSS) vulnerability in Fabian von Allmen WP Calendar plugin <= 1.5.3 versions. | 2023-03-17 | 5.4 | CVE-2022-45814 MISC |
wp_glossary_project -- wp_glossary | Auth. (contributor+) Cross-Site Scripting vulnerability in TCBarrett WP Glossary plugin <= 3.1.2 versions. | 2023-03-21 | 5.4 | CVE-2022-41831 MISC |
wp_htpasswd_project -- wp_htpasswd | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matteo Candura WP htpasswd plugin <= 1.7 versions. | 2023-03-20 | 4.8 | CVE-2023-25064 MISC |
wp_popup_banners_project -- wp_popup_banners | The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with minimal permissions, such as a subscrber, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-03-17 | 6.5 | CVE-2023-1471 MISC MISC MISC |
wpbean -- wpb_advanced_faq | The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-20 | 5.4 | CVE-2023-0370 MISC |
young_entrepreneur_e-negosyo_system_project -- young_entrepreneur_e-negosyo_system | A vulnerability classified as problematic has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file /bsenordering/index.php of the component GET Parameter Handler. The manipulation of the argument category with the input <script>alert(222)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223371. | 2023-03-18 | 6.1 | CVE-2023-1485 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
pdfio_project -- pdfio | PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1. | 2023-03-20 | 3.3 | CVE-2023-28428 MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25665 MISC MISC |
360 -- d901 | Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package. | 2023-03-23 | not yet calculated | CVE-2023-27077 MISC |
angular-server-side-configuration -- angular-server-side-configuration | angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation. | 2023-03-24 | not yet calculated | CVE-2023-28444 MISC MISC MISC |
answerdev -- answer | Guessable CAPTCHA in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | not yet calculated | CVE-2023-1539 CONFIRM MISC |
answerdev -- answer | Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-21 | not yet calculated | CVE-2023-1541 MISC CONFIRM |
apache -- openoffice | Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory. | 2023-03-24 | not yet calculated | CVE-2022-38745 MISC MISC |
apache -- openoffice | Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution. | 2023-03-24 | not yet calculated | CVE-2022-47502 MISC MISC |
apache -- tomcat | When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel. | 2023-03-22 | not yet calculated | CVE-2023-28708 MISC |
arno0x -- twofactorauth | A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803. | 2023-03-25 | not yet calculated | CVE-2016-15030 MISC MISC MISC MISC |
aruba -- aox-cx | An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. | 2023-03-22 | not yet calculated | CVE-2023-1168 MISC |
as_koc_energy -- web_report_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.This issue affects Web Report System: before 23.03.10. | 2023-03-23 | not yet calculated | CVE-2023-1050 MISC |
as_koc_energy -- web_report_system | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.This issue affects Web Report System: before 23.03.10. | 2023-03-23 | not yet calculated | CVE-2023-1051 MISC |
assisted_installer -- assisted_installer | A vulnerability was found in OpenShift Assisted Installer. During generation of the Discovery ISO, image pull secrets were leaked as plaintext in the installation logs. An authenticated user could exploit this by re-using the image pull secret to pull container images from the registry as the associated user. | 2023-03-24 | not yet calculated | CVE-2021-3684 MISC MISC MISC |
aver_information_inc -- ptzapp2 | Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request. | 2023-03-24 | not yet calculated | CVE-2023-27055 MISC |
baserproject -- basercms | baserCMS is a Content Management system. Prior to version 4.7.5, there is a Remote Code Execution (RCE) Vulnerability in the management system of baserCMS. Version 4.7.5 contains a patch. | 2023-03-23 | not yet calculated | CVE-2023-25654 MISC MISC MISC MISC MISC |
baserproject -- basercms | baserCMS is a Content Management system. Prior to version 4.7.5, any file may be uploaded on the management system of baserCMS. Version 4.7.5 contains a patch. | 2023-03-23 | not yet calculated | CVE-2023-25655 MISC MISC MISC MISC |
churchcrm -- churchcrm | RESERVED churchcrm v4.5.3 was discovered to contain a SQL injection vulnerability via the Event parameter at /churchcrm/EventAttendance.php. | 2023-03-23 | not yet calculated | CVE-2023-24787 MISC MISC MISC |
cilium -- cilium-cli | `cilium-cli` is the command line interface to install, manage, and troubleshoot Kubernetes clusters running Cilium. Prior to version 0.13.2,`cilium-cli`, when used to configure cluster mesh functionality, can remove the enforcement of user permissions on the `etcd` store used to mirror local cluster information to remote clusters. Users who have set up cluster meshes using the Cilium Helm chart are not affected by this issue. Due to an incorrect mount point specification, the settings specified by the `initContainer` that configures `etcd` users and their permissions are overwritten when using `cilium-cli` to configure a cluster mesh. An attacker who has already gained access to a valid key and certificate for an `etcd` cluster compromised in this manner could then modify state in that `etcd` cluster. This issue is patched in `cilium-cli` 0.13.2. As a workaround, one may use Cilium's Helm charts to create their cluster. | 2023-03-22 | not yet calculated | CVE-2023-28114 MISC MISC MISC MISC |
cisco -- access_point | A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to cause an affected device to reload spontaneously, resulting in a DoS condition. | 2023-03-23 | not yet calculated | CVE-2023-20056 CISCO |
cisco -- access_point | A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of certain parameters within 802.11 frames. An attacker could exploit this vulnerability by sending a wireless 802.11 association request frame with crafted parameters to an affected device. A successful exploit could allow the attacker to cause an unexpected reload of an affected device, resulting in a DoS condition. | 2023-03-23 | not yet calculated | CVE-2023-20112 CISCO |
cisco -- access_points | A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. This vulnerability is due to improper input validation of commands that are issued from a wireless controller to an AP. An attacker with Administrator access to the CLI of the controller could exploit this vulnerability by issuing a command with crafted arguments. A successful exploit could allow the attacker to gain full root access on the AP. | 2023-03-23 | not yet calculated | CVE-2023-20097 CISCO |
cisco -- digital_network_architecture_center | A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected device. This vulnerability is due to the unintended exposure of sensitive information. An attacker could exploit this vulnerability by inspecting the responses from the API. Under certain circumstances, a successful exploit could allow the attacker to access the API with the privileges of a higher-level user account. To successfully exploit this vulnerability, the attacker would need at least valid Observer credentials. | 2023-03-23 | not yet calculated | CVE-2023-20055 CISCO |
cisco -- digital_network_architecture_center | A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. The attacker must have valid low-privileged user credentials. This vulnerability is due to improper role-based access control (RBAC) with the integration of PnP. An attacker could exploit this vulnerability by authenticating to the device and sending a query to an internal API. A successful exploit could allow the attacker to view sensitive information in clear text, which could include configuration files. | 2023-03-23 | not yet calculated | CVE-2023-20059 CISCO |
cisco -- ios_xe | A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 2023-03-23 | not yet calculated | CVE-2023-20027 CISCO |
cisco -- ios_xe | A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. This vulnerability is due to insufficient memory protection in the Meraki onboarding feature of an affected device. An attacker could exploit this vulnerability by modifying the Meraki registration parameters. A successful exploit could allow the attacker to elevate privileges to root. | 2023-03-23 | not yet calculated | CVE-2023-20029 CISCO |
cisco -- ios_xe | A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | 2023-03-23 | not yet calculated | CVE-2023-20065 CISCO |
cisco -- ios_xe | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint of the web UI. This vulnerability is due to an insufficient security configuration. An attacker could exploit this vulnerability by sending a crafted request to the web UI. A successful exploit could allow the attacker to gain read access to files that are outside the filesystem mountpoint of the web UI. Note: These files are located on a restricted filesystem that is maintained for the web UI. There is no ability to write to any files on this filesystem. | 2023-03-23 | not yet calculated | CVE-2023-20066 CISCO |
cisco -- ios_xe | A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of received traffic. An attacker could exploit this vulnerability by sending crafted traffic through a wireless access point. A successful exploit could allow the attacker to cause CPU utilization to increase, which could result in a DoS condition on an affected device and could cause new wireless client associations to fail. Once the offending traffic stops, the affected system will return to an operational state and new client associations will succeed. | 2023-03-23 | not yet calculated | CVE-2023-20067 CISCO |
