Vulnerability Summary for the Week of April 10, 2023

Released
Apr 18, 2023
Document ID
SB23-108

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
dts_electronics -- redline_routerAuthentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.2023-04-1410CVE-2023-1803
MISC
dts_electronics -- redline_routerAuthentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.2023-04-1410CVE-2023-1833
MISC
safe-eval_project -- safe-evalAll versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content.2023-04-1110CVE-2023-26121
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability.2023-04-099.8CVE-2012-10011
MISC
MISC
MISC
wordpress -- wordpressA vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability.2023-04-109.8CVE-2015-10100
MISC
MISC
MISC
MISC
apple -- iphone_osA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges2023-04-109.8CVE-2022-46709
MISC
wordpress -- wordpressThe Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module.2023-04-109.8CVE-2023-1478
MISC
tcpdump -- tcpdumpThe SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.2023-04-079.8CVE-2023-1801
MISC
MISC
eskom_computer -- water_metering_softwareImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Computer Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06.2023-04-149.8CVE-2023-1863
MISC
sourcecodester -- simple_and_beautiful_shopping_cart_systemA vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability.2023-04-079.8CVE-2023-1941
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.2023-04-079.8CVE-2023-1942
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability.2023-04-089.8CVE-2023-1951
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.2023-04-089.8CVE-2023-1952
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.2023-04-089.8CVE-2023-1955
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.2023-04-089.8CVE-2023-1958
MISC
MISC
MISC
sourcecodester -- -- online_eyewear_shopA vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability.2023-04-109.8CVE-2023-1969
MISC
MISC
MISC
microsoft -- multiple_productsMicrosoft Message Queuing Remote Code Execution Vulnerability2023-04-119.8CVE-2023-21554
MISC
dlink -- dir-882_a1_firmwareD-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-24797
MISC
MISC
dlink -- dir-878_firmwareD-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-24798
MISC
MISC
dlink -- dir-878_firmwareD-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-24799
MISC
MISC
dlink -- dir-878_firmwareD-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-24800
MISC
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25210
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25211
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25212
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25213
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25214
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25215
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25216
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25217
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25218
MISC
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25219
MISC
tenda -- ac5_firmwareTenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-25220
MISC
MISC
totolink -- a7100ru_firmwareTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.2023-04-079.8CVE-2023-26848
MISC
totolink -- a7100ru_firmwareTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.2023-04-079.8CVE-2023-26978
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27012
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27013
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27014
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27015
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27016
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27017
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27018
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27019
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27020
MISC
tenda -- ac10_firmwareTenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-079.8CVE-2023-27021
MISC
cdesigner_project -- cdesignerPrestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().2023-04-079.8CVE-2023-27033
MISC
MISC
tenda -- g103_firmwareCommand injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter.2023-04-109.8CVE-2023-27076
MISC
gdidees -- gdidees_cmsAn arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file.2023-04-109.8CVE-2023-27178
MISC
MISC
MISC
MISC
apache -- linkisIn Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true`2023-04-109.8CVE-2023-27602
MISC
MISC
apache -- linkisIn Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2.2023-04-109.8CVE-2023-27603
MISC
MISC
apusapps -- launcherAn issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter.2023-04-109.8CVE-2023-27650
MISC
MISC
MISC
dlink -- dir-878_firmwareD-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-099.8CVE-2023-27720
MISC
MISC
microsoft -- windows_server_2008Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2023-04-119.8CVE-2023-28250
MISC
siemens -- multiple_productsA vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device.2023-04-119.8CVE-2023-28489
MISC
apache -- airflow_hive_providerImproper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0.2023-04-079.8CVE-2023-28706
MISC
MISC
MISC
sap -- businessobjects_business_intelligenceAn attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.2023-04-119.8CVE-2023-28765
MISC
MISC
apache -- linkisIn Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.2023-04-109.8CVE-2023-29215
MISC
MISC
apache -- linkisIn Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2.2023-04-109.8CVE-2023-29216
MISC
MISC
progress -- sitefinityAn issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.2023-04-109.8CVE-2023-29375
MISC
MISC
bibliocraftmod -- bibliocraftBiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.2023-04-079.8CVE-2023-29478
MISC
simple_and_beautiful_shopping_cart_system_project -- simple_and_beautiful_shopping_cart_systemA vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316.2023-04-079.1CVE-2023-1940
MISC
MISC
MISC
apache -- linkisIn Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token2023-04-109.1CVE-2023-27987
MISC
MISC
bestwebsoft -- facebook_buttonA vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355.2023-04-108.8CVE-2012-10012
MISC
MISC
MISC
scada-lts -- scada-ltsAn privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.2023-04-108.8CVE-2022-41976
MISC
MISC
MISC
joomunited -- wp_meta_seoThe WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution.2023-04-108.8CVE-2023-1381
MISC
MISC
crocoblock -- jetengine_for_elementorThe JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability.2023-04-108.8CVE-2023-1406
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.2023-04-088.8CVE-2023-1953
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability.2023-04-088.8CVE-2023-1954
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.2023-04-088.8CVE-2023-1956
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.2023-04-088.8CVE-2023-1957
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.2023-04-088.8CVE-2023-1959
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.2023-04-088.8CVE-2023-1960
MISC
MISC
MISC
microsoft -- multiple_productsRemote Procedure Call Runtime Remote Code Execution Vulnerability2023-04-118.8CVE-2023-21727
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24884
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24886
MISC
microsoft -- windows_server_2008Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24887
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24924
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24925
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24926
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24927
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24928
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-24929
MISC
pgyer -- codefevercodefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.2023-04-078.8CVE-2023-26817
MISC
save_your_carts_and_buy_later_or_send_it_project -- save_your_carts_and_buy_later_or_send_itSQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component.2023-04-108.8CVE-2023-26860
MISC
MISC
apple -- safariA use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.2023-04-108.8CVE-2023-28205
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
microsoft -- windows_server_2008Windows Network Load Balancing Remote Code Execution Vulnerability2023-04-118.8CVE-2023-28240
MISC
microsoft -- windows_server_2012Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-118.8CVE-2023-28243
MISC
microsoft -- windows_server_2008Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2023-04-118.8CVE-2023-28275
MISC
microsoft -- multiple_productsWindows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability2023-04-118.8CVE-2023-28297
MISC
sap -- landscape_managementAn information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.2023-04-118.7CVE-2023-26458
MISC
MISC
apple -- ipadosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.2023-04-108.6CVE-2023-28206
MISC
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
microsoft -- raw_image_extensionRaw Image Extension Remote Code Execution Vulnerability2023-04-118.4CVE-2023-28291
MISC
ibm -- sterling_order_managementIBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.2023-04-078.1CVE-2022-33959
MISC
MISC
sap -- diagnostics_agentDue to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.2023-04-118.1CVE-2023-27267
MISC
MISC
microsoft -- windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-04-118.1CVE-2023-28219
MISC
microsoft -- windows_server_2008Layer 2 Tunneling Protocol Remote Code Execution Vulnerability2023-04-118.1CVE-2023-28220
MISC
microsoft -- windows_server_2008Windows Kerberos Elevation of Privilege Vulnerability2023-04-118.1CVE-2023-28244
MISC
microsoft -- windows_serverNetlogon RPC Elevation of Privilege Vulnerability2023-04-118.1CVE-2023-28268
MISC
microsoft -- windows_server_2008DHCP Server Service Remote Code Execution Vulnerability2023-04-118CVE-2023-28231
MISC
apple -- macosA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges2023-04-107.8CVE-2022-42858
MISC
adobe -- digital_editionsAdobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-21582
MISC
adobe -- incopyInCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-22235
MISC
microsoft -- ole_db_driverMicrosoft ODBC and OLE DB Remote Code Execution Vulnerability2023-04-117.8CVE-2023-23375
MISC
gnu -- screensocket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.2023-04-087.8CVE-2023-24626
CONFIRM
MISC
MISC
microsoft -- visual_studio_codeVisual Studio Code Remote Code Execution Vulnerability2023-04-117.8CVE-2023-24893
MISC
microsoft -- windows_server_2008Windows Graphics Component Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-24912
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26371
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26372
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26373
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26383
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26384
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26388
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26389
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26390
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26391
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26392
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26393
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26394
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26395
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26396
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26398
MISC
adobe -- substance3d-stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26402
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26405
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26406
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26407
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26408
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26409
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26410
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26411
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26412
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26413
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26414
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26415
MISC
adobe -- substance3d-designerAdobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-137.8CVE-2023-26416
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26417
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26418
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26419
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26420
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Integer Underflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26421
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26422
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26423
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26424
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-127.8CVE-2023-26425
MISC
pega -- synchronization_engineA user with non-Admin access can change a configuration file on the client to modify the Server URL.2023-04-107.8CVE-2023-26466
MISC
opendesign -- drawings_sdkAn issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code.2023-04-107.8CVE-2023-26495
MISC
chinamobileltd -- oa_mailbox_pcAn issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.2023-04-107.8CVE-2023-26986
MISC
MISC
dell -- power_managerDell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.2023-04-077.8CVE-2023-28051
MISC
microsoft -- multiple_products
 
Windows NTLM Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28225
MISC
microsoft -- multiple_productsWindows Kernel Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28236
MISC
microsoft -- multiple_productsWindows Kernel Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28237
MISC
microsoft -- multiple_ products
 
Windows Registry Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28246
MISC
microsoft -- multiple_productsWindows Kernel Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28248
MISC
microsoft -- multiple_productsWindows Common Log File System Driver Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28252
MISC
microsoft -- multiple_products
 
.NET DLL Hijacking Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28260
MISC
microsoft -- visual_studio
 
Visual Studio Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28262
MISC
microsoft -- windows_server_2008Windows Kernel Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28272
MISC
microsoft -- multiple_products
 
Windows Win32k Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28274
MISC
microsoft -- multiple_productsMicrosoft Office Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28285
MISC
microsoft -- raw_image_extendion
 
Raw Image Extension Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28292
MISC
microsoft -- multiple_products
 
