Vulnerability Summary for the Week of April 24, 2023

Released
May 01, 2023
Document ID
SB23-121

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aenrich_technology -- a+hrdaEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.2023-04-279.8CVE-2023-20852
CONFIRM
aenrich_technology -- a+hrd
 
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service.2023-04-279.8CVE-2023-20853
CONFIRM
online_eyewear_shop_project -- online_eyewear_shopA vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability.2023-04-229.8CVE-2023-2244
MISC
MISC
MISC
online_pizza_ordering_system_project -- online_pizza_ordering_systemA vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236.2023-04-239.8CVE-2023-2246
MISC
MISC
MISC
moxa -- miineport_e1
 
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service.2023-04-279.8CVE-2023-28697
CONFIRM
CONFIRM
powerjob -- powerjobPowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution.2023-04-219.8CVE-2023-29924
MISC
MISC
tenda -- ac5_firmwareTenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function.2023-04-249.8CVE-2023-30368
MISC
tenda -- ac15_firmwareTenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow.2023-04-249.8CVE-2023-30369
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30370
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30371
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30372
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30373
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30375
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30376
MISC
tenda -- ac15_firmwareIn Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability.2023-04-249.8CVE-2023-30378
MISC
gipsy_project -- gipsyGipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping <IP>` without verification that the IP or hostname was legitimate. This command was executed with root permissions and may lead to arbitrary command injection on the host server. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-04-219.8CVE-2023-30621
MISC
MISC
MISC
areteit -- activity_reactions_for_buddypressCross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin <= 1.0.22 versions.2023-04-238.8CVE-2022-45074
MISC
krishaweb -- add_multiple_markerCross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin <= 1.2 versions.2023-04-238.8CVE-2022-45080
MISC
kodcloud -- kodexplorerA vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000.2023-04-228.8CVE-2022-4944
MISC
MISC
MISC
MISC
MISC
php_execution_project -- php_executionCross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin <= 1.0.0 versions.2023-04-238.8CVE-2023-23879
MISC
sunnet -- ctms
 
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service.2023-04-278.8CVE-2023-24836
CONFIRM
nvidia -- bmcNVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering.2023-04-228.8CVE-2023-25507
MISC
piwigo -- piwigoSQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint.2023-04-218.8CVE-2023-26876
MISC
MISC
MISC
FULLDISC
MISC
nvidia -- sbiosNVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components.2023-04-228.2CVE-2023-25506
MISC
microsoft --  multiple_products
 
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability2023-04-278.1CVE-2023-21712
MISC
nvidia -- sbiosNVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass.2023-04-227.8CVE-2023-0209
MISC
podofo_project -- podofoA vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability.2023-04-227.8CVE-2023-2241
MISC
MISC
MISC
MISC
MISC
churchcrm -- churchcrmChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.2023-04-257.8CVE-2023-25348
MISC
MISC
nvidia -- bmcNVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution.2023-04-227.8CVE-2023-25505
MISC
nvidia -- bmcNVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.2023-04-227.8CVE-2023-25508
MISC
nvidia -- sbiosNVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges.2023-04-227.8CVE-2023-25509
MISC
mindsdb -- mindsdbmindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-04-217.5CVE-2023-30620
MISC
MISC
MISC
encode -- starletteThere MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service.2023-04-217.5CVE-2023-30798
MISC
MISC
MISC
ltos  -- ltos
 
In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.2023-04-247.2CVE-2023-1731
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
nvidia -- bmcNVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure.2023-04-226.7CVE-2023-0200
MISC
nvidia -- bmcNVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure.2023-04-226.7CVE-2023-0201
MISC
microweber -- microweberExposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4.2023-04-226.5CVE-2023-2239
CONFIRM
MISC
churchcrm -- churchcrmA cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in.2023-04-256.5CVE-2023-26841
MISC
MISC
cloverdx -- cloverdxCloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x.2023-04-246.5CVE-2023-31056
MISC
wpjam -- wechat_robotReflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin <= 6.0.1 versions.2023-04-256.1CVE-2022-45837
MISC
user_meta_manager_project -- user_meta_managerReflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin <= 3.4.9 versions.2023-04-236.1CVE-2023-22718
MISC
rarathemes -- vryasage_marketing_performanceReflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions.2023-04-236.1CVE-2023-24404
MISC
churchcrm -- churchcrmA reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.2023-04-256.1CVE-2023-25346
MISC
MISC
microsoft  --  edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-04-276.1CVE-2023-28261
MISC
microsoft  --  edge
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-04-276.1CVE-2023-28286
MISC
cesanta -- mjsCesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).2023-04-245.5CVE-2023-29570
MISC
MISC
1app -- 1app_business_formsAuth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions.2023-04-235.4CVE-2022-44631
MISC
blueglass -- jobs_for_wordpressAuth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.11.2 versions.2023-04-235.4CVE-2022-44743
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-225.4CVE-2023-1875
MISC
CONFIRM
devolutions -- devolutions_serverInsufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints.2023-04-215.4CVE-2023-2118
MISC
theme_blvd_responsive_google_maps_project -- theme_blvd_responsive_google_mapsAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin <= 1.0.2 versions.2023-04-235.4CVE-2023-22698
MISC
portfolio_slideshow_project -- portfolio_slideshowAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions.2023-04-235.4CVE-2023-23717
MISC
simple_pdf_viewer_project -- simple_pdf_viewerAuth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin <= 1.9 versions.2023-04-235.4CVE-2023-23817
MISC
google_maps_v3_shortcode_project -- google_maps_v3_shortcodeAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin <= 1.2.1 versions.2023-04-235.4CVE-2023-23827
MISC
ultimate_wp_query_search_filter_project -- ultimate_wp_query_search_filterAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions.2023-04-235.4CVE-2023-23832
MISC
interactive_geo_maps_project -- interactive_geo_mapsAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin <= 1.5.8 versions.2023-04-255.4CVE-2023-23866
MISC
fullworksplugins -- quick_paypal_paymentsAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.2023-04-255.4CVE-2023-23889
MISC
churchcrm -- churchcrmA stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.2023-04-255.4CVE-2023-25347
MISC
MISC
churchcrm -- churchcrmA stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.2023-04-255.4CVE-2023-26843
MISC
MISC
machothemes -- regina_liteAuth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions.2023-04-255.4CVE-2023-27619
MISC
churchcrm -- churchcrmA cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator.2023-04-255.3CVE-2023-26840
MISC
MISC
changingtec  --  motp
 