cisco -- ios_xe | A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of large fragmented tunnel protocol packets. One example of a tunnel protocol is Generic Routing Encapsulation (GRE). An attacker could exploit this vulnerability by sending crafted fragmented packets to an affected system. A successful exploit could allow the attacker to cause the affected system to reload, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-20072 CISCO |
cisco -- ios_xe | A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to the device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to errors that occur when retrieving the public release key that is used for image signature verification. An attacker could exploit this vulnerability by modifying specific variables in the Serial Peripheral Interface (SPI) flash memory of an affected device. A successful exploit could allow the attacker to execute persistent code on the underlying operating system. Note: In Cisco IOS XE Software releases 16.11.1 and later, the complexity of an attack using this vulnerability is high. However, an attacker with level-15 privileges could easily downgrade the Cisco IOS XE Software on a device to a release that would lower the attack complexity. | 2023-03-23 | not yet calculated | CVE-2023-20082 CISCO |
cisco -- ios_xe | A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error that occurs when certain conditions are met during the AP joining process. An attacker could exploit this vulnerability by adding an AP that is under their control to the network. The attacker then must ensure that the AP successfully joins an affected wireless controller under certain conditions. Additionally, the attacker would need the ability to restart a valid AP that was previously connected to the controller. A successful exploit could allow the attacker to cause the affected device to restart unexpectedly, resulting in a DoS condition. | 2023-03-23 | not yet calculated | CVE-2023-20100 CISCO |
cisco -- ios_xe_sd-wan | A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. This vulnerability is due to insufficient input validation by the system CLI. An attacker with privileges to run commands could exploit this vulnerability by first authenticating to an affected device using either local terminal access or a management shell interface and then submitting crafted input to the system CLI. A successful exploit could allow the attacker to execute commands on the underlying operating system with root-level privileges. An attacker with limited user privileges could use this vulnerability to gain complete control over the system. Note: For additional information about specific impacts, see the Details section of this advisory. | 2023-03-23 | not yet calculated | CVE-2023-20035 CISCO |
cisco -- multiple_products | A vulnerability in the IPv6 DHCP version 6 (DHCPv6) relay and server features of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to insufficient validation of data boundaries. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly. | 2023-03-23 | not yet calculated | CVE-2023-20080 CISCO |
cisco -- multiple_products | A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. | 2023-03-23 | not yet calculated | CVE-2023-20081 CISCO |
cisco -- multiple_products | A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco ASA 5506-X, ASA 5508-X, and ASA 5516-X Firewalls could allow an unauthenticated, remote attacker to cause a cryptographic collision, enabling the attacker to discover the private key of an affected device. This vulnerability is due to insufficient entropy in the DRBG for the affected hardware platforms when generating cryptographic keys. An attacker could exploit this vulnerability by generating a large number of cryptographic keys on an affected device and looking for collisions with target devices. A successful exploit could allow the attacker to impersonate an affected target device or to decrypt traffic secured by an affected key that is sent to or from an affected target device. | 2023-03-23 | not yet calculated | CVE-2023-20107 CISCO |
cisco -- sd-wan_vmanage | A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. These actions could include modifying the system configuration and deleting accounts. | 2023-03-23 | not yet calculated | CVE-2023-20113 CISCO |
ckeditor -- ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page. | 2023-03-22 | not yet calculated | CVE-2023-28439 MISC MISC MISC |
cobalt_strike -- cobalt_strike | Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI. | 2023-03-24 | not yet calculated | CVE-2022-42948 MISC MISC MISC |
componentspace -- componentspace.saml2 | ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. | 2023-03-24 | not yet calculated | CVE-2022-45597 MISC MISC MISC |
couchbase -- couchbase_server | In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. | 2023-03-23 | not yet calculated | CVE-2023-28470 MISC MISC MISC MISC |
creative_minds_solutions -- cm_answers | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM Answers plugin <= 3.1.9 versions. | 2023-03-23 | not yet calculated | CVE-2023-25992 MISC |
crewjam/saml -- crewjam/saml | The crewjam/saml go library contains a partial implementation of the SAML standard in golang. Prior to version 0.4.13, the package's use of `flate.NewReader` does not limit the size of the input. The user can pass more than 1 MB of data in the HTTP request to the processing functions, which will be decompressed server-side using the Deflate algorithm. Therefore, after repeating the same request multiple times, it is possible to achieve a reliable crash since the operating system kills the process. This issue is patched in version 0.4.13. | 2023-03-22 | not yet calculated | CVE-2023-28119 MISC MISC |
csz_cms -- csz_cms | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. | 2023-03-23 | not yet calculated | CVE-2020-19786 MISC |
dataease -- dataease | Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5. | 2023-03-24 | not yet calculated | CVE-2023-28435 MISC MISC |
dataease -- dataease | Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds. | 2023-03-25 | not yet calculated | CVE-2023-28437 MISC MISC MISC |
datagear -- datagear | A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. This affects an unknown part of the file /analysisProject/pagingQueryData. The manipulation of the argument queryOrder leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223563. | 2023-03-22 | not yet calculated | CVE-2023-1571 MISC MISC MISC |
datagear -- datagear | A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. This issue affects some unknown processing of the component Graph Dataset Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.12.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-223565 was assigned to this vulnerability. | 2023-03-22 | not yet calculated | CVE-2023-1573 MISC MISC MISC MISC |
dek-1705 -- dek-1705 | DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability. | 2023-03-24 | not yet calculated | CVE-2023-23149 MISC |
deno -- deno | Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `--v8-flags=--no-harmony-rab-gsab` to disable resizable ArrayBuffers. | 2023-03-24 | not yet calculated | CVE-2023-28445 MISC MISC MISC |
deno -- deno | Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2. | 2023-03-24 | not yet calculated | CVE-2023-28446 MISC MISC MISC |
dino -- dino | Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information. | 2023-03-24 | not yet calculated | CVE-2023-28686 CONFIRM |
directus -- directus | Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3. | 2023-03-24 | not yet calculated | CVE-2023-28443 MISC MISC MISC |
extplorer -- extplorer | Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent | 2023-03-21 | not yet calculated | CVE-2023-27842 MISC MISC MISC MISC MISC |
faveo -- faveo | Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 2023-03-24 | not yet calculated | CVE-2023-24625 MISC MISC MISC |
faveo_helpdesk -- faveo_helpdesk | Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user's input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection. | 2023-03-24 | not yet calculated | CVE-2023-25350 MISC MISC |
general_bytes -- crypto_application_server | General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44. | 2023-03-22 | not yet calculated | CVE-2023-28725 MISC MISC MISC MISC MISC MISC MISC |
geonode -- geonode | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the `/geoserver/rest/about/status` Geoserver REST API endpoint. The Geoserver endpoint is secured by default, but the configuration of Geoserver for GeoNode opens a list of REST endpoints to support some of its public-facing services. The vulnerability impacts both GeoNode 3 and GeoNode 4 instances. Geoserver security configuration is provided by `geoserver-geonode-ext`. A patch for 2.20.7 has been released which blocks access to the affected endpoint. The patch has been backported to branches 2.20.6, 2.19.7, 2.19.6, and 2.18.7. All the published artifacts and Docker images have been updated accordingly. A more advanced patch has been applied to the master and development versions, which require some changes to GeoNode code. They will be available with the next 4.1.0 release. The patched configuration only has an effect on new deployments. For existing setups, the patch must be applied manually inside the Geoserver data directory. The patched file must replace the existing `<geoserver_datadir>/security/rest.properties` file. | 2023-03-24 | not yet calculated | CVE-2023-28442 MISC MISC MISC |
github -- codeserver | Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Exploiting this vulnerability can allow an adversary in specific scenarios to access data from and connect to the code-server instance. | 2023-03-23 | not yet calculated | CVE-2023-26114 MISC MISC MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029965 | 2023-03-24 | not yet calculated | CVE-2023-21007 MISC |