Windows Kernel Elevation of Privilege Vulnerability2023-04-117.8CVE-2023-28293
MISC
microsoft -- visual_studio
 
Visual Studio Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28296
MISC
microsoft -- multiple_productsMicrosoft ODBC and OLE DB Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28304
MISC
microsoft -- multiple_products
 
Microsoft Word Remote Code Execution Vulnerability2023-04-117.8CVE-2023-28311
MISC
siemens -- multiple_products
 
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.2023-04-117.8CVE-2023-29053
MISC
linux -- linux_kernelAn issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.2023-04-107.8CVE-2023-30456
MISC
MISC
microsoft -- multiple_products

 

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2023-04-117.6CVE-2023-28309
MISC
lua -- luaIn Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.2023-04-107.5CVE-2021-45985
MISC
MISC
MISC
ibm -- sterling_order_managementIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.2023-04-077.5CVE-2022-34333
MISC
MISC
siemens -- multiple_productsA vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.2023-04-117.5CVE-2022-43716
MISC
siemens -- multiple_products
 
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.2023-04-117.5CVE-2022-43767
MISC
siemens -- multiple_products
 
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product.2023-04-117.5CVE-2022-43768
MISC
apple -- ipadosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings2023-04-107.5CVE-2022-46716
MISC
MISC
microsoft -- multiple_products
 
Microsoft Message Queuing Denial of Service Vulnerability2023-04-117.5CVE-2023-21769
MISC
microsoft -- multiple_productsMicrosoft Defender Denial of Service Vulnerability2023-04-117.5CVE-2023-24860
MISC
microsoft -- multiple_productsMicrosoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability2023-04-117.5CVE-2023-24885
MISC
microsoft -- multiple_productsWindows Secure Channel Denial of Service Vulnerability2023-04-117.5CVE-2023-24931
MISC
aten -- pe8108_firmwareAten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials.2023-04-117.5CVE-2023-25413
MISC
siteproxy_project -- siteproxysiteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js.2023-04-077.5CVE-2023-26820
MISC
gdidees -- gdidees_cmsGDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.2023-04-077.5CVE-2023-27180
MISC
MISC
MISC
dualspace -- super_securityAn issue found in DUALSPACE Super Security v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files.2023-04-117.5CVE-2023-27191
MISC
MISC
MISC
microsoft -- windows_server_2008Windows Network Address Translation (NAT) Denial of Service Vulnerability2023-04-117.5CVE-2023-28217
MISC
microsoft -- windows_server_2008Windows Bluetooth Driver Remote Code Execution Vulnerability2023-04-117.5CVE-2023-28227
MISC
microsoft -- windows_server_2008Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability2023-04-117.5CVE-2023-28232
MISC
microsoft -- windows_server_2022Windows Secure Channel Denial of Service Vulnerability2023-04-117.5CVE-2023-28233
MISC
microsoft -- windows_server_2022Windows Secure Channel Denial of Service Vulnerability2023-04-117.5CVE-2023-28234
MISC
microsoft -- windows_server_2008Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability2023-04-117.5CVE-2023-28238
MISC
microsoft -- windows_server_2008Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability2023-04-117.5CVE-2023-28241
MISC
microsoft -- multiple_products
 
Windows Network File System Information Disclosure Vulnerability2023-04-117.5CVE-2023-28247
MISC
microsoft -- multiple_products
 
Azure Service Connector Security Feature Bypass Vulnerability2023-04-117.5CVE-2023-28300
MISC
microsoft -- multiple_productsMicrosoft Message Queuing Denial of Service Vulnerability2023-04-117.5CVE-2023-28302
MISC
apache -- airflow_drill_providerImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.2023-04-077.5CVE-2023-28707
MISC
MISC
MISC
apache -- airflow_spark_providerImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.2023-04-077.5CVE-2023-28710
MISC
MISC
MISC
siemens -- multiple_products
 
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device.2023-04-117.5CVE-2023-28766
MISC
wacom -- driverWacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability.2023-04-117.3CVE-2022-38604
MISC
MISC
MISC
microsoft -- sql_server
 
Microsoft SQL Server Remote Code Execution Vulnerability2023-04-117.3CVE-2023-23384
MISC
siemens -- multiple_productsA vulnerability has been identified in TIA Portal V15 (All versions), TIA Portal V16 (All versions), TIA Portal V17 (All versions), TIA Portal V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution.2023-04-117.3CVE-2023-26293
MISC
groundhogg -- groundhoggThe WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins2023-04-107.2CVE-2023-1425
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability.2023-04-117.2CVE-2023-1985
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability.2023-04-117.2CVE-2023-1986
MISC
MISC
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535.2023-04-117.2CVE-2023-1987
MISC
MISC
MISC
aten -- pe8108_firmwareAten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials.2023-04-117.2CVE-2023-25407
MISC
javadelight -- nashorn_sandboxdelight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process.2023-04-107.2CVE-2023-26919
MISC
microsoft -- mulitple_products
 
Windows DNS Server Remote Code Execution Vulnerability2023-04-117.2CVE-2023-28254
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-117.1CVE-2022-47338
MISC
ibm -- tririga_application_platformIBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975.2023-04-077.1CVE-2023-27876
MISC
MISC
microsoft -- windows_server_2008Windows Kernel Elevation of Privilege Vulnerability2023-04-117.1CVE-2023-28222
MISC
microsoft -- multiple_products
 
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability2023-04-117.1CVE-2023-28224
MISC
microsoft -- windows_11_22h2Win32k Elevation of Privilege Vulnerability2023-04-117CVE-2023-24914
MISC
microsoft -- windows_server_2008Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability2023-04-117CVE-2023-28216
MISC
microsoft -- windows_server_2008Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability2023-04-117CVE-2023-28218
MISC
microsoft -- multiple_products
 
Windows Error Reporting Service Elevation of Privilege Vulnerability2023-04-117CVE-2023-28221
MISC
microsoft -- multiple_productsWindows CNG Key Isolation Service Elevation of Privilege Vulnerability2023-04-117CVE-2023-28229
MISC
microsoft -- multiple_products
 
Windows Clip Service Elevation of Privilege Vulnerability2023-04-117CVE-2023-28273
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
microsoft -- windows_server_2019Windows Lock Screen Security Feature Bypass Vulnerability2023-04-116.8CVE-2023-28235
MISC
microsoft -- multiple_productsWindows Lock Screen Security Feature Bypass Vulnerability2023-04-116.8CVE-2023-28270
MISC
siemens-- multiple_products
 
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.2023-04-116.7CVE-2023-29054
MISC
microsoft -- multiple_productsWindows Domain Name Service Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28223
MISC
microsoft -- multiple_productsWindows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28255
MISC
microsoft -- multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28256
MISC
microsoft -- multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28278
MISC
microsoft -- multiple_productsWindows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28305
MISC
microsoft -- multiple_productsWindows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28306
MISC
microsoft -- multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28307
MISC
microsoft -- multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability2023-04-116.6CVE-2023-28308
MISC
ibm -- db2_mirror_for_iThe IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.2023-04-076.5CVE-2022-43928
MISC
MISC
keetrax -- wp_tilesThe WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post.2023-04-106.5CVE-2023-1426
MISC
bp_monitoring_management_system_project -- bp_monitoring_management_systemA vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.2023-04-076.5CVE-2023-1909
MISC
MISC
MISC
microsoft -- multiple_productsMicrosoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability2023-04-116.5CVE-2023-24883
MISC
microsoft -- multiple_products
 
Remote Desktop Protocol Client Information Disclosure Vulnerability2023-04-116.5CVE-2023-28267
MISC
microsoft -- multiple_products
 
Microsoft SharePoint Server Spoofing Vulnerability2023-04-116.5CVE-2023-28288
MISC
microsoft -- azure_machine_learning_informationAzure Machine Learning Information Disclosure Vulnerability2023-04-116.5CVE-2023-28312
MISC
zohocorp -- manageengine_applications_managerZoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack.2023-04-116.5CVE-2023-28340
MISC
MISC
sap -- netweaver_enterprise_portalIn SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.2023-04-116.5CVE-2023-28761
MISC
MISC
sap -- netweaver_application_server_abapSAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.2023-04-116.5CVE-2023-28763
MISC
MISC
sap -- customer_relationship_managementIn SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.2023-04-116.3CVE-2023-27897
MISC
MISC
siemens -- multiple_products
 
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit.2023-04-116.2CVE-2023-23588
MISC
microsoft -- malware_protection_engine
 
Microsoft Defender Security Feature Bypass Vulnerability2023-04-146.2CVE-2023-24934
MISC
microsoft -- multiple_products
 
Windows Boot Manager Security Feature Bypass Vulnerability2023-04-116.2CVE-2023-28249
MISC
microsoft -- multiple_products
 
Windows Boot Manager Security Feature Bypass Vulnerability2023-04-116.2CVE-2023-28269
MISC
sandbox_theme_project -- sandbox_themeA vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability.2023-04-106.1CVE-2009-10004
MISC
MISC
MISC
MISC
fancy_gallery_project -- fancy_galleryA vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability.2023-04-106.1CVE-2014-125096
MISC
MISC
MISC
bestwebsoft -- facebook_buttonA vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.2023-04-106.1CVE-2014-125097
MISC
MISC
MISC
dart -- http_serverA vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356.2023-04-106.1CVE-2014-125098
MISC
MISC
MISC
MISC
MISC
pingidentity -- self-service_account_managerA vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability.2023-04-106.1CVE-2018-25084
MISC
MISC
MISC
MISC
servicenow -- servicenowServiceNow Tokyo allows XSS.2023-04-106.1CVE-2022-39048
MISC
MISC
stylishcostcalculator -- stylish_cost_calculatorThe stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form.2023-04-106.1CVE-2023-0983
MISC
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Spoofing Vulnerability2023-04-116.1CVE-2023-24935
MISC
kibokolabs -- arigato_autoresponder_and_newsletterUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.2023-04-076.1CVE-2023-25020
MISC
cththemes -- monolitUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.2023-04-076.1CVE-2023-25041
MISC
wpglobus -- wpglobus_translate_optionsUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.2023-04-076.1CVE-2023-25711
MISC
fullworksplugins -- quick_paypal_paymentsUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.2023-04-076.1CVE-2023-25713
MISC
sales_tracker_management_system_project -- sales_tracker_management_systemCross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file.2023-04-106.1CVE-2023-26773
MISC
MISC
MISC
MISC
veritas -- netbackup_appliance_firmwareVeritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address.2023-04-106.1CVE-2023-26788
MISC
MISC
microsoft -- multiple_products
 