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files.2023-04-274.9CVE-2023-22901
CONFIRM
apptivo -- apptivo_business_site_crmAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions.2023-04-234.8CVE-2022-44582
MISC
codebangers -- all_in_one_time_clock_liteAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions.2023-04-234.8CVE-2022-44594
MISC
0mk_shortener_project -- 0mk_shortenerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions.2023-04-234.8CVE-2022-45361
MISC
wp-olivecart_project -- wp-olivecartAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions.2023-04-234.8CVE-2022-47435
MISC
fullworksplugins -- quick_contact_formAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.2023-04-254.8CVE-2022-47608
MISC
miniorange -- wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.2023-04-254.8CVE-2023-23710
MISC
wordpress_custom_settings_project -- wordpress_custom_settingsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin <= 1.0 versions.2023-04-234.8CVE-2023-23806
MISC
sitemap_index_project -- sitemap_indexAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin <= 1.2.3 versions.2023-04-234.8CVE-2023-23816
MISC
tinymce_custom_styles_project -- tinymce_custom_stylesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin <= 1.1.2 versions.2023-04-254.8CVE-2023-23995
MISC
winwar -- inline_tweet_sharerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin <= 2.5.3 versions.2023-04-254.8CVE-2023-24005
MISC
ai_contact_us_form_project -- ai_contact_us_formAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions.2023-04-234.8CVE-2023-24386
MISC
wpchill -- cpo_content_typesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin <= 1.1.0 versions.2023-04-234.8CVE-2023-25451
MISC
smartlogix -- wp-insertAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin <= 2.5.0 versions.2023-04-254.8CVE-2023-25461
MISC
podlove -- podlove_subscribe_buttonAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.2023-04-254.8CVE-2023-25479
MISC
simple_yearly_archive_project -- simple_yearly_archiveAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin <= 2.1.8 versions.2023-04-254.8CVE-2023-25484
MISC
json-content-importer -- json_content_importerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin <= 1.3.15 versions.2023-04-254.8CVE-2023-25485
MISC
archivist_-_custom_archive_templates_project -- archivist_-_custom_archive_templatesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.2023-04-254.8CVE-2023-25490
MISC
digitalblue -- click_to_call_or_chat_buttonsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin <= 1.4.0 versions.2023-04-254.8CVE-2023-25710
MISC
link_juice_keeper_project -- link_juice_keeperAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin <= 2.0.2 versions.2023-04-254.8CVE-2023-25793
MISC
electric_studio_client_login_project -- electric_studio_client_loginAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin <= 0.8.1 versions.2023-04-234.8CVE-2023-27425
MISC
motor_racing_league_project -- motor_racing_leagueAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin <= 1.9.9 versions.2023-04-234.8CVE-2023-27614
MISC
nvidia -- sbiosNVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service.2023-04-224.4CVE-2023-0207
MISC
churchcrm -- churchcrmA cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site.2023-04-254.3CVE-2023-26839
MISC
MISC
microsoft -- edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability2023-04-284.3CVE-2023-29334
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpress
 
A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231.2023-04-24not yet calculatedCVE-2012-10013
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232.2023-04-24not yet calculatedCVE-2012-10014
MISC
MISC
MISC
MISC
arc -- arc
 
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause.2023-04-26not yet calculatedCVE-2012-5872
MISC
arc -- arc
 
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action.2023-04-26not yet calculatedCVE-2012-5873
MISC
hongcms -- hongcms
 
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop.2023-04-28not yet calculatedCVE-2020-21643
MISC
boxbilling -- boxbilling
 
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form.2023-04-28not yet calculatedCVE-2020-23647
MISC
yoyager -- yoyager
 
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component.2023-04-26not yet calculatedCVE-2020-36070
MISC
ibm -- counter_fraud_management_for_safer_payments
 
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052.2023-04-28not yet calculatedCVE-2020-4729
MISC
MISC
odoo -- community/enterprise
 
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server.2023-04-25not yet calculatedCVE-2021-23166
MISC
odoo -- community/enterprise
 
Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets.2023-04-25not yet calculatedCVE-2021-23176
MISC
odoo -- community/enterprise
 
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead.2023-04-25not yet calculatedCVE-2021-23178
MISC
odoo -- community/enterprise
 
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system.2023-04-25not yet calculatedCVE-2021-23186
MISC
odoo -- community/enterprise
 
Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests.2023-04-25not yet calculatedCVE-2021-23203
MISC
odoo -- community/enterprise
 
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.2023-04-25not yet calculatedCVE-2021-26263
MISC
odoo -- community/enterprise
 
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link.2023-04-25not yet calculatedCVE-2021-26947
MISC
ribose -- rnp
 
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm.2023-04-21not yet calculatedCVE-2021-33589
MISC
MISC
odoo -- community/enterprise
 
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests.2023-04-25not yet calculatedCVE-2021-44460
MISC
odoo -- community/enterprise
 
Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim.2023-04-25not yet calculatedCVE-2021-44461
MISC
odoo -- community/enterprise
 
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests.2023-04-25not yet calculatedCVE-2021-44465
MISC
odoo -- community/enterprise
 
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files.2023-04-25not yet calculatedCVE-2021-44476
MISC
odoo -- community/enterprise
 
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation.2023-04-25not yet calculatedCVE-2021-44547
MISC
odoo -- community/enterprise
 
Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.2023-04-25not yet calculatedCVE-2021-44775
MISC
odoo -- community/enterprise
 
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.2023-04-25not yet calculatedCVE-2021-45071
MISC
odoo -- community/enterprise
 
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials.2023-04-25not yet calculatedCVE-2021-45111
MISC
pingid -- pingid
 
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times.2023-04-25not yet calculatedCVE-2022-23721
MISC
infopop_ultimate_bulletin_board -- infopop_ultimate_bulletin_board
 
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature.2023-04-27not yet calculatedCVE-2022-25091
MISC
MISC
MISC
MISC
MISC
drupal -- core
 
Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.2023-04-26not yet calculatedCVE-2022-25273
CONFIRM
drupal -- core
 
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system.2023-04-26not yet calculatedCVE-2022-25274
CONFIRM
drupal -- core
 
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating.2023-04-26not yet calculatedCVE-2022-25275
CONFIRM
drupal -- core
 
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities.2023-04-26not yet calculatedCVE-2022-25276
CONFIRM
drupal -- core
 
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads.2023-04-26not yet calculatedCVE-2022-25277
CONFIRM
drupal -- core
 
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected.2023-04-26not yet calculatedCVE-2022-25278
CONFIRM
tooljet -- tooljet
 
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request.2023-04-26not yet calculatedCVE-2022-27978
MISC
MISC
tooljet -- tooljet
 
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component.2023-04-26not yet calculatedCVE-2022-27979
MISC
MISC
mybb -- mybb
 
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.2023-04-24not yet calculatedCVE-2022-28354
MISC
MISC
nokia -- onends
 
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation.2023-04-25not yet calculatedCVE-2022-31244
MISC
MISC
hp -- bios
 
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability.2023-04-28not yet calculatedCVE-2022-31643
MISC
docker_desktop_for_windows -- docker_desktop_for_windows
 
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659.2023-04-27not yet calculatedCVE-2022-31647
MISC
MISC
docker_desktop_for_windows -- docker_desktop_for_windows
 
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647.2023-04-27not yet calculatedCVE-2022-34292
MISC
MISC
ibm -- cloud_pak_for_data
 
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.2023-04-26not yet calculatedCVE-2022-36769
MISC
MISC
solarwinds_platform -- solarwinds_platform
 
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.2023-04-21not yet calculatedCVE-2022-36963
MISC
MISC
docker_desktop_for_windows -- docker_desktop_for_windows
 
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation.2023-04-27not yet calculatedCVE-2022-37326
MISC
MISC
sage_300 -- sage_300
 
On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server.2023-04-28not yet calculatedCVE-2022-38583
MISC
MISC
docker -- desktop
 
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\dataRoot\network\files\local-kv.db because of a TOCTOU race condition.2023-04-27not yet calculatedCVE-2022-38730
MISC
MISC
fighting_cock_information_system -- fighting_cock_information_system
 
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials.2023-04-26not yet calculatedCVE-2022-39989
MISC
MISC
MISC
laravel -- laravel
 
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.2023-04-25not yet calculatedCVE-2022-40482
CONFIRM
CONFIRM
MISC
MISC
pingidentity -- multiple_products
 
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA.2023-04-25not yet calculatedCVE-2022-40722
MISC
MISC
pingidentity -- radius
 
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations.2023-04-25not yet calculatedCVE-2022-40723
MISC
pingidentity -- pingfederate
 
The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests.2023-04-25not yet calculatedCVE-2022-40724
MISC
pingidentity -- desktop
 
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated.2023-04-25not yet calculatedCVE-2022-40725
MISC
sage -- 300
 