google -- android | In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21079 MISC |
google -- android | In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 | 2023-03-24 | not yet calculated | CVE-2022-20467 MISC |
google -- android | In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931 | 2023-03-24 | not yet calculated | CVE-2022-20499 MISC |
google -- android | In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894 | 2023-03-24 | not yet calculated | CVE-2022-20532 MISC |
google -- android | In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083570 | 2023-03-24 | not yet calculated | CVE-2022-20542 MISC |
google -- android | In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A | 2023-03-24 | not yet calculated | CVE-2022-42498 MISC |
google -- android | In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/A | 2023-03-24 | not yet calculated | CVE-2022-42499 MISC |
google -- android | In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A | 2023-03-24 | not yet calculated | CVE-2022-42500 MISC |
google -- android | In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242203672References: N/A | 2023-03-24 | not yet calculated | CVE-2022-42528 MISC |
google -- android | In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577 | 2023-03-24 | not yet calculated | CVE-2023-20906 MISC |
google -- android | In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245299920 | 2023-03-24 | not yet calculated | CVE-2023-20910 MISC |
google -- android | In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498 | 2023-03-24 | not yet calculated | CVE-2023-20911 MISC |
google -- android | In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242605257 | 2023-03-24 | not yet calculated | CVE-2023-20917 MISC |
google -- android | In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058 | 2023-03-24 | not yet calculated | CVE-2023-20926 MISC |
google -- android | In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700 | 2023-03-24 | not yet calculated | CVE-2023-20929 MISC |
google -- android | In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242535997 | 2023-03-24 | not yet calculated | CVE-2023-20931 MISC |
google -- android | In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-226927612 | 2023-03-24 | not yet calculated | CVE-2023-20936 MISC |
google -- android | In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237405974 | 2023-03-24 | not yet calculated | CVE-2023-20947 MISC |
google -- android | In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631 | 2023-03-24 | not yet calculated | CVE-2023-20951 MISC |
google -- android | In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518 | 2023-03-24 | not yet calculated | CVE-2023-20952 MISC |
google -- android | In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251778420 | 2023-03-24 | not yet calculated | CVE-2023-20953 MISC |
google -- android | In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748 | 2023-03-24 | not yet calculated | CVE-2023-20954 MISC |
google -- android | In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813 | 2023-03-24 | not yet calculated | CVE-2023-20955 MISC |
google -- android | In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240140929 | 2023-03-24 | not yet calculated | CVE-2023-20956 MISC |
google -- android | In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561 | 2023-03-24 | not yet calculated | CVE-2023-20957 MISC |
google -- android | In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254803162 | 2023-03-24 | not yet calculated | CVE-2023-20958 MISC |
google -- android | In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848 | 2023-03-24 | not yet calculated | CVE-2023-20959 MISC |
google -- android | In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-250589026 | 2023-03-24 | not yet calculated | CVE-2023-20960 MISC |
google -- android | In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 | 2023-03-24 | not yet calculated | CVE-2023-20962 MISC |
google -- android | In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519 | 2023-03-24 | not yet calculated | CVE-2023-20963 MISC |
google -- android | In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | 2023-03-24 | not yet calculated | CVE-2023-20964 MISC |
google -- android | In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242299736 | 2023-03-24 | not yet calculated | CVE-2023-20966 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935 | 2023-03-24 | not yet calculated | CVE-2023-20968 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236313 | 2023-03-24 | not yet calculated | CVE-2023-20969 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236005 | 2023-03-24 | not yet calculated | CVE-2023-20970 MISC |
google -- android | In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permission without the user's consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225880325 | 2023-03-24 | not yet calculated | CVE-2023-20971 MISC |
google -- android | In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304665 | 2023-03-24 | not yet calculated | CVE-2023-20972 MISC |
google -- android | In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568245 | 2023-03-24 | not yet calculated | CVE-2023-20973 MISC |
google -- android | In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260078907 | 2023-03-24 | not yet calculated | CVE-2023-20974 MISC |
google -- android | In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776 | 2023-03-24 | not yet calculated | CVE-2023-20975 MISC |
google -- android | In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246 | 2023-03-24 | not yet calculated | CVE-2023-20976 MISC |
google -- android | In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445952 | 2023-03-24 | not yet calculated | CVE-2023-20977 MISC |
google -- android | In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364 | 2023-03-24 | not yet calculated | CVE-2023-20979 MISC |
google -- android | In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260230274 | 2023-03-24 | not yet calculated | CVE-2023-20980 MISC |
google -- android | In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737 | 2023-03-24 | not yet calculated | CVE-2023-20981 MISC |
google -- android | In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083 | 2023-03-24 | not yet calculated | CVE-2023-20982 MISC |
google -- android | In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449 | 2023-03-24 | not yet calculated | CVE-2023-20983 MISC |
google -- android | In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878 | 2023-03-24 | not yet calculated | CVE-2023-20984 MISC |
google -- android | In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245915315 | 2023-03-24 | not yet calculated | CVE-2023-20985 MISC |
google -- android | In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475 | 2023-03-24 | not yet calculated | CVE-2023-20986 MISC |
google -- android | In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569414 | 2023-03-24 | not yet calculated | CVE-2023-20987 MISC |
google -- android | In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569232 | 2023-03-24 | not yet calculated | CVE-2023-20988 MISC |
google -- android | In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568367 | 2023-03-24 | not yet calculated | CVE-2023-20989 MISC |
google -- android | In btm_read_local_oob_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568354 | 2023-03-24 | not yet calculated | CVE-2023-20990 MISC |
google -- android | In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114 | 2023-03-24 | not yet calculated | CVE-2023-20991 MISC |
google -- android | In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568750 | 2023-03-24 | not yet calculated | CVE-2023-20992 MISC |
google -- android | In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261588851 | 2023-03-24 | not yet calculated | CVE-2023-20993 MISC |
google -- android | In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259062118 | 2023-03-24 | not yet calculated | CVE-2023-20994 MISC |
google -- android | In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279 | 2023-03-24 | not yet calculated | CVE-2023-20995 MISC |
google -- android | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764 | 2023-03-24 | not yet calculated | CVE-2023-20996 MISC |
google -- android | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702 | 2023-03-24 | not yet calculated | CVE-2023-20997 MISC |
google -- android | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936 | 2023-03-24 | not yet calculated | CVE-2023-20998 MISC |
google -- android | In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246750467 | 2023-03-24 | not yet calculated | CVE-2023-20999 MISC |
google -- android | In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918 | 2023-03-24 | not yet calculated | CVE-2023-21000 MISC |
google -- android | In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190 | 2023-03-24 | not yet calculated | CVE-2023-21001 MISC |
google -- android | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935 | 2023-03-24 | not yet calculated | CVE-2023-21002 MISC |
google -- android | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711 | 2023-03-24 | not yet calculated | CVE-2023-21003 MISC |
google -- android | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664 | 2023-03-24 | not yet calculated | CVE-2023-21004 MISC |
google -- android | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946 | 2023-03-24 | not yet calculated | CVE-2023-21005 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030027 | 2023-03-24 | not yet calculated | CVE-2023-21006 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100 | 2023-03-24 | not yet calculated | CVE-2023-21008 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029925 | 2023-03-24 | not yet calculated | CVE-2023-21009 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029915 | 2023-03-24 | not yet calculated | CVE-2023-21010 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029912 | 2023-03-24 | not yet calculated | CVE-2023-21011 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029812 | 2023-03-24 | not yet calculated | CVE-2023-21012 MISC |