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability2023-04-116.1CVE-2023-28313
MISC
microsoft -- multiple_products
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability2023-04-116.1CVE-2023-28314
MISC
zohocorp -- manageengine_applications_managerStored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page.2023-04-116.1CVE-2023-28341
MISC
MISC
cimatti -- wordpress_contact_formsUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.2023-04-076.1CVE-2023-28781
MISC
cimatti -- wordpress_contact_formsUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.2023-04-076.1CVE-2023-28789
MISC
i13websolution -- continuous_image_carosel_with_lightboxUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.2023-04-076.1CVE-2023-28792
MISC
magic-post-thumbnail -- magic_post_thumbnailUnauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.2023-04-076.1CVE-2023-29171
MISC
wp-property-hive -- propertyhiveUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.2023-04-076.1CVE-2023-29172
MISC
cththemes -- outdoorUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.2023-04-076.1CVE-2023-29236
MISC
implecode -- product_catalog_simpleUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.2023-04-076.1CVE-2023-29388
MISC
wacom -- driverWacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe.2023-04-115.9CVE-2022-43293
MISC
MISC
MISC
allegro -- bigflowAllegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.2023-04-105.9CVE-2023-25392
MISC
MISC
canonical -- ubuntu_linuxIt was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.2023-04-075.5CVE-2020-11935
UBUNTU
UBUNTU
apple -- ipadosA logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to read sensitive location information2023-04-105.5CVE-2022-46703
MISC
MISC
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47335
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47336
MISC
google -- androidIn media service, there is a missing permission check. This could lead to local denial of service in media service.2023-04-115.5CVE-2022-47337
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47362
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47463
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47464
MISC
google -- androidIn vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service.2023-04-115.5CVE-2022-47465
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47466
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47467
MISC
google -- androidIn telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.2023-04-115.5CVE-2022-47468
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26374
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26375
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26376
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26377
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26378
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26379
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26380
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26381
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26382
MISC
adobe -- substance_3d_stager
 
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26385
MISC
adobe -- substance_3d_stager
 
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26386
MISC
adobe -- substance_3d_stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26387
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26397
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26400
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26401
MISC
adobe -- substance_3d_stagerAdobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26403
MISC
adobe -- dimensionAdobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-04-125.5CVE-2023-26404
MISC
microsoft -- windows_server_2008Windows Spoofing Vulnerability2023-04-115.5CVE-2023-28228
MISC
microsoft -- windows_server_2008Windows Kernel Information Disclosure Vulnerability2023-04-115.5CVE-2023-28253
MISC
microsoft -- visual_studio
 
Visual Studio Information Disclosure Vulnerability2023-04-115.5CVE-2023-28263
MISC
microsoft -- windows_server_2008Windows Common Log File System Driver Information Disclosure Vulnerability2023-04-115.5CVE-2023-28266
MISC
microsoft -- windows_server_2008Windows Kernel Memory Information Disclosure Vulnerability2023-04-115.5CVE-2023-28271
MISC
microsoft -- multiple_productsWindows Kernel Denial of Service Vulnerability2023-04-115.5CVE-2023-28298
MISC
microsoft -- visual_studio
 
Visual Studio Spoofing Vulnerability2023-04-115.5CVE-2023-28299
MISC
ibm -- tririga_application_platformIBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.2023-04-075.4CVE-2022-43914
MISC
MISC
keetrax -- wp_tilesThe WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-04-105.4CVE-2022-4827
MISC
nlb-creations -- scheduled_announcements_widgetThe Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-04-105.4CVE-2023-0363
MISC
fluentforms -- contact_formThe Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form.2023-04-105.4CVE-2023-0546
MISC
prolizyazilim -- student_affairs_information_systemImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.2023-04-075.4CVE-2023-1726
MISC
fullworksplugins -- quick_contact_formAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.2023-04-075.4CVE-2023-23885
MISC
openwrt -- luciLuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm.2023-04-105.4CVE-2023-24181
MISC
MISC
MISC
liveaction -- livespA cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML.2023-04-105.4CVE-2023-24721
MISC
MISC
kibokolabs -- arigato_autoresponder_and_newsletterAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.2023-04-075.4CVE-2023-25061
MISC
opencats -- opencatsA stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates.2023-04-115.4CVE-2023-26846
MISC
MISC
opencats -- opencatsA stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates.2023-04-115.4CVE-2023-26847
MISC
MISC
robogallery -- robo_galleryAuth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.2023-04-075.4CVE-2023-27620
MISC
progress -- sitefinityAn issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries.2023-04-105.4CVE-2023-29376
MISC
MISC
github -- enterprise_serverAn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-04-075.3CVE-2023-23761
MISC
MISC
MISC
MISC
MISC
github -- enterprise_serverAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-04-075.3CVE-2023-23762
MISC
MISC
MISC
MISC
MISC
sap -- netweaver_as_java_for_deploy_serviceSAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity.2023-04-115.3CVE-2023-24527
MISC
MISC
aten -- pe8108_firmwareAten PE8108 2.4.232 is vulnerable to denial of service (DOS).2023-04-115.3CVE-2023-25414
MISC
aten -- pe8108_firmwareAten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration.2023-04-115.3CVE-2023-25415
MISC
siemens -- mendix_forgot_passwordA vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information.2023-04-115.3CVE-2023-27464
MISC
microsoft -- multiple_productsWindows Enroll Engine Security Feature Bypass Vulnerability2023-04-115.3CVE-2023-28226
MISC
siemens -- polarion_alm
 
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.2023-04-115.3CVE-2023-28828
MISC
updraftplus -- all-in-one_securityThe All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file.2023-04-104.9CVE-2023-0156
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27801
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27802
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27803
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27804
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27805
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27806
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27807
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27808
MISC
h3c -- magic_r100_firmwareH3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-074.9CVE-2023-27810
MISC
microsoft -- multiple_products
 
Windows DNS Server Information Disclosure Vulnerability2023-04-114.9CVE-2023-28277
MISC
updraftplus -- all-in-one_securityThe All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page.2023-04-104.8CVE-2023-0157
MISC
article_directory_project -- article_directoryThe Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts.2023-04-104.8CVE-2023-0422
MISC
wordpress_amazon_s3_project -- wordpress_amazon_s3The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-04-104.8CVE-2023-0423
MISC
auto_rename_media_on_upload_project -- auto_rename_media_on_uploadThe Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-04-104.8CVE-2023-0605
MISC
klaviyo -- klavioThe Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-04-104.8CVE-2023-0874
MISC
dcac -- time_sheetsThe Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-04-104.8CVE-2023-0893
MISC
ibenic -- simple_giveawaysThe Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-04-104.8CVE-2023-1120
MISC
ibenic -- simple_giveawaysThe Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-04-104.8CVE-2023-1121
MISC
ibenic -- simple_giveawaysThe Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-04-104.8CVE-2023-1122
MISC
online_computer_and_laptop_store_project -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536.2023-04-114.8CVE-2023-1988
MISC
MISC
MISC
easy_panorama_project -- easy_panoramaAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.2023-04-074.8CVE-2023-23799
MISC
auto_hide_admin_bar_project -- auto_hide_admin_barAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.2023-04-074.8CVE-2023-23994
MISC
snapcreek -- ezp_coming_soon_pageAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.2023-04-074.8CVE-2023-24398
MISC
wpbookingsystem -- wp_booking_systemAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.2023-04-074.8CVE-2023-24402
MISC
kibokolabs -- watu_quizAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.2023-04-074.8CVE-2023-25022
MISC
kibokolabs -- chained_quizAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.2023-04-074.8CVE-2023-25027
MISC
kibokolabs -- arigato_autoresponder_and_newsletterAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.2023-04-074.8CVE-2023-25031
MISC
podlove -- podlove_podcast_publisherAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.2023-04-074.8CVE-2023-25046
MISC
implecode -- ecommerce_product_catalogAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.2023-04-074.8CVE-2023-25049
MISC
avalex -- avalexAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.2023-04-074.8CVE-2023-25059
MISC
zeno_font_resizer_project -- zeno_font_resizerAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.2023-04-074.8CVE-2023-25442
MISC
streamweasels -- twitch_playerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.2023-04-074.8CVE-2023-25464
MISC
fullworksplugins -- quick_paypal_paymentsAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.2023-04-074.8CVE-2023-25702
MISC
goprayer -- wp_prayerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.2023-04-074.8CVE-2023-25705
MISC
wp-buddy -- google_analytics_opt-outAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.2023-04-074.8CVE-2023-25712
MISC
announce_from_the_dashboard_project -- announce_from_the_dashboardAuth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.2023-04-074.8CVE-2023-25716
MISC
piwebsolution -- product_page_shipping_calculator_for_woocommerceAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.2023-04-074.8CVE-2023-29094
MISC
piwebsolution -- product_enquiry_for_woocommerceAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.2023-04-074.8CVE-2023-29170
MISC
microsoft -- windows_server_2008Windows Group Policy Security Feature Bypass Vulnerability2023-04-114.4CVE-2023-28276
MISC
sap -- hcm_fiori_app_my_formsSAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data.2023-04-114.3CVE-2023-1903
MISC
MISC
my-blog_project -- my-blogA vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.2023-04-074.3CVE-2023-1937
MISC
MISC
MISC
microsoft -- multiple_products
 