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables.2023-04-28not yet calculatedCVE-2022-41397
MISC
sage -- 300
 
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information.2023-04-28not yet calculatedCVE-2022-41398
MISC
sage -- 300
 
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database.2023-04-28not yet calculatedCVE-2022-41399
MISC
sage -- 300
 
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings.2023-04-28not yet calculatedCVE-2022-41400
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions.2023-04-24not yet calculatedCVE-2022-41612
MISC
ibm -- spectrum_scale
 
IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.2023-04-29not yet calculatedCVE-2022-41736
MISC
MISC
ibm -- spectrum_scale
 
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.2023-04-26not yet calculatedCVE-2022-41739
MISC
MISC
xen -- x86
 
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control.2023-04-25not yet calculatedCVE-2022-42335
MISC
CONFIRM
MLIST
FEDORA
ibm -- financial_transaction_manager
 
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707.2023-04-29not yet calculatedCVE-2022-43871
MISC
MISC
ming -- libming
 
libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427.2023-04-26not yet calculatedCVE-2022-44232
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.2023-04-24not yet calculatedCVE-2022-45084
MISC
pws_dashboard -- pws_dashboard
 
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022.2023-04-25not yet calculatedCVE-2022-45291
MISC
MISC
acronis -- agent
 
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161.2023-04-26not yet calculatedCVE-2022-45456
MISC
visam -- vbase
 
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.2023-04-26not yet calculatedCVE-2022-45876
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions.2023-04-24not yet calculatedCVE-2022-47158
MISC
solarwinds -- platform
 
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.2023-04-21not yet calculatedCVE-2022-47505
MISC
MISC
solarwinds -- platform
 
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.2023-04-21not yet calculatedCVE-2022-47509
MISC
MISC
wordpress  --  wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2 versions.2023-04-24not yet calculatedCVE-2022-47598
MISC
nanoleaf -- firmware
 
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.2023-04-27not yet calculatedCVE-2022-47758
MISC
MISC
Io.finnet -- tss-lib
 
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past.2023-04-21not yet calculatedCVE-2022-47930
MISC
MISC
shopware -- shopware
 
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI.2023-04-21not yet calculatedCVE-2022-48150
MISC
jetbrains -- ktor
 
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible2023-04-24not yet calculatedCVE-2022-48476
MISC
jetbrains -- hub
 
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing2023-04-24not yet calculatedCVE-2022-48477
MISC
jetbrains -- toolbox
 
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible2023-04-28not yet calculatedCVE-2022-48481
MISC
linux -- kernel
 
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa962023-04-25not yet calculatedCVE-2023-0045
MISC
nvidia -- gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.2023-04-22not yet calculatedCVE-2023-0184
MISC
nvidia -- gpu_display_driver
 
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.2023-04-22not yet calculatedCVE-2023-0190
MISC
nvidia -- gpu_display_driver
 
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.2023-04-22not yet calculatedCVE-2023-0199
MISC
nvidia -- dgx_a100_sbios
 
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.2023-04-22not yet calculatedCVE-2023-0202
MISC
nvidia -- connectx
 
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.2023-04-22not yet calculatedCVE-2023-0203
MISC
nvidia -- connectx
 
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service.2023-04-22not yet calculatedCVE-2023-0204
MISC
nvidia -- connectx
 
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service.2023-04-22not yet calculatedCVE-2023-0205
MISC
nvidia -- dgx_a100_sbios
 
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure.2023-04-22not yet calculatedCVE-2023-0206
MISC
wordpress -- wordpress
 
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-04-24not yet calculatedCVE-2023-0276
MISC
wordpress -- wordpress
 
The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers.2023-04-24not yet calculatedCVE-2023-0388
MISC
wordpress -- wordpress
 
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-04-24not yet calculatedCVE-2023-0418
MISC
wordpress -- wordpress
 
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF2023-04-24not yet calculatedCVE-2023-0420
MISC
wordpress -- wordpress
 
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks2023-04-24not yet calculatedCVE-2023-0424
MISC
linux -- kernel
 
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c112023-04-26not yet calculatedCVE-2023-0458
MISC
MISC
hypr -- workforce_access
 
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.2023-04-28not yet calculatedCVE-2023-0834
MISC
wordpress -- wordpress
 
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins.2023-04-24not yet calculatedCVE-2023-0899
MISC
wordpress -- wordpress
 
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.2023-04-24not yet calculatedCVE-2023-1020
MISC
wordpress -- wordpress
 
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks2023-04-24not yet calculatedCVE-2023-1126
MISC
wordpress -- wordpress
 
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.2023-04-24not yet calculatedCVE-2023-1129
MISC
wordpress -- wordpress
 
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-04-24not yet calculatedCVE-2023-1324
MISC
grafana -- grafana
 
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.2023-04-26not yet calculatedCVE-2023-1387
MISC
MISC
wordpress -- wordpress
 
The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours2023-04-24not yet calculatedCVE-2023-1414
MISC
wordpress -- wordpress
 
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-04-24not yet calculatedCVE-2023-1420
MISC
wordpress -- wordpress
 
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-04-24not yet calculatedCVE-2023-1435
MISC
hypr -- keycloak_authenticator
 
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.2023-04-28not yet calculatedCVE-2023-1477
MISC
hp -- multiple_products
 
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer.2023-04-28not yet calculatedCVE-2023-1526
MISC
wordpress -- wordpress
 
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.2023-04-24not yet calculatedCVE-2023-1623
MISC
wordpress -- wordpress
 
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders2023-04-24not yet calculatedCVE-2023-1624
MISC
gajshield -- data_security_firewall
 
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password.2023-04-27not yet calculatedCVE-2023-1778
MISC
canonical -- cloud_init
 
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege.2023-04-26not yet calculatedCVE-2023-1786
MISC
MISC
MISC
sidekiq -- sidekiq
 
Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.2023-04-21not yet calculatedCVE-2023-1892
MISC
CONFIRM
illumina -- universal_copy_serviceInstruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.2023-04-28not yet calculatedCVE-2023-1966
MISC
MISC
keysight -- n8844a_data_analytics_web_service
 
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid.2023-04-27not yet calculatedCVE-2023-1967
MISC
illumina -- universal_copy_service
 
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications.2023-04-28not yet calculatedCVE-2023-1968
MISC
MISC
linux -- kernel
 
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.2023-04-21not yet calculatedCVE-2023-1998
MISC
MISC
MISC
linux -- kernel
 
A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel.2023-04-24not yet calculatedCVE-2023-2006
MISC
MISC
MISC
linux -- dpt_I2O_controller_driver
 
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.2023-04-24not yet calculatedCVE-2023-2007
MISC
linux -- kernel
 
A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system.2023-04-24not yet calculatedCVE-2023-2019
MISC
MISC
MISC
vmware -- multiple_products
 
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.2023-04-25not yet calculatedCVE-2023-20869
MISC
vmware -- multiple_products
 
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.2023-04-25not yet calculatedCVE-2023-20870
MISC
vmware -- fusion
 
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.2023-04-25not yet calculatedCVE-2023-20871
MISC
vmware -- multiple_products
 
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.2023-04-25not yet calculatedCVE-2023-20872
MISC
dassault --  delmia_apriso
 
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code.2023-04-21not yet calculatedCVE-2023-2139
MISC
dassault systèmes -- delmia_apriso
 
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.2023-04-21not yet calculatedCVE-2023-2140
MISC
dassault systèmes -- delmia_apriso
 
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.2023-04-21not yet calculatedCVE-2023-2141
MISC
dassault systèmes -- delmia_apriso
 