google -- android | In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256818945 | 2023-03-24 | not yet calculated | CVE-2023-21013 MISC |
google -- android | In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326 | 2023-03-24 | not yet calculated | CVE-2023-21014 MISC |
google -- android | In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778 | 2023-03-24 | not yet calculated | CVE-2023-21015 MISC |
google -- android | In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213905884 | 2023-03-24 | not yet calculated | CVE-2023-21016 MISC |
google -- android | In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884 | 2023-03-24 | not yet calculated | CVE-2023-21017 MISC |
google -- android | In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233338564 | 2023-03-24 | not yet calculated | CVE-2023-21018 MISC |
google -- android | In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242379731 | 2023-03-24 | not yet calculated | CVE-2023-21019 MISC |
google -- android | In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256591441 | 2023-03-24 | not yet calculated | CVE-2023-21020 MISC |
google -- android | In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598 | 2023-03-24 | not yet calculated | CVE-2023-21021 MISC |
google -- android | In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236098131 | 2023-03-24 | not yet calculated | CVE-2023-21022 MISC |
google -- android | In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238 | 2023-03-24 | not yet calculated | CVE-2023-21024 MISC |
google -- android | In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254929746 | 2023-03-24 | not yet calculated | CVE-2023-21025 MISC |
google -- android | In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548 | 2023-03-24 | not yet calculated | CVE-2023-21026 MISC |
google -- android | In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451 | 2023-03-24 | not yet calculated | CVE-2023-21027 MISC |
google -- android | In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180680572 | 2023-03-24 | not yet calculated | CVE-2023-21028 MISC |
google -- android | In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898 | 2023-03-24 | not yet calculated | CVE-2023-21029 MISC |
google -- android | In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140 | 2023-03-24 | not yet calculated | CVE-2023-21030 MISC |
google -- android | In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355 | 2023-03-24 | not yet calculated | CVE-2023-21031 MISC |
google -- android | In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-248085351 | 2023-03-24 | not yet calculated | CVE-2023-21032 MISC |
google -- android | In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323 | 2023-03-24 | not yet calculated | CVE-2023-21033 MISC |
google -- android | In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834 | 2023-03-24 | not yet calculated | CVE-2023-21034 MISC |
google -- android | In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040 | 2023-03-24 | not yet calculated | CVE-2023-21035 MISC |
google -- android | In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21036 MISC |
google -- android | In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21038 MISC |
google -- android | In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21039 MISC |
google -- android | In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21040 MISC |
google -- android | In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21041 MISC |
google -- android | In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21042 MISC |
google -- android | In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21043 MISC |
google -- android | In init of VendorGraphicBufferMeta, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253425086References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21044 MISC |
google -- android | When cpif handles probe failures, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323725References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21045 MISC |
google -- android | In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253424924References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21046 MISC |
google -- android | In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-256166866References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21047 MISC |
google -- android | In handleEvent of nan.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259304053References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21048 MISC |
google -- android | In append_camera_metadata of camera_metadata.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236688120References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21049 MISC |
google -- android | In load_png_image of ExynosHWCHelper.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244423702References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21050 MISC |
google -- android | In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323322References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21051 MISC |
google -- android | In setToExternal of ril_external_client.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259063189References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21052 MISC |
google -- android | In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-251805610References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21053 MISC |
google -- android | In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244556535References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21054 MISC |
google -- android | In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21055 MISC |
google -- android | In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21056 MISC |
google -- android | In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21057 MISC |
google -- android | In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21058 MISC |
google -- android | In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21059 MISC |
google -- android | In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21060 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21061 MISC |
google -- android | In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21062 MISC |
google -- android | In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21063 MISC |
google -- android | In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21064 MISC |
google -- android | In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21065 MISC |
google -- android | Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21067 MISC |
google -- android | In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21068 MISC |
google -- android | In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254029309References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21069 MISC |
google -- android | In add_roam_cache_list of wl_roam.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028776References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21070 MISC |
google -- android | In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028518References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21071 MISC |
google -- android | In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21072 MISC |
google -- android | In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290396References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21073 MISC |
google -- android | In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857862References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21075 MISC |
google -- android | In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21076 MISC |
google -- android | In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257289560References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21077 MISC |
google -- android | In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/A | 2023-03-24 | not yet calculated | CVE-2023-21078 MISC |
gophish -- gophish | Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | 2023-03-22 | not yet calculated | CVE-2022-45003 MISC MISC |
gophish -- gophish | Gophish through 0.12.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted landing page. | 2023-03-22 | not yet calculated | CVE-2022-45004 MISC MISC |
grafana -- graphite_functiondescription_tooltip | Grafana is an open-source platform for monitoring and observability. Grafana had a stored XSS vulnerability in the Graphite FunctionDescription tooltip. The stored XSS vulnerability was possible due the value of the Function Description was not properly sanitized. An attacker needs to have control over the Graphite data source in order to manipulate a function description and a Grafana admin needs to configure the data source, later a Grafana user needs to select a tampered function and hover over the description. Users may upgrade to version 8.5.22, 9.2.15 and 9.3.11 to receive a fix. | 2023-03-23 | not yet calculated | CVE-2023-1410 MISC MISC |
grinnellplans-php -- grinnellplans-php | A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability. | 2023-03-25 | not yet calculated | CVE-2015-10097 MISC MISC MISC |
haproxy -- haproxy | An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. This issue could allow an authenticated remote attacker to run a specially crafted malicious server in an OpenShift cluster. The biggest impact is to availability. | 2023-03-23 | not yet calculated | CVE-2023-0056 MISC |