Remote Procedure Call Runtime Information Disclosure Vulnerability2023-04-114.3CVE-2023-21729
MISC
aten -- pe8108_firmwareAten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF).2023-04-114.3CVE-2023-25411
MISC
opencats -- opencatsA Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors.2023-04-114.3CVE-2023-26845
MISC
MISC
microsoft -- edge_chromium
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-04-114.3CVE-2023-28284
MISC
silverwaregames -- silverwaregamesSilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19.2023-04-104.3CVE-2023-29192
MISC
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Tampering Vulnerability2023-04-114.2CVE-2023-28301
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iphone_osA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information2023-04-102.4CVE-2022-32871
MISC
apple -- ipadosA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features2023-04-102.4CVE-2022-46717
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
bestwebsoft -- contact_formA vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The name of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability.2023-04-09not yet calculatedCVE-2012-10010
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.2023-04-08not yet calculatedCVE-2013-10023
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2013-10024
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.2023-04-08not yet calculatedCVE-2013-10025
MISC
MISC
MISC
bestwebsoft -- contact_form
 
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320.2023-04-09not yet calculatedCVE-2014-125095
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.2023-04-08not yet calculatedCVE-2015-10098
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351.2023-04-10not yet calculatedCVE-2015-10099
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability.2023-04-15not yet calculatedCVE-2015-10101
MISC
MISC
MISC
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.2023-04-15not yet calculatedCVE-2018-15472
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference.2023-04-15not yet calculatedCVE-2018-17449
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token.2023-04-15not yet calculatedCVE-2018-17450
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands.2023-04-15not yet calculatedCVE-2018-17451
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.2023-04-15not yet calculatedCVE-2018-17452
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.2023-04-15not yet calculatedCVE-2018-17453
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen.2023-04-15not yet calculatedCVE-2018-17454
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals" feature.2023-04-15not yet calculatedCVE-2018-17455
MISC
CONFIRM
gitlab -- community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import.2023-04-15not yet calculatedCVE-2018-17536
MISC
CONFIRM
lilypond -- lilypond
 
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used.2023-04-15not yet calculatedCVE-2020-17354
MISC
MISC
MISC
CONFIRM
MISC
MISC
milken -- doyocms
 
File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter.2023-04-11not yet calculatedCVE-2020-19802
MISC
milken -- doyocms
 
Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings.2023-04-11not yet calculatedCVE-2020-19803
MISC
MISC
sqlite3 -- sqlite3
 
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script.2023-04-11not yet calculatedCVE-2020-24736
MISC
score -- score
 
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.2023-04-15not yet calculatedCVE-2020-29007
MISC
MISC
MISC
MISC
MISC
tailor_mangement_system -- tailor_mangement_system
 
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file2023-04-10not yet calculatedCVE-2020-36077
MISC
MISC
cs-cart -- shipstation
 
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number.2023-04-11not yet calculatedCVE-2020-9009
MISC
MISC
visualeditor -- visualeditor
 
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn't because they are hidden.) This is related to ApiVisualEditor.2023-04-15not yet calculatedCVE-2021-30153
CONFIRM
CONFIRM
MISC
mailman_core -- mailman_core
 
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces.2023-04-15not yet calculatedCVE-2021-34337
MISC
MISC
MISC
openbmc -- openbmc
 
In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.2023-04-15not yet calculatedCVE-2021-39295
MISC
MISC
CONFIRM
MISC
MISC
MISC
 lldpd -- lldpd
 
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it's possible to trigger an out-of-bounds heap read via short SONMP packets.2023-04-15not yet calculatedCVE-2021-43612
MISC
CONFIRM
CONFIRM
kvmtool -- kvmtool
 
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine.2023-04-15not yet calculatedCVE-2021-45464
MISC
MISC
MISC
MISC
fluent -- treasure_data_fluent_bit
 
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.2023-04-11not yet calculatedCVE-2021-46878
MISC
MISC
fluent -- treasure_data_fluent_bit
 
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.2023-04-11not yet calculatedCVE-2021-46879
MISC
MISC
libressl/openbsd -- libressl/openbsd
 
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded.2023-04-15not yet calculatedCVE-2021-46880
MISC
MISC
MISC
insyde -- kernel
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege.2023-04-12not yet calculatedCVE-2022-24350
MISC
MISC
calibre-web -- calibre-web
 
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20.2023-04-15not yet calculatedCVE-2022-2525
CONFIRM
MISC
qualcomm -- snapdragon
 
Memory correction in modem due to buffer overwrite during coap connection2023-04-13not yet calculatedCVE-2022-25678
MISC
qualcomm -- snapdragon
 
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet2023-04-13not yet calculatedCVE-2022-25726
MISC
qualcomm -- snapdragon
 
Information disclosure in modem due to improper check of IP type while processing DNS server query2023-04-13not yet calculatedCVE-2022-25730
MISC
qualcomm -- snapdragon
 
Information disclosure in modem due to buffer over-read while processing packets from DNS server2023-04-13not yet calculatedCVE-2022-25731
MISC
qualcomm -- snapdragon
 
Information disclosure in modem due to missing NULL check while reading packets received from local network2023-04-13not yet calculatedCVE-2022-25737
MISC
qualcomm -- snapdragon
 
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call2023-04-13not yet calculatedCVE-2022-25739
MISC
qualcomm -- snapdragon
 
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface2023-04-13not yet calculatedCVE-2022-25740
MISC
qualcomm -- snapdragon
 
Memory corruption in modem due to improper input validation while handling the incoming CoAP message2023-04-13not yet calculatedCVE-2022-25745
MISC
qualcomm -- snapdragon
 
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message2023-04-13not yet calculatedCVE-2022-25747
MISC
fortinet -- fortisandbox
 
A improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request.2023-04-11not yet calculatedCVE-2022-27485
MISC
fortinet -- fortisandbox
 
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests.2023-04-11not yet calculatedCVE-2022-27487
MISC
qualcomm -- snapdragon
 
memory corruption in modem due to improper check while calculating size of serialized CoAP message2023-04-13not yet calculatedCVE-2022-33211
MISC
qualcomm -- snapdragon
 
Information disclosure due to buffer over-read while parsing DNS response packets in Modem.2023-04-13not yet calculatedCVE-2022-33222
MISC
qualcomm -- snapdragon
 
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding.2023-04-13not yet calculatedCVE-2022-33223
MISC
qualcomm -- snapdragon
 
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header.2023-04-13not yet calculatedCVE-2022-33228
MISC
qualcomm -- snapdragon
 
Memory corruption due to double free in core while initializing the encryption key.2023-04-13not yet calculatedCVE-2022-33231
MISC
qualcomm -- snapdragon
 
Information disclosure due to buffer over-read in modem while reading configuration parameters.2023-04-13not yet calculatedCVE-2022-33258
MISC
qualcomm -- snapdragon
 
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.2023-04-13not yet calculatedCVE-2022-33259
MISC
qualcomm -- snapdragon
 
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.2023-04-13not yet calculatedCVE-2022-33269
MISC
qualcomm -- snapdragon
 
Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message.2023-04-13not yet calculatedCVE-2022-33270
MISC
qualcomm -- snapdragon
 
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback.2023-04-13not yet calculatedCVE-2022-33282
MISC
qualcomm -- snapdragon
 
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.2023-04-13not yet calculatedCVE-2022-33287
MISC
qualcomm -- snapdragon
 
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information.2023-04-13not yet calculatedCVE-2022-33288
MISC
qualcomm -- snapdragon
 
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.2023-04-13not yet calculatedCVE-2022-33289
MISC
qualcomm -- snapdragon
 
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length.2023-04-13not yet calculatedCVE-2022-33291
MISC
qualcomm -- snapdragon
 
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.2023-04-13not yet calculatedCVE-2022-33294
MISC
qualcomm -- snapdragon
 
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.2023-04-13not yet calculatedCVE-2022-33295
MISC
qualcomm -- snapdragon
 
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.2023-04-13not yet calculatedCVE-2022-33296
MISC
qualcomm -- snapdragon
 
Information disclosure due to buffer overread in Linux sensors2023-04-13not yet calculatedCVE-2022-33297
MISC
qualcomm -- snapdragon
 
Memory corruption due to use after free in Modem while modem initialization.2023-04-13not yet calculatedCVE-2022-33298
MISC
qualcomm -- snapdragon
 
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.2023-04-13not yet calculatedCVE-2022-33301
MISC
qualcomm -- snapdragon
 
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.2023-04-13not yet calculatedCVE-2022-33302
MISC
fortinet -- fortiauthenticator
 
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the "reset-password" page.2023-04-11not yet calculatedCVE-2022-35850
MISC
hitachi_vantara -- pentaho_business_analytics_server
 
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.   2023-04-11not yet calculatedCVE-2022-3695
MISC
upstream_works -- agent_desktop_for_cisco_finesse
 
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details.2023-04-10not yet calculatedCVE-2022-37462
MISC
MISC
forgerock_inc -- access_management
 
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Access Management: from 6.5.0 through 7.2.0.2023-04-14not yet calculatedCVE-2022-3748
MISC
MISC
MISC
qualcomm -- snapdragon
 
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.2023-04-13not yet calculatedCVE-2022-40503
MISC
qualcomm -- snapdragon
 
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.2023-04-13not yet calculatedCVE-2022-40532
MISC
fortinet -- fortiadc/fortiddos
 
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.2023-04-11not yet calculatedCVE-2022-40679
MISC
fortinet -- forticlient_for_windows
 
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.2023-04-11not yet calculatedCVE-2022-40682
MISC
fortinet -- fortios/fortiproxy
 
An improper neutralization of input during web page generation vulnerability ('Cross-site Scripting') [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.2023-04-11not yet calculatedCVE-2022-41330
MISC
fortinet -- fortipresence
 
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests.2023-04-11not yet calculatedCVE-2022-41331
MISC
fortinet -- fortigate
 
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal.2023-04-11not yet calculatedCVE-2022-42469
MISC
fortinet -- forticlient_for_windows
 
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.2023-04-11not yet calculatedCVE-2022-42470
MISC
fortinet -- fortianalyzer
 
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries.2023-04-11not yet calculatedCVE-2022-42477
MISC
supermicro -- x11sl-cf_hw
 