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user.  Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C2023-04-27not yet calculatedCVE-2023-2158
MISC
synopsys -- code_dx
 
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3.2023-04-21not yet calculatedCVE-2023-2202
MISC
CONFIRM
rosariosis -- rosariosis
 
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2204
MISC
MISC
MISC
campcodes -- retro_basketball_shoes_online_store
 
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2205
MISC
MISC
MISC
campcodes -- retro_basketball_shoes_online_store
 
A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971.2023-04-21not yet calculatedCVE-2023-2206
MISC
MISC
MISC
campcodes -- retro_basketball_shoes_online_store
 
A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972.2023-04-21not yet calculatedCVE-2023-2207
MISC
MISC
MISC
campcodes -- retro_basketball_shoes_online_store
 
A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2208
MISC
MISC
MISC
campcodes -- retro_basketball_shoes_online_store
 
A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2209
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226975.2023-04-21not yet calculatedCVE-2023-2210
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976.2023-04-21not yet calculatedCVE-2023-2211
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2212
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226978 is the identifier assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2213
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226979.2023-04-21not yet calculatedCVE-2023-2214
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980.2023-04-21not yet calculatedCVE-2023-2215
MISC
MISC
MISC
campcodes -- coffee_shop_pos_system
 
A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2216
MISC
MISC
MISC
sourcecodester -- task_reminder_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983.2023-04-21not yet calculatedCVE-2023-2217
MISC
MISC
MISC
sourcecodester -- task_reminder_system
 
A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226984.2023-04-21not yet calculatedCVE-2023-2218
MISC
MISC
MISC
sourcecodester -- task_reminder_system
 
A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2219
MISC
MISC
MISC
dream_technology -- mica
 
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability.2023-04-21not yet calculatedCVE-2023-2220
MISC
MISC
MISC
rapid7 -- velociraptor
 
Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.2023-04-21not yet calculatedCVE-2023-2226
MISC
modoboa -- modoboa
 
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0.2023-04-21not yet calculatedCVE-2023-2227
MISC
CONFIRM
modoboa -- modoboa
 
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0.2023-04-21not yet calculatedCVE-2023-2228
CONFIRM
MISC
maxtech -- max_g866ac
 
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-21not yet calculatedCVE-2023-2231
MISC
MISC
MISC
microweber -- microweber
 
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4.2023-04-22not yet calculatedCVE-2023-2240
CONFIRM
MISC
sourcecodester -- online_computer_and_laptop_store
 
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.2023-04-22not yet calculatedCVE-2023-2242
MISC
MISC
MISC
sourcecodester -- complaint_management_system
 
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228.2023-04-22not yet calculatedCVE-2023-2243
MISC
MISC
MISC
hansuncms -- hansuncms
 
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.2023-04-22not yet calculatedCVE-2023-2245
MISC
MISC
MISC
hansuncms -- hansuncms
 
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation.2023-04-24not yet calculatedCVE-2023-2250
MISC
eemeli -- eemeli_yaml
 
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-4.2023-04-24not yet calculatedCVE-2023-2251
MISC
CONFIRM
devolutions -- workspace_desktop
 
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.2023-04-24not yet calculatedCVE-2023-2257
MISC
cern -- white_rabbit_switch
 
Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings.2023-04-24not yet calculatedCVE-2023-22577
MISC
MISC
alf.io -- alfio_event
 
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.2023-04-24not yet calculatedCVE-2023-2258
CONFIRM
MISC
cern -- white_rabbit_switch
 
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user).2023-04-24not yet calculatedCVE-2023-22581
MISC
MISC
alf.io -- alfio_event
 
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.2023-04-24not yet calculatedCVE-2023-2259
CONFIRM
MISC
alf.io -- alfio_event
 
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.2023-04-24not yet calculatedCVE-2023-2260
MISC
CONFIRM
apache_software_foundation -- apache_jena
 
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query.2023-04-25not yet calculatedCVE-2023-22665
MISC
trinitronic -- nice_paypal_button_lite
 
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions.2023-04-23not yet calculatedCVE-2023-22686
MISC
linux -- kernel
 
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.2023-04-25not yet calculatedCVE-2023-2269
MISC
silverstripe -- silverstripe_framework
 
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.2023-04-26not yet calculatedCVE-2023-22728
MISC
MISC
silverstripe -- silverstripe_framework
 
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue.2023-04-26not yet calculatedCVE-2023-22729
MISC
MISC
rapid7 -- insight_agent
 
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal.2023-04-26not yet calculatedCVE-2023-2273
MISC
mattermost -- mattermost
 
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.2023-04-25not yet calculatedCVE-2023-2281
MISC
devolutions -- remote_desktop_manager
 
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.2023-04-25not yet calculatedCVE-2023-2282
MISC
postgresql -- zoho_manageengine_multiple_products
 
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user.2023-04-26not yet calculatedCVE-2023-2291
MISC
zyxel -- usg_flex_series_firmware
 
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device.2023-04-24not yet calculatedCVE-2023-22913
CONFIRM
zyxel -- usg_flex_series_firmware
 
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled.2023-04-24not yet calculatedCVE-2023-22914
CONFIRM
zyxel -- usg_flex_series_firmware
 
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device.2023-04-24not yet calculatedCVE-2023-22915
CONFIRM
zyxel -- atp_series_firmware
 
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode.2023-04-24not yet calculatedCVE-2023-22916
CONFIRM
zyxel -- atp_series_firmware
 
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.2023-04-24not yet calculatedCVE-2023-22917
CONFIRM
zyxel -- atp_series_firmware
 
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device.2023-04-24not yet calculatedCVE-2023-22918
CONFIRM
sourcecodester -- purchase_order_management_system
 
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463.2023-04-25not yet calculatedCVE-2023-2293
MISC
MISC
MISC
ucms -- ucms
 
A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability.2023-04-26not yet calculatedCVE-2023-2294
MISC
MISC
MISC
wordpress -- wordpress 
 
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability.2023-04-27not yet calculatedCVE-2023-2297
MISC
MISC
MISC
MISC
builderio -- qwik
 
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.2023-04-26not yet calculatedCVE-2023-2307
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2322
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2323
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2327
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2328
CONFIRM
MISC
pimcore -- pimcore
 
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0.2023-04-27not yet calculatedCVE-2023-2331
MISC
pimcore -- pimcore
 
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0.2023-04-27not yet calculatedCVE-2023-2335
MISC
pimcore -- pimcore
 
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2336
MISC
CONFIRM
pimcore -- pimcore
 
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2338
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2339
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2340
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2341
MISC
CONFIRM
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2342
CONFIRM
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-27not yet calculatedCVE-2023-2343
MISC
CONFIRM
sourcecodester -- service_provider_management_system
 
A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.2023-04-27not yet calculatedCVE-2023-2344
MISC
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.2023-04-27not yet calculatedCVE-2023-2345
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.2023-04-27not yet calculatedCVE-2023-2346
MISC
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.2023-04-27not yet calculatedCVE-2023-2347
MISC
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.2023-04-27not yet calculatedCVE-2023-2348
MISC
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.2023-04-27not yet calculatedCVE-2023-2349
MISC
MISC
MISC
sourcecodester -- service_provider_management_system
 
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.2023-04-27not yet calculatedCVE-2023-2350
MISC
MISC
MISC
acronis -- snap_deploy
 
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900.2023-04-27not yet calculatedCVE-2023-2355
MISC
mlflow -- mlflow
 
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.2023-04-28not yet calculatedCVE-2023-2356
MISC
CONFIRM
acronis -- cyber_infrastructure
 
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135.2023-04-28not yet calculatedCVE-2023-2360
MISC
pimcore -- pimcore
 