hewlett_packard_enterprise -- flexfabric_5700_switch_series | Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | 2023-03-22 | not yet calculated | CVE-2022-37940 MISC |
hpe -- aruba_clearpass_policy_manager | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | 2023-03-22 | not yet calculated | CVE-2023-25589 MISC |
hpe -- aruba_clearpass_policy_manager | A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance. | 2023-03-22 | not yet calculated | CVE-2023-25590 MISC |
hpe -- aruba_clearpass_policy_manager | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further privileges on the ClearPass instance. | 2023-03-22 | not yet calculated | CVE-2023-25591 MISC |
hpe -- aruba_clearpass_policy_manager | Vulnerabilities within the web-based management interface of ClearPass Policy Manager could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | 2023-03-22 | not yet calculated | CVE-2023-25592 MISC |
hpe -- aruba_clearpass_policy_manager | A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment. | 2023-03-22 | not yet calculated | CVE-2023-25595 MISC |
hpe -- aruba_clearpass_policy_manager | A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | 2023-03-22 | not yet calculated | CVE-2023-25596 MISC |
ibm -- qradar_siem | IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | 2023-03-22 | not yet calculated | CVE-2022-43863 MISC MISC |
imagemagick -- imagemagick | A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. In a denial of service attack, if a remote attacker uploads an SVG file of size t, ImageMagick generates files of size 103*t. If an attacker uploads a 100M SVG, the server will generate about 10G. | 2023-03-23 | not yet calculated | CVE-2023-1289 MISC MISC MISC |
independentsoft -- jodf | An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | 2023-03-24 | not yet calculated | CVE-2023-28150 MISC MISC |
independentsoft -- jspreadsheet | An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | 2023-03-24 | not yet calculated | CVE-2023-28151 MISC MISC |
independentsoft -- jword | An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file. | 2023-03-24 | not yet calculated | CVE-2023-28152 MISC MISC |
invernyx -- smartcars3 | smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn't occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly. | 2023-03-24 | not yet calculated | CVE-2023-28441 MISC |
is_decisions -- userlock_mfa | IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task. | 2023-03-23 | not yet calculated | CVE-2023-23192 MISC MISC |
ixpmanager -- ixpmanager | Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary code via the looking glass component. | 2023-03-23 | not yet calculated | CVE-2020-24857 MISC MISC |
jettison -- jettison | An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This leads to a StackOverflowError exception being thrown. | 2023-03-22 | not yet calculated | CVE-2023-1436 MISC |
jianming -- antivirus | A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224008. | 2023-03-25 | not yet calculated | CVE-2023-1626 MISC MISC MISC MISC |
jianming -- antivirus | A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been rated as problematic. This issue affects some unknown processing in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-224009 was assigned to this vulnerability. | 2023-03-25 | not yet calculated | CVE-2023-1627 MISC MISC MISC MISC |
jianming -- antivirus | A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability. | 2023-03-25 | not yet calculated | CVE-2023-1628 MISC MISC MISC MISC |
jianming -- antivirus | A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011. | 2023-03-25 | not yet calculated | CVE-2023-1629 MISC MISC MISC MISC |
jianming -- antivirus | A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012. | 2023-03-25 | not yet calculated | CVE-2023-1630 MISC MISC MISC MISC |
jianming -- antivirus | A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability. | 2023-03-25 | not yet calculated | CVE-2023-1631 MISC MISC MISC MISC |
json_smart -- json_smart | [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. | 2023-03-22 | not yet calculated | CVE-2023-1370 MISC |
lightcms -- lightcms | LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. | 2023-03-22 | not yet calculated | CVE-2023-27060 MISC MISC |
linux -- kernel | An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference. | 2023-03-24 | not yet calculated | CVE-2020-36691 MISC MISC |
linux -- kernel | A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | 2023-03-22 | not yet calculated | CVE-2023-0386 MISC |
linux -- kernel | A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. | 2023-03-23 | not yet calculated | CVE-2023-0590 MISC |
linux -- kernel | A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. | 2023-03-23 | not yet calculated | CVE-2023-1249 MISC |
linux -- kernel | A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected. | 2023-03-23 | not yet calculated | CVE-2023-1252 MISC |
linux -- kernel | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | 2023-03-23 | not yet calculated | CVE-2023-1513 MISC MISC MISC |
linux -- kernel | A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash. | 2023-03-24 | not yet calculated | CVE-2023-1583 MISC |
linux -- kernel | An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. | 2023-03-23 | not yet calculated | CVE-2023-28772 MISC MISC MISC MISC |
mcafee -- total_protection | McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. | 2023-03-21 | not yet calculated | CVE-2023-25134 MISC MISC |
mgt-commerce -- cloudpanel | MGT-COMMERCE CloudPanel ships with a static SSL certificate to encrypt communications to the administrative interface, shared across every installation of CloudPanel. This behavior was observed in version 2.2.0. There has been no indication from the vendor this has been addressed in version 2.2.1. | 2023-03-21 | not yet calculated | CVE-2023-0391 MISC MISC |
microsoft -- malwarebytes | In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. It can also lead to privilege escalation in certain scenarios. | 2023-03-23 | not yet calculated | CVE-2023-26088 MISC MISC |
minio -- minio | Minio is a Multi-Cloud Object Storage framework. All users on Windows prior to version RELEASE.2023-03-20T20-16-18Z are impacted. MinIO fails to filter the `\` character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to `PutObject` in a specific bucket, can create an admin user. This issue is patched in RELEASE.2023-03-20T20-16-18Z. There are no known workarounds. | 2023-03-22 | not yet calculated | CVE-2023-28433 MISC MISC MISC MISC |
minio -- minio | Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. | 2023-03-22 | not yet calculated | CVE-2023-28434 MISC MISC MISC |
mirotalk -- mirotalk | A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the settings module. | 2023-03-22 | not yet calculated | CVE-2023-27054 MISC MISC MISC |
mlflow -- mlflow | Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. | 2023-03-24 | not yet calculated | CVE-2023-1176 CONFIRM MISC |
mlflow -- mlflow | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 2023-03-24 | not yet calculated | CVE-2023-1177 CONFIRM MISC |
moodle -- moodle | In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt. | 2023-03-24 | not yet calculated | CVE-2022-40208 MISC |
moodle -- moodle | The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | 2023-03-23 | not yet calculated | CVE-2023-1402 MISC |
moodle -- moodle | The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). | 2023-03-23 | not yet calculated | CVE-2023-28333 MISC |
moodle -- moodle | Authenticated users were able to enumerate other users' names via the learning plans page. | 2023-03-23 | not yet calculated | CVE-2023-28334 MISC |
moodle -- moodle | The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. | 2023-03-23 | not yet calculated | CVE-2023-28335 MISC |
moodle -- moodle | Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | 2023-03-23 | not yet calculated | CVE-2023-28336 MISC |
moodle -- moodle | Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). | 2023-03-23 | not yet calculated | CVE-2023-28329 MISC |
moodle -- moodle | Insufficient sanitizing in backup resulted in an arbitrary file read risk. The capability to access this feature is only available to teachers, managers and admins by default. | 2023-03-23 | not yet calculated | CVE-2023-28330 MISC |
moodle -- moodle | Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. | 2023-03-23 | not yet calculated | CVE-2023-28331 MISC |
moodle -- moodle | If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. | 2023-03-23 | not yet calculated | CVE-2023-28332 MISC |
multiple_vendors -- multiple_products | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | 2023-03-22 | not yet calculated | CVE-2022-45634 MISC MISC |
multiple_vendors -- multiple_products | An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows attacker to gain access to sensitive account information via insecure password policy. | 2023-03-21 | not yet calculated | CVE-2022-45635 MISC |
multiple_vendors -- multiple_products | An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. | 2023-03-21 | not yet calculated | CVE-2022-45637 MISC |
netgate -- pfsense | Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force protection mechanisms via crafted web requests. | 2023-03-22 | not yet calculated | CVE-2023-27100 MISC MISC |
nextcloud -- nextcloud_server | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enterprise Server versions 25.0.x prior to 25.0.4, 24.0.x prior to 24.0.10, 23.0.x prior to 23.0.12.5, 22.x prior to 22.2.0.10, and 21.x prior to 21.0.9.10, when an attacker gets access to an already logged in user session they can then brute force the password on the confirmation endpoint. Nextcloud Server should upgraded to 24.0.10 or 25.0.4 and Nextcloud Enterprise Server should upgraded to 21.0.9.10, 22.2.10.10, 23.0.12.5, 24.0.10, or 25.0.4 to receive a patch. No known workarounds are available. | 2023-03-22 | not yet calculated | CVE-2023-25820 MISC MISC MISC |