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.2023-04-07not yet calculatedCVE-2022-43309
MISC
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite before 7.10.6-rev20 allows XSS via upsell ads.2023-04-15not yet calculatedCVE-2022-43696
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob.2023-04-15not yet calculatedCVE-2022-43697
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list.2023-04-15not yet calculatedCVE-2022-43698
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address).2023-04-15not yet calculatedCVE-2022-43699
MISC
MISC
hitachi_vantara -- pentaho_business_analytics_server
 
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.   2023-04-11not yet calculatedCVE-2022-43770
MISC
fortinet -- forticlient_for_windows
 
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe.2023-04-11not yet calculatedCVE-2022-43946
MISC
fortinet -- fortios/fortiproxy
 
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions.2023-04-11not yet calculatedCVE-2022-43947
MISC
fortinet -- fortiadc/fortiweb
 
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands.2023-04-11not yet calculatedCVE-2022-43948
MISC
fortinet -- fortinac
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests.2023-04-11not yet calculatedCVE-2022-43951
MISC
fortinet -- fortiadc
 
An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests.2023-04-11not yet calculatedCVE-2022-43952
MISC
fortinet -- fortiweb
 
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report.2023-04-11not yet calculatedCVE-2022-43955
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting') vulnerability in Zephilou Cyklodev WP Notify plugin <= 1.2.1 versions.2023-04-13not yet calculatedCVE-2022-44625
MISC
rconfig -- rconfig
 
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv).2023-04-15not yet calculatedCVE-2022-45030
MISC
MISC
oracle -- apache_sling_engine
 
The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option.2023-04-13not yet calculatedCVE-2022-45064
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user.2023-04-14not yet calculatedCVE-2022-45170
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct.2023-04-14not yet calculatedCVE-2022-45173
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code.2023-04-14not yet calculatedCVE-2022-45174
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file.2023-04-14not yet calculatedCVE-2022-45175
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role.2023-04-14not yet calculatedCVE-2022-45178
MISC
livebox -- collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator).2023-04-14not yet calculatedCVE-2022-45180
MISC
wordpress -- wordpress
 
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions.2023-04-13not yet calculatedCVE-2022-45358
MISC
arm -- mali_kernel
 
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.2023-04-11not yet calculatedCVE-2022-46396
MISC
servicenow -- servicenow
 
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.2023-04-14not yet calculatedCVE-2022-46886
MISC
timmystudios -- fast_typing_keyboard
 
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution.2023-04-14not yet calculatedCVE-2022-47027
MISC
MISC
MISC
dnn_corp -- dotnetnuke
 
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file.2023-04-12not yet calculatedCVE-2022-47053
MISC
MISC
oracle -- apache_ofbiz
 
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07.2023-04-14not yet calculatedCVE-2022-47501
MISC
MISC
MISC
ieee_802.11 -- ieee_802.11
 
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.2023-04-15not yet calculatedCVE-2022-47522
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. SQL Injection') vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions.2023-04-12not yet calculatedCVE-2022-47605
MISC
x2crm_open_source_sales_crm -- x2crm_open_source_sales_crm
 
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user's browser.2023-04-15not yet calculatedCVE-2022-48177
MISC
MISC
x2crm_open_source_sales_crm -- x2crm_open_source_sales_crm
 
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI.2023-04-15not yet calculatedCVE-2022-48178
MISC
MISC
libressl/openbsd -- libressl/openbsd
 
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate.2023-04-12not yet calculatedCVE-2022-48437
MISC
MISC
MISC
protobuf-c -- protobuf-c
 
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member.2023-04-13not yet calculatedCVE-2022-48468
MISC
MISC
MISC
MISC
palo_alto_networks -- pan-os
 
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software.2023-04-12not yet calculatedCVE-2023-0004
MISC
palo_alto_networks -- pan-osA vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys.2023-04-12not yet calculatedCVE-2023-0005
MISC
palo_alto_networks -- globalprotect
 
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition.2023-04-12not yet calculatedCVE-2023-0006
MISC
libjxl -- libjxl
 
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit  https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b101592023-04-11not yet calculatedCVE-2023-0645
MISC
MISC
mitsubishi_electric_india -- gc-enet-com
 
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit.2023-04-14not yet calculatedCVE-2023-1285
MISC
MISC
canonical_ltd -- apport_for_linux
 
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.2023-04-13not yet calculatedCVE-2023-1326
MISC
ge_gas_power -- toolboxst
 
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user's context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.  Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power's Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user. 2023-04-11not yet calculatedCVE-2023-1552
MISC
b&r_ industrial_automation -- b&r_vc4
 
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9.2023-04-14not yet calculatedCVE-2023-1617
MISC
openvswitch -- openvswitch
 
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow.2023-04-10not yet calculatedCVE-2023-1668
MISC
MISC
DEBIAN
linux -- kernel
 
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.2023-04-12not yet calculatedCVE-2023-1829
MISC
MISC
linux -- kernel
 
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.2023-04-12not yet calculatedCVE-2023-1872
MISC
MISC
wordpress -- wordpress
 
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wpda_role[]' parameter during a profile update. This requires the 'Enable role management' setting to be enabled for the site.2023-04-12not yet calculatedCVE-2023-1874
MISC
MISC
MISC
MISC
MISC
imagemagick -- magickcore
 
A heap-based buffer overflow issue was discovered in ImageMagick's ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service.2023-04-12not yet calculatedCVE-2023-1906
MISC
MISC
MISC
MISC
MISC
tiffcrop -- libtiffA flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x.2023-04-10not yet calculatedCVE-2023-1916
MISC
MISC
devolutions -- remote_desktop_manager
 
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface.2023-04-11not yet calculatedCVE-2023-1939
MISC
sourcecodester -- survey_application_system
 
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1946
MISC
MISC
tao_interactive-- taocms
 
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1947
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_system
 
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.2023-04-08not yet calculatedCVE-2023-1948
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_system
 
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.2023-04-08not yet calculatedCVE-2023-1949
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_system
 
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1950
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_store
 
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.2023-04-08not yet calculatedCVE-2023-1961
MISC
MISC
MISC
sourcecodester -- best_online_news_portal
 
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability.2023-04-09not yet calculatedCVE-2023-1962
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_system
 
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359.2023-04-09not yet calculatedCVE-2023-1963
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_system
 
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360.2023-04-09not yet calculatedCVE-2023-1964
MISC
MISC
MISC
answerdev -- answer
 
Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8.2023-04-11not yet calculatedCVE-2023-1974
MISC
CONFIRM
answerdev -- answer
 
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.2023-04-11not yet calculatedCVE-2023-1975
MISC
CONFIRM
answerdev -- answer
 
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6.2023-04-11not yet calculatedCVE-2023-1976
MISC
CONFIRM
devolutions -- remote_desktop_manager
 
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries.2023-04-11not yet calculatedCVE-2023-1980
MISC
sourcecodester -- sales_tracker_management_system
 
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225530 is the identifier assigned to this vulnerability.2023-04-11not yet calculatedCVE-2023-1983
MISC
MISC
MISC
sourcecodester -- complaint_management_system
 
A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. This vulnerability affects unknown code of the file /users/check_availability.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225532.2023-04-11not yet calculatedCVE-2023-1984
MISC
MISC
MISC
linux -- kernel
 
A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices.2023-04-11not yet calculatedCVE-2023-1989
MISC
linux -- kernel
 
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem.2023-04-12not yet calculatedCVE-2023-1990
MISC
wireshark_foundation -- wireshark
 
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12not yet calculatedCVE-2023-1992
MISC
CONFIRM
MISC
wireshark_foundation -- wireshark
 
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12not yet calculatedCVE-2023-1993
MISC
CONFIRM
MISC
wireshark_foundation -- wireshark
 
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file2023-04-12not yet calculatedCVE-2023-1994
CONFIRM
MISC
MISC
freetype -- freetype
 
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c.2023-04-14not yet calculatedCVE-2023-2004
MISC
MISC
MISC
MISC
FEDORA
linux -- kernel
 
A flaw was found in the Linux kernel's udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel.2023-04-14not yet calculatedCVE-2023-2008
MISC
MISC
MISC
cisco -- small_business_routers
 
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability.2023-04-13not yet calculatedCVE-2023-20118
MISC
microweber -- microweber
 
Cross-site Scripting (XSS) - Generic in GitHub repository microweber/microweber prior to 1.3.3.2023-04-13not yet calculatedCVE-2023-2014
CONFIRM
MISC
nilsteampassnet -- teampass
 
Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3.2023-04-13not yet calculatedCVE-2023-2021
MISC
CONFIRM
wordpress -- wordpress
 
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.2023-04-15not yet calculatedCVE-2023-2027
MISC
MISC
google -- chrome
 
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-04-14not yet calculatedCVE-2023-2033
MISC
MISC
MISC
froxlor -- froxlor
 
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14.2023-04-14not yet calculatedCVE-2023-2034
MISC
CONFIRM
campcodes -- video_sharing_website
 
A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2035
MISC
MISC
MISC
campcodes -- video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225914 is the identifier assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2036
MISC
MISC
MISC
campcodes -- video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225915.2023-04-14not yet calculatedCVE-2023-2037
MISC
MISC
MISC
campcodes -- video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225916.2023-04-14not yet calculatedCVE-2023-2038
MISC
MISC
MISC
novel-plus -- novel-plus
 
A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2039
MISC
MISC
MISC
novel-plus -- novel-plus
 
A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2040
MISC
MISC
MISC
novel-plus -- novel-plus
 
A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the file /category/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2041
MISC
MISC
MISC
datagear -- datagear
 
A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2042
MISC
MISC
MISC
control_id -- control_id
 
A vulnerability, which was classified as problematic, was found in Control iD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2043
MISC
MISC
control_id – id_secure
 
A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-14not yet calculatedCVE-2023-2044
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932.2023-04-14not yet calculatedCVE-2023-2047
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2048
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2049
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935.2023-04-14not yet calculatedCVE-2023-2050
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936.2023-04-14not yet calculatedCVE-2023-2051
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2052
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2053
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939.2023-04-14not yet calculatedCVE-2023-2054
MISC
MISC
MISC
campcodes -- advanced_online_voting_system
 