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-04-28not yet calculatedCVE-2023-2361
CONFIRM
MISC
sourcecodester -- resort_reservation_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639.2023-04-28not yet calculatedCVE-2023-2363
MISC
MISC
MISC
sourcecodester -- resort_reservation_system
 
A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640.2023-04-28not yet calculatedCVE-2023-2364
MISC
MISC
MISC
sourcecodester -- faculty_evaluation_system
 
A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2365
MISC
MISC
MISC
sourcecodester -- faculty_evaluation_system
 
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2366
MISC
MISC
MISC
sourcecodester -- faculty_evaluation_system
 
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643.2023-04-28not yet calculatedCVE-2023-2367
MISC
MISC
MISC
sourcecodester -- faculty_evaluation_system
 
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644.2023-04-28not yet calculatedCVE-2023-2368
MISC
MISC
MISC
sourcecodester -- faculty_evaluation_systemA vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2369
MISC
MISC
MISC
sourcecodester -- online_dj_management_
system
 
A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2370
MISC
MISC
MISC
sourcecodester -- online_dj_management_system
 
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647.2023-04-28not yet calculatedCVE-2023-2371
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648.2023-04-28not yet calculatedCVE-2023-2372
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2373
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2374
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651.2023-04-28not yet calculatedCVE-2023-2375
MISC
MISC
MISC
vi-solutions -- visforms_base_package_for_joomla_3
 
The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it.2023-04-23not yet calculatedCVE-2023-23753
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652.2023-04-28not yet calculatedCVE-2023-2376
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2377
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2378
MISC
MISC
MISC
uniquiti -- edgerouter_x
 
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655.2023-04-28not yet calculatedCVE-2023-2379
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2380
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2381
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2382
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2383
MISC
MISC
MISC
solarwinds -- database_performance_analyzer
 
No exception handling vulnerability which revealed sensitive or excessive information to users.2023-04-25not yet calculatedCVE-2023-23837
MISC
MISC
solarwinds -- database_performance_analyzer
 
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.2023-04-25not yet calculatedCVE-2023-23838
MISC
MISC
solarwinds -- solarwinds_platform
 
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.2023-04-25not yet calculatedCVE-2023-23839
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2384
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2385
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2386
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2387
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2388
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2389
MISC
MISC
MISC
jamie_poitra -- m_chart
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions.2023-04-24not yet calculatedCVE-2023-23892
MISC
netgear -- srx5308
 
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2390
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2391
MISC
MISC
MISC
netgear -- srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2392
MISC
MISC
MISC
netgear – srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2393
MISC
MISC
MISC
netgear – srx5308
 
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2394
MISC
MISC
MISC
netgear – srx5308
 
A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2395
MISC
MISC
MISC
netgear – srx5308
 
A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-28not yet calculatedCVE-2023-2396
MISC
MISC
MISC
sourcecodester -- simple_mobile_comparison_website
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675.2023-04-28not yet calculatedCVE-2023-2397
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2408
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703.2023-04-28not yet calculatedCVE-2023-2409
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704.2023-04-28not yet calculatedCVE-2023-2410
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability.2023-04-28not yet calculatedCVE-2023-2411
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2412
MISC
MISC
MISC
sourcecodester -- ac_repair_and_services_system
 
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707.2023-04-29not yet calculatedCVE-2023-2413
MISC
MISC
MISC
ks-soft -- advanced_host_monitor
 
A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\Program Files (x86)\HostMonitor\RMA-Win\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2417
MISC
MISC
konga -- konga
 
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715.2023-04-29not yet calculatedCVE-2023-2418
MISC
MISC
MISC
zhong_bang -- crmeb
 
A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716.2023-04-29not yet calculatedCVE-2023-2419
MISC
MISC
MISC
mlecms -- mlecms
 
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\inc\include\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2420
MISC
MISC
MISC
control_id -- rhid
 
A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-04-29not yet calculatedCVE-2023-2421
MISC
MISC
MISC
dedecms -- dedecms
 
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability.2023-04-29not yet calculatedCVE-2023-2424
MISC
MISC
MISC
sourcecodester -- simple_student_information_system
 
A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751.2023-04-29not yet calculatedCVE-2023-2425
MISC
MISC
MISC
vim -- vim
 
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499.2023-04-29not yet calculatedCVE-2023-2426
CONFIRM
MISC
textpattern -- textpattern
 
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file.2023-04-28not yet calculatedCVE-2023-24269
MISC
arista_networks -- terminattr
 
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision2023-04-25not yet calculatedCVE-2023-24512
MISC
vinga -- wr-ac1200
 
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints.2023-04-26not yet calculatedCVE-2023-24796
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.2023-04-24not yet calculatedCVE-2023-24818
MISC
MISC
MISC
MISC
MISC
MISC
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.2023-04-24not yet calculatedCVE-2023-24819
MISC
MISC
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually.2023-04-24not yet calculatedCVE-2023-24820
MISC
MISC
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually.2023-04-24not yet calculatedCVE-2023-24821
MISC
MISC
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.2023-04-24not yet calculatedCVE-2023-24822
MISC
MISC
MISC
riot-os -- riot
 
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually.2023-04-24not yet calculatedCVE-2023-24823
MISC
MISC
MISC
ibm -- websphere_application_server
 
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904.2023-04-27not yet calculatedCVE-2023-24966
MISC
MISC
cyberpower -- powerpanel_business_local_remote
 
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.2023-04-24not yet calculatedCVE-2023-25131
MISC
MISC
MISC
MISC
MISC
cyberpower -- powerpanel_business_local_remote
 
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.2023-04-24not yet calculatedCVE-2023-25132
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
cyberpower -- powerpanel_business_local_remote
 
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.2023-04-24not yet calculatedCVE-2023-25133
MISC
MISC
MISC
MISC
MISC
intermesh -- group-office
 
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie.2023-04-27not yet calculatedCVE-2023-25292
MISC
MISC
MISC
world_wide_broadcast_network -- avideo
 
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature.2023-04-25not yet calculatedCVE-2023-25313
MISC
world_wide_broadcast_network -- avideo
 
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user.2023-04-25not yet calculatedCVE-2023-25314
MISC
vtech – vcs754
 
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML.2023-04-27not yet calculatedCVE-2023-25437
MISC
MISC
lenovo -- xclarity_controller
 
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured2023-04-28not yet calculatedCVE-2023-25495
MISC
nvidia -- cuda_toolkit
 
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges.2023-04-28not yet calculatedCVE-2023-25496
MISC
nvidia -- cuda_toolkit
 
NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service.2023-04-22not yet calculatedCVE-2023-25510
MISC
nvidia -- cuda_toolkit
 
NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service.2023-04-22not yet calculatedCVE-2023-25511
MISC
nvidia -- cuda_toolkit
 
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.2023-04-22not yet calculatedCVE-2023-25512
MISC
nvidia -- cuda_toolkit
 
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.2023-04-22not yet calculatedCVE-2023-25513
MISC
nvidia -- cuda_toolkit
 
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure.2023-04-22not yet calculatedCVE-2023-25514
MISC
git -- git
 
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists.2023-04-25not yet calculatedCVE-2023-25652
MISC
MISC
MISC
MISC
MISC
MISC
git -- git
 
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`.2023-04-25not yet calculatedCVE-2023-25815
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ibm – db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.2023-04-28not yet calculatedCVE-2023-25930
MISC
MISC
ibm – db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.2023-04-28not yet calculatedCVE-2023-26021
MISC
MISC
ibm – db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.2023-04-28not yet calculatedCVE-2023-26022
MISC
MISC
nokia -- netact
 
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.2023-04-25not yet calculatedCVE-2023-26057
MISC
MISC
nokia -- netact
 