nginx -- nginx_proxy_manager | An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. | 2023-03-22 | not yet calculated | CVE-2023-27224 MISC MISC |
notrinoserp -- notrinoserp | RESERVED NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. | 2023-03-23 | not yet calculated | CVE-2023-24788 MISC MISC MISC MISC |
novel-plus -- novel-plus | A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1594 MISC MISC MISC |
novel-plus -- novel-plus | A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663. | 2023-03-23 | not yet calculated | CVE-2023-1595 MISC MISC MISC |
novel-plus -- novel-plus | A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderby leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223736. | 2023-03-23 | not yet calculated | CVE-2023-1606 MISC MISC MISC |
novel-plus -- novel-plus | A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1607 MISC MISC MISC |
omicron_energy -- multiple_products | The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system. | 2023-03-23 | not yet calculated | CVE-2023-28610 MISC MISC |
omicron_energy -- multiple_products | Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. | 2023-03-23 | not yet calculated | CVE-2023-28611 MISC MISC |
onlyoffice -- docs | ONLYOFFICE Docs through 7.3 on certain Linux distributions allows local users to gain privileges via a Trojan horse libgcc_s.so.1 in the current working directory, which may be any directory in which an ONLYOFFICE document is located. | 2023-03-19 | not yet calculated | CVE-2022-48422 MISC |
opengoofy -- hippo4j | An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. | 2023-03-23 | not yet calculated | CVE-2023-27094 MISC |
opennms -- multiple_products | A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet. | 2023-03-22 | not yet calculated | CVE-2023-0870 MISC MISC |
openssl -- openssl | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | 2023-03-22 | not yet calculated | CVE-2023-0464 MISC MISC MISC MISC MISC |
otcms -- otcms | A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016. | 2023-03-25 | not yet calculated | CVE-2023-1634 MISC MISC MISC |
otcms -- otcms | A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability. | 2023-03-25 | not yet calculated | CVE-2023-1635 MISC MISC MISC |
parity -- frontier | Frontier is an Ethereum compatibility layer for Substrate. Frontier's `modexp` precompile uses `num-bigint` crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost discrepancy was not accounted for in the `modexp` precompile, leading to possible denial of service attacks. No fixes for `num-bigint` are currently available, and thus this issue is fixed in the short term by raising the gas costs for even modulus, and in the long term fixing it in `num-bigint` or switching to another modexp implementation. The short-term fix for Frontier is deployed at pull request 1017. There are no known workarounds aside from applying the fix. | 2023-03-22 | not yet calculated | CVE-2023-28431 MISC MISC MISC MISC |
parity -- frontier | Minio is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including `MINIO_SECRET_KEY` and `MINIO_ROOT_PASSWORD`, resulting in information disclosure. All users of distributed deployment are impacted. All users are advised to upgrade to RELEASE.2023-03-20T20-16-18Z. | 2023-03-22 | not yet calculated | CVE-2023-28432 MISC MISC MISC MISC MISC |
pimcore -- pimcore | Pimcore is an open source data and experience management platform. Prior to version 10.5.19, since a user with 'report' permission can already write arbitrary SQL queries and given the fact that this endpoint is using the GET method (no CSRF protection), an attacker can inject an arbitrary query by manipulating a user to click on a link. Users should upgrade to version 10.5.19 to receive a patch or, as a workaround, may apply the patch manually. | 2023-03-22 | not yet calculated | CVE-2023-28438 MISC MISC MISC |
prestashop -- jmsblog | PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-27034 MISC |
prestashop -- smplredirectionsmanager | SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent. | 2023-03-24 | not yet calculated | CVE-2023-26864 MISC |
radareorg -- radare2 | Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. | 2023-03-23 | not yet calculated | CVE-2023-1605 MISC CONFIRM |
rapid7 -- insightcloudsec | An authenticated attacker can leverage an exposed getattr() method via a Jinja template to smuggle OS commands and perform other actions that are normally expected to be private methods. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | 2023-03-21 | not yet calculated | CVE-2023-1304 MISC MISC |
rapid7 -- insightcloudsec | An authenticated attacker can leverage an exposed “box” object to read and write arbitrary files from disk, provided those files can be parsed as yaml or JSON. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | 2023-03-21 | not yet calculated | CVE-2023-1305 MISC MISC |
rapid7 -- insightcloudsec | An authenticated attacker can leverage an exposed resource.db() accessor method to smuggle Python method calls via a Jinja template, which can lead to code execution. This issue was resolved in the Managed and SaaS deployments on February 1, 2023, and in version 23.2.1 of the Self-Managed version of InsightCloudSec. | 2023-03-21 | not yet calculated | CVE-2023-1306 MISC MISC |
rapid7 -- insightvm | Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638. | 2023-03-24 | not yet calculated | CVE-2021-3844 MISC MISC |
rebuild -- rebuild | A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1610 MISC MISC MISC |
rebuild -- rebuild | A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743. | 2023-03-23 | not yet calculated | CVE-2023-1612 MISC MISC MISC |
rebuild -- rebuild | A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-223744. | 2023-03-23 | not yet calculated | CVE-2023-1613 MISC MISC MISC |
rizin -- rizin | A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function. | 2023-03-24 | not yet calculated | CVE-2021-3674 MISC MISC |
rockwell_automation -- thinmanager_thinserver | In affected versions, a heap-based buffer over-read condition occurs when the message field indicates more data than is present in the message field in Rockwell Automation's ThinManager ThinServer. An unauthenticated remote attacker can exploit this vulnerability to crash ThinServer.exe due to a read access violation. | 2023-03-22 | not yet calculated | CVE-2023-27857 MISC |
sandisk -- privateaccess | SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data. | 2023-03-24 | not yet calculated | CVE-2023-22812 MISC |
schneider_electric -- multiple_products | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss of data when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | not yet calculated | CVE-2023-27977 MISC |
schneider_electric -- multiple_products | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to denial of service when an attacker sends specific crafted messages to the Data Server TCP port. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | not yet calculated | CVE-2023-27979 MISC |
schneider_electric -- multiple_products | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would lead to loss of data when an attacker abuses this functionality. Affected Products: IGSS Data Server(IGSSdataServer.exe)(V16.0.0.23040 and prior), IGSS Dashboard(DashBoard.exe)(V16.0.0.23040 and prior), Custom Reports(RMS16.dll)(V16.0.0.23040 and prior). | 2023-03-21 | not yet calculated | CVE-2023-27983 CONFIRM |
sentry -- sentry-python | Sentry SDK is the official Python SDK for Sentry, real-time crash reporting software. When using the Django integration of versions prior to 1.14.0 of the Sentry SDK in a specific configuration it is possible to leak sensitive cookies values, including the session cookie to Sentry. These sensitive cookies could then be used by someone with access to your Sentry issues to impersonate or escalate their privileges within your application. In order for these sensitive values to be leaked, the Sentry SDK configuration must have `sendDefaultPII` set to `True`; one must use a custom name for either `SESSION_COOKIE_NAME` or `CSRF_COOKIE_NAME` in one's Django settings; and one must not be configured in one's organization or project settings to use Sentry's data scrubbing features to account for the custom cookie names. As of version 1.14.0, the Django integration of the `sentry-sdk` will detect the custom cookie names based on one's Django settings and will remove the values from the payload before sending the data to Sentry. As a workaround, use the SDK's filtering mechanism to remove the cookies from the payload that is sent to Sentry. For error events, this can be done with the `before_send` callback method and for performance related events (transactions) one can use the `before_send_transaction` callback method. Those who want to handle filtering of these values on the server-side can also use Sentry's advanced data scrubbing feature to account for the custom cookie names. Look for the `$http.cookies`, `$http.headers`, `$request.cookies`, or `$request.headers` fields to target with a scrubbing rule. | 2023-03-22 | not yet calculated | CVE-2023-28117 MISC MISC MISC |
silicon_labs -- wi-sun_linux_border_router | Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. | 2023-03-21 | not yet calculated | CVE-2023-1262 MISC MISC |
silicon_labs -- wi-sun_sdk | Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. | 2023-03-21 | not yet calculated | CVE-2023-1261 MISC MISC |
softmaker -- softmaker | A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. | 2023-03-23 | not yet calculated | CVE-2023-24295 MISC |