A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940.2023-04-14not yet calculatedCVE-2023-2055
MISC
MISC
MISC
dedecms -- dedecms
 
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2056
MISC
MISC
MISC
eyoucms -- eyoucms
 
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2057
MISC
MISC
MISC
eyoucms -- eyoucms
 
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943.2023-04-14not yet calculatedCVE-2023-2058
MISC
MISC
MISC
dedecms -- dedecms
 
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944.2023-04-14not yet calculatedCVE-2023-2059
MISC
MISC
MISC
campcodes -- online_traffic_offense_management_systemA vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051.2023-04-14not yet calculatedCVE-2023-2073
MISC
MISC
MISC
campcodes -- online_traffic_offense_management_system
 
A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052.2023-04-14not yet calculatedCVE-2023-2074
MISC
MISC
MISC
campcodes -- online_traffic_offense_management_system
 
A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2075
MISC
MISC
MISC
campcodes -- online_traffic_offense_management_system
 
A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability.2023-04-14not yet calculatedCVE-2023-2076
MISC
MISC
MISC
campcodes -- online_traffic_offense_management_system
 
A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226055.2023-04-14not yet calculatedCVE-2023-2077
MISC
MISC
MISC
spring -- framework
 
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.2023-04-13not yet calculatedCVE-2023-20863
MISC
spring -- session
 
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver.2023-04-13not yet calculatedCVE-2023-20866
MISC
sourcecodester -- complaint_management_system
 
A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2089
MISC
MISC
MISC
sourcecodester -- employee_and_visitor_gate_pass_logging_system
 
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2090
MISC
MISC
MISC
kylinsoft -- youker-assistant
 
A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099.2023-04-15not yet calculatedCVE-2023-2091
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100.2023-04-15not yet calculatedCVE-2023-2092
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2093
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2094
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.2023-04-15not yet calculatedCVE-2023-2095
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104.2023-04-15not yet calculatedCVE-2023-2096
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2097
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226106 is the identifier assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2098
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107.2023-04-15not yet calculatedCVE-2023-2099
MISC
MISC
MISC
sourcecodester -- vehicle_service_management_system
 
A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108.2023-04-15not yet calculatedCVE-2023-2100
MISC
MISC
MISC
mogu_blog -- mogu_blog
 
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2101
MISC
MISC
MISC
MISC
easyappointments -- easyappointments
 
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.2023-04-15not yet calculatedCVE-2023-2102
CONFIRM
MISC
easyappointments -- easyappointments
 
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.2023-04-15not yet calculatedCVE-2023-2103
MISC
CONFIRM
easyappointments -- easyappointments
 
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.2023-04-15not yet calculatedCVE-2023-2104
CONFIRM
MISC
easyappointments -- easyappointments
 
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.2023-04-15not yet calculatedCVE-2023-2105
MISC
CONFIRM
calibre-web -- calibre-web
 
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20.2023-04-15not yet calculatedCVE-2023-2106
CONFIRM
MISC
ibos -- ibos
 
A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226110 is the identifier assigned to this vulnerability.2023-04-15not yet calculatedCVE-2023-2107
MISC
MISC
MISC
qualcom -- snapdragon
 
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.2023-04-13not yet calculatedCVE-2023-21630
MISC
elecom -- wab-mat
 
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service.2023-04-11not yet calculatedCVE-2023-22282
MISC
MISC
wolt -- wolt_delivery
 
Android App 'Wolt Delivery: Food and more' version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary.2023-04-11not yet calculatedCVE-2023-22429
MISC
MISC
insyde -- insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM.2023-04-11not yet calculatedCVE-2023-22612
MISC
MISC
MISC
insyde -- insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption.2023-04-11not yet calculatedCVE-2023-22613
MISC
MISC
MISC
insyde -- insydeh2o
 
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler.2023-04-11not yet calculatedCVE-2023-22614
MISC
MISC
MISC
insyde -- insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM.2023-04-11not yet calculatedCVE-2023-22615
MISC
MISC
insyde -- insydeh2o
 
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM.2023-04-12not yet calculatedCVE-2023-22616
MISC
MISC
MISC
securepoint -- utm
 
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.2023-04-12not yet calculatedCVE-2023-22620
MISC
MISC
fortinet -- forticlientmac
 
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade.2023-04-11not yet calculatedCVE-2023-22635
MISC
fortinet -- fortios/fortiproxy
 
A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests.2023-04-11not yet calculatedCVE-2023-22641
MISC
fortinet -- fortianalyzer/fortimanager
 
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources.2023-04-11not yet calculatedCVE-2023-22642
MISC
open_design_alliance -- drawings_sdk
 
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.2023-04-15not yet calculatedCVE-2023-22669
MISC
open_design_alliance -- drawings_sdk
 
A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.2023-04-15not yet calculatedCVE-2023-22670
MISC
arm -- mali_gpu_kernel
 
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.2023-04-11not yet calculatedCVE-2023-22808
MISC
securepoint -- utm
 
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.2023-04-12not yet calculatedCVE-2023-22897
MISC
MISC
tigergraph -- enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster.2023-04-13not yet calculatedCVE-2023-22948
MISC
MISC
tigergraph -- enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords.2023-04-14not yet calculatedCVE-2023-22949
MISC
MISC
tigergraph -- enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations.2023-04-13not yet calculatedCVE-2023-22950
MISC
MISC
tigergraph -- enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints.2023-04-13not yet calculatedCVE-2023-22951
MISC
MISC
snippet_box -- snippet_box
 
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the "Snippet code" form field.2023-04-11not yet calculatedCVE-2023-23277
MISC
MISC
MISC
seiko_espon -- multiple_products
 
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.2023-04-11not yet calculatedCVE-2023-23572
MISC
MISC
contec --conprosys_iot_gateway_products
 
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).2023-04-11not yet calculatedCVE-2023-23575
MISC
MISC
MISC
MISC
MISC
terminalfour -- terminalfour
 
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1.2023-04-12not yet calculatedCVE-2023-23591
MISC
MISC
lucl  -- lucl 
 
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js.2023-04-11not yet calculatedCVE-2023-24182
MISC
MISC
MISC
MISC
buffalo -- bs_gs_series
 
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier2023-04-11not yet calculatedCVE-2023-24464
MISC
MISC
arista -- eos
 
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.2023-04-13not yet calculatedCVE-2023-24509
MISC
arista -- eos
 
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.2023-04-12not yet calculatedCVE-2023-24511
MISC
arista -- cloudeos
 
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.2023-04-12not yet calculatedCVE-2023-24513
MISC
buffalo -- bs_gs_series
 
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier2023-04-11not yet calculatedCVE-2023-24544
MISC
MISC
arista -- cloudeos
 
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.2023-04-12not yet calculatedCVE-2023-24545
MISC
qt -- qt
 
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3.2023-04-15not yet calculatedCVE-2023-24607
MISC
MISC
MISC
MISC
MISC
MISC
MISC
aten -- pe8108
 
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users' outlets.2023-04-11not yet calculatedCVE-2023-25409
MISC
mitel -- micollab
 
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path and filename - due to improper authentication control. A successful exploit could allow access to sensitive information.2023-04-14not yet calculatedCVE-2023-25597
CONFIRM
jtekt_electronics_corporation -- screen_creator_advance_2
 
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed.2023-04-11not yet calculatedCVE-2023-25755
MISC
MISC
haproxy -- haproxy
 
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user's request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition.2023-04-11not yet calculatedCVE-2023-25950
MISC
MISC
MISC
kyocera -- mobile_print
 
KYOCERA Mobile Print' v3.2.0.230119 and earlier, 'UTAX/TA MobilePrint' v3.2.0.230119 and earlier, and 'Olivetti Mobile Print' v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user's Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification.2023-04-13not yet calculatedCVE-2023-25954
MISC
MISC
MISC
MISC
MISC
ministry_of land_infrastructure_transport_and_tourism_japan -- national_land_numerical _information_data_conversion
 
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.2023-04-11not yet calculatedCVE-2023-25955
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type.2023-04-10not yet calculatedCVE-2023-26063
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write.2023-04-10not yet calculatedCVE-2023-26064
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 have an Integer Overflow.2023-04-10not yet calculatedCVE-2023-26065
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.2023-04-10not yet calculatedCVE-2023-26066
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).2023-04-10not yet calculatedCVE-2023-26067
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).2023-04-10not yet calculatedCVE-2023-26068
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4).2023-04-10not yet calculatedCVE-2023-26069
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4).2023-04-10not yet calculatedCVE-2023-26070
MISC
MISC
xxl-job-admin -- xxl-job-admin
 
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update.2023-04-10not yet calculatedCVE-2023-26120
MISC
safe-eval -- safe-eval
 
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution ("RCE"). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf().2023-04-11not yet calculatedCVE-2023-26122
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
raylib_for_web_platform  -- raylib_for_web_platform 
 
Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function. **Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected.2023-04-14not yet calculatedCVE-2023-26123
MISC
MISC
MISC
MISC
oxid_esales -- eshop
 
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent.2023-04-11not yet calculatedCVE-2023-26260
MISC
talend -- data_catalog
 
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.2023-04-13not yet calculatedCVE-2023-26263
MISC
MISC
talend -- data_catalog
 
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.2023-04-13not yet calculatedCVE-2023-26264
MISC
MISC
strongswan -- strongswan
 
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10.2023-04-15not yet calculatedCVE-2023-26463
MISC
MISC
pegasystems -- rpa_synchronization_engine
 
A man in the middle can redirect traffic to a malicious server in a compromised configuration.2023-04-10not yet calculatedCVE-2023-26467
MISC
libntp/mstolfp.c -- libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.2023-04-11not yet calculatedCVE-2023-26551
MISC
MISC
libntp/mstolfp.c -- libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.2023-04-11not yet calculatedCVE-2023-26552
MISC
MISC
libntp/mstolfp.c -- libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.2023-04-11not yet calculatedCVE-2023-26553
MISC
MISC
libntp/mstolfp.c -- libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd.2023-04-11not yet calculatedCVE-2023-26554
MISC
MISC
ntpd/refclock_palisade.c -- ntpd/refclock_palisade.c
 