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.2023-04-25not yet calculatedCVE-2023-26058
MISC
MISC
nokia -- netact
 
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user.2023-04-24not yet calculatedCVE-2023-26059
MISC
MISC
nokia -- netact
 
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.2023-04-24not yet calculatedCVE-2023-26060
MISC
MISC
nokia -- netact
 
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.2023-04-24not yet calculatedCVE-2023-26061
MISC
MISC
telindus -- apsalAn issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked.2023-04-24not yet calculatedCVE-2023-26097
MISC
MISC
telindus -- apsal
 
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code.2023-04-25not yet calculatedCVE-2023-26098
MISC
MISC
telindus -- apsal
 
An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure.2023-04-24not yet calculatedCVE-2023-26099
MISC
MISC
progress -- flowmon_os
 
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser.2023-04-21not yet calculatedCVE-2023-26100
MISC
MISC
progress -- flowmon_packet_investigator
 
In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem.2023-04-21not yet calculatedCVE-2023-26101
MISC
MISC
hyundai -- gen5w_l_in-vehicle_infotainment_system
 
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi.2023-04-27not yet calculatedCVE-2023-26243
MISC
MISC
MISC
hyundai -- gen5w_l_in-vehicle_infotainment_system
 
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files.2023-04-27not yet calculatedCVE-2023-26244
MISC
MISC
MISC
hyundai -- gen5w_l_in-vehicle_infotainment_system
 
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system.2023-04-27not yet calculatedCVE-2023-26245
MISC
MISC
MISC
hyundai -- gen5w_l_in-vehicle_infotainment_system
 
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system.2023-04-27not yet calculatedCVE-2023-26246
MISC
MISC
MISC
ibm -- multiple_products
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421.2023-04-26not yet calculatedCVE-2023-26286
MISC
MISC
lorawan -- lorawan-stack
 
lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.2023-04-24not yet calculatedCVE-2023-26494
MISC
MISC
MISC
MISC
MISC
io_finnet -- tss-lib
 
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)2023-04-21not yet calculatedCVE-2023-26556
MISC
MISC
MISC
MISC
io_finnet -- tss-lib
 
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.)2023-04-21not yet calculatedCVE-2023-26557
MISC
MISC
MISC
MISC
northern.tech -- cfengine_enterprise
 
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.2023-04-26not yet calculatedCVE-2023-26560
MISC
MISC
sangoma -- freepbx
 
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call.2023-04-26not yet calculatedCVE-2023-26567
MISC
MISC
MISC
     
mccms -- mccms
 
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.2023-04-28not yet calculatedCVE-2023-26781
MISC
mccms -- mccms
 
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.2023-04-28not yet calculatedCVE-2023-26782
MISC
jfinal_cms -- jfinal_cms
 
Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route.2023-04-28not yet calculatedCVE-2023-26812
MISC
prestashop -- bdroppy
 
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do.2023-04-28not yet calculatedCVE-2023-26813
MISC
xpdf -- xpdf
 
SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component.2023-04-24not yet calculatedCVE-2023-26865
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function.2023-04-26not yet calculatedCVE-2023-26930
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function.2023-04-26not yet calculatedCVE-2023-26931
MISC
MISC
xpdf -- xpdf
 
An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter.2023-04-26not yet calculatedCVE-2023-26934
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc.2023-04-26not yet calculatedCVE-2023-26935
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc2023-04-26not yet calculatedCVE-2023-26936
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc2023-04-26not yet calculatedCVE-2023-26937
MISC
MISC
xpdf -- xpdf
 
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc.2023-04-26not yet calculatedCVE-2023-26938
MISC
MISC
shanling -- mtouch_os
 
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal.2023-04-25not yet calculatedCVE-2023-27105
MISC
MISC
myq -- multiple_products
 
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL.2023-04-26not yet calculatedCVE-2023-27107
MISC
apache -- superset
 
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.2023-04-24not yet calculatedCVE-2023-27524
MISC
MISC
ibm-- db2
 
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.2023-04-28not yet calculatedCVE-2023-27555
MISC
MISC
ibm -- counter_fraud_management_for_safer_payments
 
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190.2023-04-28not yet calculatedCVE-2023-27556
MISC
MISC
ibm -- counter_fraud_management_for_safer_payments
 
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192.2023-04-28not yet calculatedCVE-2023-27557
MISC
MISC
ibm -- db2
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.2023-04-26not yet calculatedCVE-2023-27559
MISC
MISC
prestashop -- askforaquote
 
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component.2023-04-26not yet calculatedCVE-2023-27843
MISC
MISC
broccoli-compass -- broccoli-compass
 
broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.2023-04-24not yet calculatedCVE-2023-27848
MISC
MISC
rails-routes-to-json -- rails-routes-to-json
 
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.2023-04-24not yet calculatedCVE-2023-27849
MISC
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207.2023-04-27not yet calculatedCVE-2023-27860
MISC
MISC
ibm -- maximo_asset_management
 
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327.2023-04-28not yet calculatedCVE-2023-27864
MISC
MISC
hp -- laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.2023-04-28not yet calculatedCVE-2023-27971
MISC
hp -- laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution.2023-04-28not yet calculatedCVE-2023-27972
MISC
hp -- laserjet_pro
 
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution.2023-04-28not yet calculatedCVE-2023-27973
MISC
zyxel -- multiple_products
 
The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.2023-04-24not yet calculatedCVE-2023-27990
CONFIRM
zyxel -- multiple_products
 
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.2023-04-24not yet calculatedCVE-2023-27991
CONFIRM
hcl -- workload_automation
 
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.2023-04-26not yet calculatedCVE-2023-28008
MISC
hcl -- workload_automation
 
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.2023-04-26not yet calculatedCVE-2023-28009
MISC
hewlett_packard_enterprise -- multiple_products
 
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens2023-04-25not yet calculatedCVE-2023-28084
MISC
MISC
hewlett_packard_enterprise -- hpe_oneview
 
An HPE OneView appliance dump may expose proxy credential settings2023-04-25not yet calculatedCVE-2023-28086
MISC
hewlett_packard_enterprise -- hpe_oneview
 
An HPE OneView appliance dump may expose OneView user accounts2023-04-25not yet calculatedCVE-2023-28087
MISC
hewlett_packard_enterprise -- hpe_oneview
 
An HPE OneView appliance dump may expose SAN switch administrative credentials2023-04-25not yet calculatedCVE-2023-28088
MISC
hewlett_packard_enterprise -- hpe_oneview
 
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules2023-04-25not yet calculatedCVE-2023-28089
MISC
hewlett_packard_enterprise -- hpe_oneview
 
An HPE OneView appliance dump may expose SNMPv3 read credentials2023-04-25not yet calculatedCVE-2023-28090
MISC
expo.io -- expo_authsession_module
 
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc).2023-04-24not yet calculatedCVE-2023-28131
MISC
myscada_technologies -- myscada_mypro
 
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.2023-04-27not yet calculatedCVE-2023-28384
MISC
myscada_technologies -- myscada_mypro
 
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.2023-04-27not yet calculatedCVE-2023-28400
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.2023-04-28not yet calculatedCVE-2023-28471
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies.2023-04-28not yet calculatedCVE-2023-28472
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section.2023-04-28not yet calculatedCVE-2023-28473
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search.2023-04-28not yet calculatedCVE-2023-28474
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized.2023-04-28not yet calculatedCVE-2023-28475
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files.2023-04-28not yet calculatedCVE-2023-28476
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter.2023-04-28not yet calculatedCVE-2023-28477
MISC
MISC
libxml2 -- libxml2
 
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.2023-04-24not yet calculatedCVE-2023-28484
MISC
MISC
MLIST
ibm -- aix
 