sourcecodester -- automatic_question_paper_generator_system | A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. This affects an unknown part of the file classes/Users.php?f=save_ruser. The manipulation of the argument id/email leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-223659. | 2023-03-23 | not yet calculated | CVE-2023-1591 MISC MISC |
sourcecodester -- automatic_question_paper_generator_system | A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. This vulnerability affects unknown code of the file admin/courses/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-223660. | 2023-03-23 | not yet calculated | CVE-2023-1592 MISC MISC |
sourcecodester -- automatic_question_paper_generator_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_class. The manipulation of the argument description leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-223661 was assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1593 MISC MISC |
sourcecodester -- loan_management_sysem | SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module. | 2023-03-24 | not yet calculated | CVE-2023-27242 MISC MISC |
sourcecodester -- online_tours_&_travels_management_system | A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This vulnerability affects the function exec of the file admin/operations/approve_delete.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223654 is the identifier assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1589 MISC MISC MISC |
sourcecodester -- online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file admin/operations/currency.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223655. | 2023-03-23 | not yet calculated | CVE-2023-1590 MISC MISC MISC |
sourcecodester -- simple_customer_relationship_management_system | Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. | 2023-03-23 | not yet calculated | CVE-2023-24655 MISC MISC MISC |
swftools -- swfdump | swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. | 2023-03-23 | not yet calculated | CVE-2023-27249 MISC MISC MISC MISC MISC |
syoyo -- tinydng | A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function __interceptor_memcpy of the file tiny_dng_loader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is recommended to apply a patch to fix this issue. VDB-223562 is the identifier assigned to this vulnerability. | 2023-03-22 | not yet calculated | CVE-2023-1570 MISC MISC MISC MISC MISC |
tailscale -- tailscale | Tailscale is software for using Wireguard and multi-factor authentication (MFA). A vulnerability identified in the implementation of Tailscale SSH starting in version 1.34.0 and prior to prior to 1.38.2 in FreeBSD allows commands to be run with a higher privilege group ID than that specified in Tailscale SSH access rules. A difference in the behavior of the FreeBSD `setgroups` system call from POSIX meant that the Tailscale client running on a FreeBSD-based operating system did not appropriately restrict groups on the host when using Tailscale SSH. When accessing a FreeBSD host over Tailscale SSH, the egid of the tailscaled process was used instead of that of the user specified in Tailscale SSH access rules. Tailscale SSH commands may have been run with a higher privilege group ID than that specified in Tailscale SSH access rules if they met all of the following criteria: the destination node was a FreeBSD device with Tailscale SSH enabled; Tailscale SSH access rules permitted access for non-root users; and a non-interactive SSH session was used. Affected users should upgrade to version 1.38.2 to remediate the issue. | 2023-03-23 | not yet calculated | CVE-2023-28436 MISC MISC MISC MISC |
temenos -- t24 | Temenos T24 Release 20 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the routineName parameter at genrequest.jsp. | 2023-03-23 | not yet calculated | CVE-2023-24367 MISC MISC |
tenda -- g103 | Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package | 2023-03-23 | not yet calculated | CVE-2023-27079 MISC |
tenda --ax3 | Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg. | 2023-03-24 | not yet calculated | CVE-2023-27042 MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25662 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25663 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25664 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25666 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25667 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25668 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25669 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25670 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25671 MISC MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25672 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25673 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25674 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25675 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25676 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25801 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25658 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25659 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-25660 MISC MISC |
tensorflow -- tensorflow | TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1. | 2023-03-25 | not yet calculated | CVE-2023-27579 MISC MISC |
totolink -- a7100ru | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. | 2023-03-23 | not yet calculated | CVE-2023-27135 MISC |
totolink -- cp900 | A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, | 2023-03-23 | not yet calculated | CVE-2022-28493 MISC |
totolink -- cpe | TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. | 2023-03-23 | not yet calculated | CVE-2022-28492 MISC MISC |
totolink -- cpe_cp900 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 contains a command injection vulnerability in the NTPSyncWithHost function via the host_name parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2023-03-23 | not yet calculated | CVE-2022-28491 MISC MISC |
totolink -- outdoor_cpe_cp900 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setUpgradeFW function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2023-03-23 | not yet calculated | CVE-2022-28494 MISC MISC |
totolink -- outdoor_cpe_cp900 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2023-03-24 | not yet calculated | CVE-2022-28495 MISC MISC |
totolink -- outdoor_cpe_cp900 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 discovered to contain a command injection vulnerability in the setPasswordCfg function via the adminuser and adminpassparameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2023-03-23 | not yet calculated | CVE-2022-28496 MISC |
totolink -- outdoor_cpe_cp900 | TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the mtd_write_bootloader function via the filename parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2023-03-23 | not yet calculated | CVE-2022-28497 MISC |
tp-link -- mr3020 | A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. | 2023-03-23 | not yet calculated | CVE-2023-27078 MISC |
trendmicro -- trend_micro_endpoint_encryption_full_disk_encryption | A vulnerability in Trend Micro Endpoint Encryption Full Disk Encryption version 6.0.0.3204 and below could allow an attacker with physical access to an affected device to bypass Microsoft Windows? Secure Boot process in an attempt to execute other attacks to obtain access to the contents of the device. An attacker must first obtain physical access to the target system in order to exploit this vulnerability. It is also important to note that the contents of the drive(s) encrypted with TMEE FDE would still be protected and would NOT be accessible by the attacker by exploitation of this vulnerability alone. | 2023-03-22 | not yet calculated | CVE-2023-28005 MISC |
tripleo-ansible -- tripleo-ansible | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file, leading to information disclosure of important configuration details from the OpenStack deployment. | 2023-03-23 | not yet calculated | CVE-2022-3101 MISC |
tripleo-ansible -- tripleo-ansible | A flaw was found in tripleo-ansible. Due to an insecure default configuration, the permissions of a sensitive file are not sufficiently restricted. This flaw allows a local attacker to use brute force to explore the relevant directory and discover the file. This issue leads to information disclosure of important configuration details from the OpenStack deployment. | 2023-03-23 | not yet calculated | CVE-2022-3146 MISC |
ubiquiti -- edge_router_x | A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities. | 2023-03-25 | not yet calculated | CVE-2023-1456 MISC MISC |
upx -- upx | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382. | 2023-03-24 | not yet calculated | CVE-2021-43311 MISC |
upx -- upx | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239. | 2023-03-24 | not yet calculated | CVE-2021-43312 MISC |
upx -- upx | A heap-based buffer overflow was discovered in upx, during the variable 'bucket' points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688. | 2023-03-24 | not yet calculated | CVE-2021-43313 MISC |
upx -- upx | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368 | 2023-03-24 | not yet calculated | CVE-2021-43314 MISC |
upx -- upx | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349 | 2023-03-24 | not yet calculated | CVE-2021-43315 MISC |
upx -- upx | A heap-based buffer overflow was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le64(). | 2023-03-24 | not yet calculated | CVE-2021-43316 MISC |
upx -- upx | A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404 | 2023-03-24 | not yet calculated | CVE-2021-43317 MISC |
veritas -- netbackup_master_server | An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | 2023-03-23 | not yet calculated | CVE-2023-28758 MISC |