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.2023-04-11not yet calculatedCVE-2023-26555
MISC
MISC
oxygen -- xml_web_author
 
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.)2023-04-14not yet calculatedCVE-2023-26559
MISC
MISC
buffalo -- bs_gsl_and _bs_gs_series
 
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier2023-04-11not yet calculatedCVE-2023-26588
MISC
MISC
yokogawa_electric_corporation -- centun_series
 
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later2023-04-11not yet calculatedCVE-2023-26593
MISC
MISC
revive -- adserver
 
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks.2023-04-14not yet calculatedCVE-2023-26756
MISC
MISC
sourcecodester -- sales_tracker_management_system
 
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint.2023-04-10not yet calculatedCVE-2023-26774
MISC
MISC
MISC
MISC
textpattern -- textpattern
 
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file.2023-04-12not yet calculatedCVE-2023-26852
MISC
MISC
MISC
libyang -- libyang
 
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c.2023-04-11not yet calculatedCVE-2023-26917
MISC
diasoft -- file_replication_pro
 
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.2023-04-14not yet calculatedCVE-2023-26918
MISC
MISC
hyper_http2_rst_stream_frames -- hyper_http2_rst_stream_frames
 
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS).2023-04-11not yet calculatedCVE-2023-26964
MISC
atropim -- atropim
 
Atropim 1.5.26 is vulnerable to Directory Traversal.2023-04-14not yet calculatedCVE-2023-26969
MISC
pax_technology --pax_a920_prodroid
 
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process.2023-04-14not yet calculatedCVE-2023-26980
MISC
MISC
MISC
pretashop -- advancedpopupcreator
 
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups().2023-04-12not yet calculatedCVE-2023-27032
MISC
MISC
gdidees -- cms
 
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.2023-04-11not yet calculatedCVE-2023-27179
MISC
MISC
MISC
dualspace -- super_security
 
An issue found in DUALSPACE Super Security v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters.2023-04-11not yet calculatedCVE-2023-27192
MISC
MISC
MISC
dualspace -- dualspace
 
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field.2023-04-14not yet calculatedCVE-2023-27193
MISC
MISC
MISC
d-link -- dsl-3782
 
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page.2023-04-12not yet calculatedCVE-2023-27216
MISC
MISC
MISC
contec --conprosys_iot_gateway_products
 
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).2023-04-11not yet calculatedCVE-2023-27389
MISC
MISC
MISC
MISC
MISC
sap -- solution_manager_diagnostics_agent
 
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.2023-04-11not yet calculatedCVE-2023-27497
MISC
MISC
sap -- gui_for_html
 
SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user's browser. The information from the victim's web browser can either be modified or read and sent to the attacker.2023-04-11not yet calculatedCVE-2023-27499
MISC
MISC
seiko_epson -- multiple_products
 
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.2023-04-11not yet calculatedCVE-2023-27520
MISC
MISC
commscope_arris -- dg3450
 
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.2023-04-15not yet calculatedCVE-2023-27571
MISC
MISC
MISC
commscope_arris -- dg3450
 
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter.2023-04-15not yet calculatedCVE-2023-27572
MISC
MISC
MISC
poweramp -- audioplayer
 
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library2023-04-14not yet calculatedCVE-2023-27643
MISC
MISC
MISC
poweramp -- audioplayer
 
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.2023-04-11not yet calculatedCVE-2023-27645
MISC
MISC
MISC
dualspace -- lock_master
 
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method.2023-04-14not yet calculatedCVE-2023-27647
MISC
MISC
MISC
t-me studios -- change_color_of_keypad
 
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage.2023-04-14not yet calculatedCVE-2023-27648
MISC
MISC
MISC
trusted_tools -- free_music
 
SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table2023-04-14not yet calculatedCVE-2023-27649
MISC
MISC
MISC
ego_studio -- superclean
 
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file.2023-04-14not yet calculatedCVE-2023-27651
MISC
MISC
MISC
who_app -- who_app
 
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files.2023-04-14not yet calculatedCVE-2023-27653
MISC
MISC
MISC
who_app -- who_app
 
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.2023-04-14not yet calculatedCVE-2023-27654
MISC
MISC
MISC
sourcecodester -- auto_dealer_management_system
 
Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings.2023-04-14not yet calculatedCVE-2023-27666
MISC
MISC
MISC
sourcecodester -- auto_dealer_management_system
 
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability.2023-04-13not yet calculatedCVE-2023-27667
MISC
MISC
MISC
pikpak_for_android -- pikpak_for_android
 
The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface.2023-04-12not yet calculatedCVE-2023-27703
MISC
MISC
void_tools -- void_tools
 
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS).2023-04-12not yet calculatedCVE-2023-27704
MISC
MISC
MISC
d-link -- dir878
 
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-09not yet calculatedCVE-2023-27718
MISC
MISC
d-link -- dir878
 
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-09not yet calculatedCVE-2023-27719
MISC
MISC
nginx -- njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h.2023-04-09not yet calculatedCVE-2023-27727
MISC
nginx -- njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c.2023-04-09not yet calculatedCVE-2023-27728
MISC
nginx -- njs
 
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c.2023-04-09not yet calculatedCVE-2023-27729
MISC
nginx -- njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c.2023-04-09not yet calculatedCVE-2023-27730
MISC
blackvue -- dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted.2023-04-13not yet calculatedCVE-2023-27746
MISC
MISC
MISC
MISC
blackvue -- dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings.2023-04-13not yet calculatedCVE-2023-27747
MISC
MISC
MISC
MISC
blackvue -- dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution.2023-04-13not yet calculatedCVE-2023-27748
MISC
MISC
MISC
MISC
libiec61850 -- libiec61850
 
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c.2023-04-13not yet calculatedCVE-2023-27772
MISC
MISC
liveaction -- livesp
 
A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload.2023-04-12not yet calculatedCVE-2023-27775
MISC
MISC
MISC
alo -- am_presencia
 
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form.2023-04-13not yet calculatedCVE-2023-27779
MISC
MISC
MISC
MISC
bloofox -- bloofox
 
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function.2023-04-13not yet calculatedCVE-2023-27812
MISC
MISC
MISC
MISC
seowonintech -- multiple_products
 
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function.2023-04-12not yet calculatedCVE-2023-27826
MISC
MISC
MISC
tightvnc -- tightvnc
 
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account.2023-04-12not yet calculatedCVE-2023-27830
MISC
MISC
MISC
autodesk -- autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.2023-04-14not yet calculatedCVE-2023-27912
MISC
autodesk -- autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process.2023-04-14not yet calculatedCVE-2023-27913
MISC
autodesk -- autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.2023-04-14not yet calculatedCVE-2023-27914
MISC
autodesk -- autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2023-04-14not yet calculatedCVE-2023-27915
MISC
contec --conprosys_iot_gateway_products
 
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131).2023-04-11not yet calculatedCVE-2023-27917
MISC
MISC
MISC
MISC
MISC
fortinet -- fortisoar
 
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload.2023-04-11not yet calculatedCVE-2023-27995
MISC
dell -- ppdm
 
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions.2023-04-11not yet calculatedCVE-2023-28062
MISC
hewlett_packard_enterprise -- oneview_global_dashboard
 
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials2023-04-14not yet calculatedCVE-2023-28085
MISC
hewlett_packard_enterprise -- oneview_virtual_appliance
 
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump2023-04-14not yet calculatedCVE-2023-28091
MISC
pegasystems -- rpa:_synchronization_engine
 
A user with a compromised configuration can start an unsigned binary as a service.2023-04-10not yet calculatedCVE-2023-28093
MISC
wordpress -- wordpress
 
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.2023-04-12not yet calculatedCVE-2023-28121
MISC
tp-link_corporation_limited -- t2600g-28sq
 
TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained.2023-04-11not yet calculatedCVE-2023-28368
MISC
MISC
connman -- connman
 
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process.2023-04-12not yet calculatedCVE-2023-28488
MISC
MISC
hikvision -- hybrid_san/cluster_storage_products
 
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices.2023-04-11not yet calculatedCVE-2023-28808
MISC
flask-appbuilder -- flask-appbuilder
 
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`.2023-04-10not yet calculatedCVE-2023-29005
MISC
MISC
go -- go
 
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2.2023-04-14not yet calculatedCVE-2023-29013
MISC
MISC
MISC
MISC
open-feature -- open-feature-operator
 
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify.2023-04-14not yet calculatedCVE-2023-29018
MISC
MISC
autodesk -- autocadA maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.2023-04-14not yet calculatedCVE-2023-29067
MISC
zoho -- manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.2023-04-13not yet calculatedCVE-2023-29084
MISC
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line.2023-04-14not yet calculatedCVE-2023-29085
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header.2023-04-14not yet calculatedCVE-2023-29086
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header.2023-04-14not yet calculatedCVE-2023-29087
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header.2023-04-14not yet calculatedCVE-2023-29088
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages.2023-04-14not yet calculatedCVE-2023-29089
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header.2023-04-14not yet calculatedCVE-2023-29090
MISC
exynos -- multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI.2023-04-14not yet calculatedCVE-2023-29091
MISC
sap -- abap_platform/sap_web_dispatcher
 
The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources.2023-04-11not yet calculatedCVE-2023-29108
MISC
MISC
sap -- application_interface_framework
 
The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application.2023-04-11not yet calculatedCVE-2023-29109
MISC
MISC
sap -- application_interface_framework
 
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.2023-04-11not yet calculatedCVE-2023-29110
MISC
MISC
sap -- application_interface_framework
 
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.2023-04-11not yet calculatedCVE-2023-29111
MISC
MISC
sap -- application_interface_framework
 
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application.2023-04-11not yet calculatedCVE-2023-29112
MISC
MISC
irssi -- irssi
 