veritas -- netbackup_master_server | An issue was discovered in Veritas NetBackup before 10.0. A vulnerability in the way NetBackup validates the path to a DLL prior to loading may allow a lower level user to elevate privileges and compromise the system. | 2023-03-23 | not yet calculated | CVE-2023-28759 MISC |
veritas -- netbackup_master_server | An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors. | 2023-03-24 | not yet calculated | CVE-2023-28818 MISC |
versionize -- versionize | Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise. | 2023-03-24 | not yet calculated | CVE-2023-28448 MISC MISC MISC |
vmware -- paravirtual_rdma_device | A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. This flaw allows a crafted guest driver to allocate and initialize a huge number of page tables to be used as a ring of descriptors for CQ and async events, potentially leading to an out-of-bounds read and crash of QEMU. | 2023-03-23 | not yet calculated | CVE-2023-1544 MISC MISC |
vmware -- spring_vault | In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it attempts to revoke a Vault batch token. | 2023-03-23 | not yet calculated | CVE-2023-20859 MISC |
vmware -- spring_vault | In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. | 2023-03-23 | not yet calculated | CVE-2023-20861 MISC |
vox2mesh -- vox2mesh | vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. The flow allows an attacker to cause a denial of service (abort) via a crafted file. | 2023-03-22 | not yet calculated | CVE-2023-27754 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting vulnerability in Yannick Lefebvre Community Events plugin <= 1.4.8 versions. | 2023-03-23 | not yet calculated | CVE-2022-44742 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | 2023-03-23 | not yet calculated | CVE-2022-45843 MISC |
wordpress -- wordpress | Reflected Cross-Site Scripting (XSS) vulnerability in Blockonomics WordPress Bitcoin Payments – Blockonomics plugin <= 3.5.7 versions. | 2023-03-23 | not yet calculated | CVE-2022-47145 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nasirahmed Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration plugin <= 1.62.0 versions. | 2023-03-23 | not yet calculated | CVE-2022-47173 MISC |
wordpress -- wordpress | Reflected Cross-Site Scripting (XSS) vulnerability in Tussendoor internet & marketing Open RDW kenteken voertuiginformatie plugin <= 2.0.14 versions. | 2023-03-23 | not yet calculated | CVE-2022-47431 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in this.Functional CTT Expresso para WooCommerce plugin <= 3.2.11 versions. | 2023-03-23 | not yet calculated | CVE-2022-47589 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ajay D'Souza Top 10 – Popular posts plugin for WordPress plugin <= 3.2.4 versions. | 2023-03-23 | not yet calculated | CVE-2023-26008 MISC |
wordpress -- wordpress | The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. | 2023-03-22 | not yet calculated | CVE-2023-28659 MISC |
wordpress -- wordpress | The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. | 2023-03-22 | not yet calculated | CVE-2023-28660 MISC |
wordpress -- wordpress | The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. | 2023-03-22 | not yet calculated | CVE-2023-28661 MISC |
wordpress -- wordpress | The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. | 2023-03-22 | not yet calculated | CVE-2023-28662 MISC |
wordpress -- wordpress | The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. | 2023-03-22 | not yet calculated | CVE-2023-28663 MISC |
wordpress -- wordpress | The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the mdf_get_tax_options_in_widget action, which can only be triggered by an authenticated user. | 2023-03-22 | not yet calculated | CVE-2023-28664 MISC |
wordpress -- wordpress | The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user. | 2023-03-22 | not yet calculated | CVE-2023-28665 MISC |
wordpress -- wordpress | The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which can only be triggered by an authenticated user. | 2023-03-22 | not yet calculated | CVE-2023-28666 MISC |
wordpress -- wordpress | The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations / gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present. | 2023-03-22 | not yet calculated | CVE-2023-28667 MISC |
wordpress -- wordpress | Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. | 2023-03-23 | not yet calculated | CVE-2023-22704 MISC |
wordpress -- wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TemplatesNext TemplatesNext ToolKit plugin <= 3.2.7 versions. | 2023-03-23 | not yet calculated | CVE-2023-22712 MISC |
wordpress -- wordpress | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Lester 'GaMerZ' Chan WP-CommentNavi plugin <= 1.12.1 versions. | 2023-03-23 | not yet calculated | CVE-2023-22715 MISC |
wordpress -- wordpress | Auth. (admin+) Cross-Site Scripting vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.35 versions. | 2023-03-23 | not yet calculated | CVE-2023-22716 MISC |
wordpress -- wordpress | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Code Snippets Extension plugin <= 4.0.2 versions. | 2023-03-23 | not yet calculated | CVE-2023-23650 MISC |
wordpress -- wordpress | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files allows Stored XSS via upload of SVG and HTML files. This issue affects Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files plugin <= 2.7.1 versions. | 2023-03-23 | not yet calculated | CVE-2023-23707 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP eBay Product Feeds plugin <= 3.3.1 versions. | 2023-03-23 | not yet calculated | CVE-2023-23722 MISC |
wordpress -- wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Flipclock plugin <= 1.7.4 versions. | 2023-03-23 | not yet calculated | CVE-2023-23728 MISC |
wordpress -- wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Michael Aronoff Very Simple Google Maps plugin <= 2.8.4 versions. | 2023-03-23 | not yet calculated | CVE-2023-23864 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Klaviyo, Inc. Klaviyo plugin <= 3.0.7 versions. | 2023-03-23 | not yet calculated | CVE-2023-25456 MISC |
wordpress -- wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.13 versions. | 2023-03-23 | not yet calculated | CVE-2023-22702 MISC |
wordpress -- wordpress | Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6. versions. | 2023-03-23 | not yet calculated | CVE-2023-28422 MISC |
xen -- xen | x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks. | 2023-03-21 | not yet calculated | CVE-2022-42331 MISC CONFIRM MLIST DEBIAN MISC MISC |
xen -- xen | x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory used for both shadow page tables as well as auxiliary data structures. To migrate or snapshot guests, Xen additionally runs them in so called log-dirty mode. The data structures needed by the log-dirty tracking are part of aformentioned auxiliary data. In order to keep error handling efforts within reasonable bounds, for operations which may require memory allocations shadow mode logic ensures up front that enough memory is available for the worst case requirements. Unfortunately, while page table memory is properly accounted for on the code path requiring the potential establishing of new shadows, demands by the log-dirty infrastructure were not taken into consideration. As a result, just established shadow page tables could be freed again immediately, while other code is still accessing them on the assumption that they would remain allocated. | 2023-03-21 | not yet calculated | CVE-2022-42332 MISC MLIST CONFIRM DEBIAN MISC MISC |
xen -- xen | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). | 2023-03-21 | not yet calculated | CVE-2022-42333 MISC CONFIRM MLIST DEBIAN MISC MISC |
xen -- xen | x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place. While not exposed to the affected guests themselves, the interface specifically exists for domains controlling such guests. This interface may therefore be used by not fully privileged entities, e.g. qemu running deprivileged in Dom0 or qemu running in a so called stub-domain. With this exposure it is an issue that - the number of the such controlled regions was unbounded (CVE-2022-42333), - installation and removal of such regions was not properly serialized (CVE-2022-42334). | 2023-03-21 | not yet calculated | CVE-2022-42334 MISC CONFIRM MLIST DEBIAN MISC MISC |
xiaobingby -- teacms | A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800. | 2023-03-24 | not yet calculated | CVE-2023-1616 MISC MISC MISC |
xpdf -- xpdfreader | xpdf v4.04 was discovered to contain a stack overflow in the component pdftotext. | 2023-03-23 | not yet calculated | CVE-2023-27655 MISC MISC MISC MISC MISC |
xunruicms -- xunruicms | XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. | 2023-03-23 | not yet calculated | CVE-2022-30037 MISC |
zhong_bang -- crmeb_java | A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been declared as critical. This vulnerability affects the function getAdminList of the file /api/admin/store/product/list. The manipulation of the argument cateId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-223738 is the identifier assigned to this vulnerability. | 2023-03-23 | not yet calculated | CVE-2023-1608 MISC MISC MISC |
zhong_bang -- crmeb_java | A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. It has been rated as problematic. This issue affects the function save of the file /api/admin/store/product/save. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223739. | 2023-03-23 | not yet calculated | CVE-2023-1609 MISC MISC MISC |
zoho_ manageengine -- adselfservice_plus | Zoho ManageEngine ADSelfService Plus through 6203 is vulnerable to a brute-force attack that leads to a password reset on IDM applications. | 2023-03-23 | not yet calculated | CVE-2022-36413 MISC |
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.