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line.2023-04-14not yet calculatedCVE-2023-29132
MISC
MISC
sap -- netweaver_as_for_abap
 
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.2023-04-11not yet calculatedCVE-2023-29185
MISC
MISC
sap -- netweaver
 
In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable.2023-04-11not yet calculatedCVE-2023-29186
MISC
MISC
sap -- sapsetup
 
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attacker's control.2023-04-11not yet calculatedCVE-2023-29187
MISC
MISC
sap -- crm
 
SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields2023-04-11not yet calculatedCVE-2023-29189
MISC
MISC
spicedb -- spicedb
 
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `--grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `--grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1. ### Impact All deployments abiding by the recommended best practices for production usage are **NOT affected**: - Authzed's SpiceDB Serverless - Authzed's SpiceDB Dedicated - SpiceDB Operator Users configuring SpiceDB via environment variables are **NOT affected**. Users **MAY be affected** if they expose their metrics port to an untrusted network and are configuring `--grpc-preshared-key` via command-line flag. ### Patches TODO ### Workarounds To workaround this issue you can do one of the following: - Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`) - Reconfigure the `--metrics-addr` flag to bind to a trusted network (e.g. `--metrics-addr=localhost:9090`) - Disable the metrics service via the flag (e.g. `--metrics-enabled=false`) - Adopt one of the recommended deployment models: [Authzed's managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator) ### References - [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6) - [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet - [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux - [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue ### Credit We'd like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability.2023-04-14not yet calculatedCVE-2023-29193
MISC
MISC
MISC
vitessio -- vitess
 
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient).2023-04-14not yet calculatedCVE-2023-29194
MISC
MISC
MISC
vm2_project -- vm2
 
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`.2023-04-14not yet calculatedCVE-2023-29199
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix.2023-04-15not yet calculatedCVE-2023-29201
MISC
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn't used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki's version, in the web application's directory.2023-04-15not yet calculatedCVE-2023-29202
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.2023-04-15not yet calculatedCVE-2023-29203
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.2023-04-15not yet calculatedCVE-2023-29204
MISC
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct.2023-04-15not yet calculatedCVE-2023-29205
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.2023-04-15not yet calculatedCVE-2023-29206
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn't require script rights, this can be demonstrated with the syntax `{{documents id="example" count="5" actions="false" columns="doc.title, before<script>alert(1)</script>after"/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10.2023-04-15not yet calculatedCVE-2023-29207
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.2023-04-15not yet calculatedCVE-2023-29208
MISC
MISC
MISC
xwiki -- xwiki_platformXWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.2023-04-15not yet calculatedCVE-2023-29209
MISC
MISC
MISC
xwiki -- xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.2023-04-15not yet calculatedCVE-2023-29210
MISC
MISC
MISC
shadow -- shadow
 
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.2023-04-14not yet calculatedCVE-2023-29383
MISC
MISC
MISC
MISC
ncurses -- ncurses
 
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.2023-04-14not yet calculatedCVE-2023-29491
MISC
MISC
MISC
novi_survey -- novi_survey
 
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data.2023-04-11not yet calculatedCVE-2023-29492
CONFIRM
matrix_org -- matrix_js_sdk
 
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk's group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user's outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present.2023-04-14not yet calculatedCVE-2023-29529
MISC
MISC
MISC
cesanta_mjs -- cesanta_mjs
 
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).2023-04-14not yet calculatedCVE-2023-29569
MISC
MISC
cesanta_mjs -- cesanta_mjs
 
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS).2023-04-12not yet calculatedCVE-2023-29571
MISC
MISC
bento -- bento
 
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component.2023-04-13not yet calculatedCVE-2023-29573
MISC
MISC
bento -- bento
 
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component.2023-04-12not yet calculatedCVE-2023-29574
MISC
MISC
bento -- bento
 
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h.2023-04-11not yet calculatedCVE-2023-29576
MISC
MISC
yasm -- yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c.2023-04-12not yet calculatedCVE-2023-29580
MISC
MISC
yasm -- yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c.2023-04-12not yet calculatedCVE-2023-29581
MISC
MISC
mp4v2 -- mp4v2
 
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp.2023-04-14not yet calculatedCVE-2023-29584
MISC
MISC
bloofox -- bloofox
 
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1.2023-04-13not yet calculatedCVE-2023-29597
MISC
lmxcms -- lmxcms
 
lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php.2023-04-13not yet calculatedCVE-2023-29598
MISC
purchase_order_management -- purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.2023-04-14not yet calculatedCVE-2023-29621
MISC
MISC
purchase_order_management -- purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.2023-04-14not yet calculatedCVE-2023-29622
MISC
MISC
purchase_order_management -- purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.2023-04-14not yet calculatedCVE-2023-29623
MISC
MISC
employee_performance_evaluation_system -- employee_performance_evaluation_system
 
Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.2023-04-14not yet calculatedCVE-2023-29625
MISC
sourcecodester -- yoga_class_registration_system
 
Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php.2023-04-14not yet calculatedCVE-2023-29626
MISC
sourcecodester -- online_pizza_orderingOnline Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server.2023-04-14not yet calculatedCVE-2023-29627
MISC
MISC
totolink -- x18TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.2023-04-14not yet calculatedCVE-2023-29798
MISC
totolink -- x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.2023-04-14not yet calculatedCVE-2023-29799
MISC
totolink -- x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.2023-04-14not yet calculatedCVE-2023-29800
MISC
totolink -- x18TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function.2023-04-14not yet calculatedCVE-2023-29801
MISC
totolink -- x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.2023-04-14not yet calculatedCVE-2023-29802
MISC
totolink -- x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function.2023-04-14not yet calculatedCVE-2023-29803
MISC
iodata -- wfs-sr03WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function.2023-04-14not yet calculatedCVE-2023-29804
MISC
iodata -- wfs-sr03
 
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function.2023-04-14not yet calculatedCVE-2023-29805
MISC
aerocms -- aerocmsAeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-04-14not yet calculatedCVE-2023-29847
MISC
slims -- bulian
 
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.2023-04-14not yet calculatedCVE-2023-29850
MISC
redpanda -- rpkrpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.2023-04-08not yet calculatedCVE-2023-30450
MISC
MISC
MISC
MISC
MISC
smartptt -- scada
 
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).2023-04-14not yet calculatedCVE-2023-30459
MISC
MISC
apache -- inlongImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the "user" table, one character at a time.  Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/75292023-04-11not yet calculatedCVE-2023-30465
MISC
MISC
cubefs -- cubefs
 
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.2023-04-12not yet calculatedCVE-2023-30512
MISC
jenkins -- kubernetes_plugin
 
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.2023-04-12not yet calculatedCVE-2023-30513
MISC
MISC
jenkins -- azure_key_vault_plugin
 
Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.2023-04-12not yet calculatedCVE-2023-30514
MISC
MISC
jenkins -- thycotic_devops_secrets_vault_plugin
 
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.2023-04-12not yet calculatedCVE-2023-30515
MISC
MISC
jenkins -- image_tag_parameter_pluginJenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default.2023-04-12not yet calculatedCVE-2023-30516
MISC
MISC
jenkins -- neuvector_vulnerability_scanner_plugin
 
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server.2023-04-12not yet calculatedCVE-2023-30517
MISC
MISC
jenkins -- thycotic_secret_server_plugin
 
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2023-04-12not yet calculatedCVE-2023-30518
MISC
MISC
jenkins -- quay.io_trigger_pluginA missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.2023-04-12not yet calculatedCVE-2023-30519
MISC
MISC
jenkins -- quay.io_trigger_pluginJenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads.2023-04-12not yet calculatedCVE-2023-30520
MISC
MISC
jenkins -- assembla_merge_request_builder_pluginA missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository.2023-04-12not yet calculatedCVE-2023-30521
MISC
MISC
jenkins -- fogbugz_pluginA missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a 'jobname' request parameter.2023-04-12not yet calculatedCVE-2023-30522
MISC
MISC
jenkins -- report_portal_pluginJenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.2023-04-12not yet calculatedCVE-2023-30523
MISC
MISC
jenkins -- report_portal_pluginJenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them.2023-04-12not yet calculatedCVE-2023-30524
MISC
MISC
jenkins -- report_portal_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication.2023-04-12not yet calculatedCVE-2023-30525
MISC
MISC
jenkins -- report_portal_pluginA missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication.2023-04-12not yet calculatedCVE-2023-30526
MISC
MISC
jenkins -- wso2_oauth_plugin
 
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2023-04-12not yet calculatedCVE-2023-30527
MISC
MISC
jenkins -- wso2_oauth_plugin
 
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it.2023-04-12not yet calculatedCVE-2023-30528
MISC
MISC
jenkins -- lucene_serach_plugin
 
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database.2023-04-12not yet calculatedCVE-2023-30529
MISC
MISC
jenkins -- consul_kv_builder_pluginJenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.2023-04-12not yet calculatedCVE-2023-30530
MISC
MISC
jenkins -- consul_kv_builder_pluginJenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it.2023-04-12not yet calculatedCVE-2023-30531
MISC
MISC
jenkins -- turboscript_plugin
 
A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository.2023-04-12not yet calculatedCVE-2023-30532
MISC
MISC
snowflake_jdbc -- snowflake_jdbc
 
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29.2023-04-14not yet calculatedCVE-2023-30535
MISC
MISC
dmidecode -- dmidecode
 
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.2023-04-13not yet calculatedCVE-2023-30630
MISC
MISC
MISC
MISC
tikv -- tikv
 
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver.2023-04-13not yet calculatedCVE-2023-30635
MISC
tikv -- tikv
 
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for "not leader") upon an attempt to start a node in a situation where the context deadline is exceeded2023-04-13not yet calculatedCVE-2023-30636
MISC
baidu -- braft
 
Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected.2023-04-13not yet calculatedCVE-2023-30637
MISC
atos -- unify_openscape_sbc
 
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands.2023-04-14not yet calculatedCVE-2023-30638
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.