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.2023-04-28not yet calculatedCVE-2023-28528
MISC
MISC
myscada_technologies -- myscada_mypro
 
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.2023-04-27not yet calculatedCVE-2023-28716
MISC
zyxel -- dx5401-b0_firmware
 
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device.2023-04-27not yet calculatedCVE-2023-28769
CONFIRM
zyxel -- dx5401-b0_firmware
 
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file.2023-04-27not yet calculatedCVE-2023-28770
CONFIRM
zyxel -- zywall/usg_series_firmware
 
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.2023-04-25not yet calculatedCVE-2023-28771
CONFIRM
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names.2023-04-28not yet calculatedCVE-2023-28819
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized.2023-04-28not yet calculatedCVE-2023-28820
MISC
MISC
concrete_cms -- concrete_cms
 
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets.2023-04-28not yet calculatedCVE-2023-28821
MISC
MISC
nextcloud -- security-advisories
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available.2023-04-25not yet calculatedCVE-2023-28847
MISC
MISC
MISC
trustwave -- modsecurity
 
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations.2023-04-28not yet calculatedCVE-2023-28882
CONFIRM
git -- git
 
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`.2023-04-25not yet calculatedCVE-2023-29007
MISC
MISC
MISC
MISC
MISC
git-for-windows -- git
 
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines.2023-04-25not yet calculatedCVE-2023-29011
MISC
MISC
git-for-windows -- git
 
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory.2023-04-25not yet calculatedCVE-2023-29012
MISC
MISC
fastify -- fastify-passport
 
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-04-21not yet calculatedCVE-2023-29019
MISC
MISC
MISC
fastify -- fastify-passport
 
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`.2023-04-21not yet calculatedCVE-2023-29020
MISC
MISC
MISC
MISC
lenovo -- xclarity_controller
 
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined.2023-04-28not yet calculatedCVE-2023-29056
MISC
lenovo -- xclarity_controller
 
A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”.2023-04-28not yet calculatedCVE-2023-29057
MISC
lenovo -- xclarity_controller
 
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions.2023-04-28not yet calculatedCVE-2023-29058
MISC
myscada_technologies -- myscada_mypro
 
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.2023-04-27not yet calculatedCVE-2023-29150
MISC
myscada_technologies -- myscada_mypro
 
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands.2023-04-27not yet calculatedCVE-2023-29169
MISC
contao -- contao
 
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds.2023-04-25not yet calculatedCVE-2023-29200
MISC
MISC
MISC
ibm -- db2_for_linux,_unix_and_windows
 
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.2023-04-27not yet calculatedCVE-2023-29255
MISC
MISC
ibm -- db2_for_linux,_unix_and_windows
 
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.2023-04-26not yet calculatedCVE-2023-29257
MISC
MISC
tibco_software_inc. -- tibco_spotfire_statistics_services
 
The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.2023-04-26not yet calculatedCVE-2023-29268
MISC
zoho -- manageengine_applications_manager
 
Zoho ManageEngine Applications Manager through 16390 allows DOM XSS.2023-04-26not yet calculatedCVE-2023-29442
MISC
zoho -- manageengine_servicedesk_plus
 
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack.2023-04-26not yet calculatedCVE-2023-29443
MISC
libxml2 -- libxml2
 
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value).2023-04-24not yet calculatedCVE-2023-29469
MISC
MISC
MLIST
lightbend -- alpakka_kafka
 
Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor.2023-04-27not yet calculatedCVE-2023-29471
MISC
MISC
ribose -- rnp
 
Ribose RNP before 0.16.3 may hang when the input is malformed.2023-04-24not yet calculatedCVE-2023-29479
MISC
MISC
ribose -- rnp
 
Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use.2023-04-24not yet calculatedCVE-2023-29480
CONFIRM
xpanel -- xpanel
 
An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31.2023-04-27not yet calculatedCVE-2023-29489
MISC
MISC
laminas -- laminas-diactoros
 
Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`.2023-04-24not yet calculatedCVE-2023-29530
MISC
MISC
MISC
slp -- multiple_products
 
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.2023-04-25not yet calculatedCVE-2023-29552
MISC
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
npm -- multiple_products
 
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.2023-04-24not yet calculatedCVE-2023-29566
MISC
MISC
MISC
MISC
bento4 -- mp42aac
 
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component.2023-04-21not yet calculatedCVE-2023-29575
MISC
MISC
mp4v2 -- mp4stringproperty
 
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp.2023-04-24not yet calculatedCVE-2023-29578
MISC
MISC
yasm -- yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf.2023-04-24not yet calculatedCVE-2023-29579
MISC
MISC
yasm -- yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c.2023-04-24not yet calculatedCVE-2023-29582
MISC
MISC
yasm -- yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c.2023-04-24not yet calculatedCVE-2023-29583
MISC
MISC
byronknoll_cmix -- paq8
 
Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function.2023-04-26not yet calculatedCVE-2023-29596
MISC
sengled -- dimmer_switch
 
Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command.2023-04-25not yet calculatedCVE-2023-29779
MISC
MISC
third_reality -- smart_blind
 
Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.2023-04-24not yet calculatedCVE-2023-29780
MISC
MISC
mccms -- mccms
 
mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF).2023-04-28not yet calculatedCVE-2023-29815
MISC
wondershare -- dr.fone
 
Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function.2023-04-26not yet calculatedCVE-2023-29835
MISC
exelysis -- unified_communication_solutions
 
Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form.2023-04-26not yet calculatedCVE-2023-29836
MISC
MISC
bang -- resto
 
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.2023-04-24not yet calculatedCVE-2023-29848
MISC
MISC
bang -- resto
 
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.2023-04-24not yet calculatedCVE-2023-29849
MISC
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29905
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29906
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29907
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29908
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29909
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29910
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29911
MISC
h3c -- magic_r200
 
H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29912
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29913
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29914
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29915
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29916
MISC
h3c -- magic_r200
 
H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm.2023-04-21not yet calculatedCVE-2023-29917
MISC
swftools -- swfrender
 
swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c2023-04-27not yet calculatedCVE-2023-29950
MISC
magicjack -- a921
 
Insecure Permissions vulnerability found in MagicJack A921 USB Phone Jack Rev 3.0 v.1.4 allows a physically proximate attacker to escalate privileges and gain access to sensitive information via the NAND flash memory.2023-04-28not yet calculatedCVE-2023-30024
MISC
MISC
MISC
MISC
sourcecodester -- medicine_tracker_system
 
Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about.2023-04-26not yet calculatedCVE-2023-30106
MISC
MISC
MISC
wuzhicms -- wuzhicms
 
Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS).2023-04-26not yet calculatedCVE-2023-30111
MISC
MISC
eyoucms -- eyoucms
 
Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection.2023-04-26not yet calculatedCVE-2023-30112
MISC
MISC
craftcms -- craftcms
 
wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings.2023-04-28not yet calculatedCVE-2023-30123
MISC
wangmarket_cms -- wangmarket_cms
 
EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS).2023-04-28not yet calculatedCVE-2023-30125
MISC
ourphp -- ourphp
 
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.2023-04-25not yet calculatedCVE-2023-30177
MISC
ourphp -- ourphp
 
Wangmarket CMS v4.10 was discovered to contain a SQL injection vulnerability via the component /plugin/dataDictionary/tableView.do?tableName=.2023-04-28not yet calculatedCVE-2023-30183
MISC
ourphp -- ourphp
 
OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php.2023-04-26not yet calculatedCVE-2023-30210
MISC
cltphp -- cltphp
 
OURPHP <= 7.2.0 is vulnerable to SQL Injection.2023-04-26not yet calculatedCVE-2023-30211
MISC
cltphp -- cltphp
 
OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.2023-04-26not yet calculatedCVE-2023-30212
MISC
cltphp -- cltphp
 
CLTPHP <=6.0 is vulnerable to Directory Traversal.2023-04-26not yet calculatedCVE-2023-30265
MISC
cltphp -- cltphp
 
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type.2023-04-26not yet calculatedCVE-2023-30266
MISC
cltphp -- cltphp
 
CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php.2023-04-26not yet calculatedCVE-2023-30267
MISC
cltphp -- cltphp
 
CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php.2023-04-26not yet calculatedCVE-2023-30269
MISC
netgear -- r6900
 
Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page.2023-04-26not yet calculatedCVE-2023-30280
MISC
MISC
emlog -- pro
 
Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters.2023-04-27not yet calculatedCVE-2023-30338
MISC
Jfinal_cms -- jfinal_cms
 
JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function.2023-04-27not yet calculatedCVE-2023-30349
MISC
tencent -- vconsole
 
vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts.2023-04-26not yet calculatedCVE-2023-30363
MISC
MISC
dedecms -- dedecms
 
An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal.2023-04-27not yet calculatedCVE-2023-30380
MISC
yasm -- yasm
 
YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re.2023-04-25not yet calculatedCVE-2023-30402
MISC
aigital -- wireless-n_repeater_mini_router
 
Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request.2023-04-26not yet calculatedCVE-2023-30404
MISC
MISC
aigital -- wireless-n_repeater_mini_router
 
A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup.2023-04-28not yet calculatedCVE-2023-30405
MISC
jerryscript_project -- jerryscript
 
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c.2023-04-24not yet calculatedCVE-2023-30406
MISC
jerryscript_project -- jerryscript
 
Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry.2023-04-24not yet calculatedCVE-2023-30408
MISC
jerryscript_project -- jerryscript
 
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c.2023-04-24not yet calculatedCVE-2023-30410
MISC
jerryscript_project -- jerryscript
 
Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c.2023-04-24not yet calculatedCVE-2023-30414
MISC
pear-admin -- pear-admin-boot
 
A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message.2023-04-25not yet calculatedCVE-2023-30417
MISC
ibm -- multiple_products
 
IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188.2023-04-29not yet calculatedCVE-2023-30441
MISC
MISC
MISC
MISC
MISC
ibm -- watson_machine_learning
 
IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350.2023-04-27not yet calculatedCVE-2023-30444
MISC
ebankit -- ebankit
 
An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button.2023-04-28not yet calculatedCVE-2023-30454
MISC
MISC
ebankit -- ebankit
 
An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users.2023-04-28not yet calculatedCVE-2023-30455
MISC
MISC
sourcecodester -- medicine_tracker_system
 
A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password.2023-04-24not yet calculatedCVE-2023-30458
MISC
MISC
MISC
milesight -- multiple_products
 
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.2023-04-28not yet calculatedCVE-2023-30466
MISC
milesight -- multiple_products
 
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.2023-04-28not yet calculatedCVE-2023-30467
MISC
sheetjs -- community_edition
 
SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file.2023-04-24not yet calculatedCVE-2023-30533
MISC
MISC
kiwi -- tcms
 
Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist.2023-04-24not yet calculatedCVE-2023-30544
MISC
MISC
MISC
prestashop -- prestashop
 
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.92023-04-25not yet calculatedCVE-2023-30545
MISC
MISC
MISC
contiki-ng -- contiki-ng
 
Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425.2023-04-26not yet calculatedCVE-2023-30546
MISC
MISC
apptainer -- apptainer
 
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed.2023-04-25not yet calculatedCVE-2023-30549
MISC
MISC
MISC
MISC
MISC
MISC
MISC
matrix-org -- matrix-react-sdk
 
matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection.2023-04-25not yet calculatedCVE-2023-30609
MISC
MISC
MISC
kiwi -- tcms
 
Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading.2023-04-24not yet calculatedCVE-2023-30613
MISC
MISC
MISC
newcontext -- kitchen-terraform
 
Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-04-21not yet calculatedCVE-2023-30618
MISC
MISC
clusternet -- clusternet
 
Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue.2023-04-24not yet calculatedCVE-2023-30622
MISC
MISC
wip -- wip
 
`embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue.2023-04-24not yet calculatedCVE-2023-30623
MISC
MISC
MISC
bytecodealliance -- wasmtime
 
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critical for correctness, to be optimized away. Vulnerable versions of Wasmtime compiled with Rust 1.70, which is currently in beta, or later are known to have incorrectly compiled functions. Versions of Wasmtime compiled with the current Rust stable release, 1.69, and prior are not known at this time to have any issues, but can theoretically exhibit potential issues. The underlying problem is that Wasmtime's runtime state for an instance involves a Rust-defined structure called `Instance` which has a trailing `VMContext` structure after it. This `VMContext` structure has a runtime-defined layout that is unique per-module. This representation cannot be expressed with safe code in Rust so `unsafe` code is required to maintain this state. The code doing this, however, has methods which take `&self` as an argument but modify data in the `VMContext` part of the allocation. This means that pointers derived from `&self` are mutated. This is typically not allowed, except in the presence of `UnsafeCell`, in Rust. When compiled to LLVM these functions have `noalias readonly` parameters which means it's UB to write through the pointers. Wasmtime's internal representation and management of `VMContext` has been updated to use `&mut self` methods where appropriate. Additionally verification tools for `unsafe` code in Rust, such as `cargo miri`, are planned to be executed on the `main` branch soon to fix any Rust-level issues that may be exploited in future compiler versions. Precomplied binaries available for Wasmtime from GitHub releases have been compiled with at most LLVM 15 so are not known to be vulnerable. As mentioned above, however, it's still recommended to update. Wasmtime version 6.0.2, 7.0.1, and 8.0.1 have been issued which contain the patch necessary to work correctly on LLVM 16 and have no known UB on LLVM 15 and earlier. If Wasmtime is compiled with Rust 1.69 and prior, which use LLVM 15, then there are no known issues. There is a theoretical possibility for undefined behavior to exploited, however, so it's recommended that users upgrade to a patched version of Wasmtime. Users using beta Rust (1.70 at this time) or nightly Rust (1.71 at this time) must update to a patched version to work correctly.2023-04-27not yet calculatedCVE-2023-30624
MISC
MISC
jellyfin -- jellyfin
 
Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.2023-04-24not yet calculatedCVE-2023-30626
MISC
MISC
MISC
MISC
MISC
MISC
jellyfin -- jellyfin
 
jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds.2023-04-24not yet calculatedCVE-2023-30627
MISC
MISC
MISC
MISC
kiwi -- tcms
 
Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue.2023-04-24not yet calculatedCVE-2023-30628
MISC
MISC
MISC
MISC
MISC
vyperlang -- vyper
 
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.2023-04-24not yet calculatedCVE-2023-30629
MISC
MISC
MISC
MISC
MISC
apache -- apache_superset
 
An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.2023-04-24not yet calculatedCVE-2023-30776
MISC
MISC
meta_platforms -- lexical
 
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.2023-04-29not yet calculatedCVE-2023-30792
MISC
prestashop -- prestashop
 
PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue.2023-04-25not yet calculatedCVE-2023-30838
MISC
MISC
MISC
prestashop -- prestashop
 
PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds.2023-04-25not yet calculatedCVE-2023-30839
MISC
MISC
MISC
metal3-io -- baremetal_operator
 
Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241.2023-04-26not yet calculatedCVE-2023-30841
MISC
MISC
payloadcms -- payload
 
Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data.2023-04-26not yet calculatedCVE-2023-30843
MISC
MISC
google -- espv2
 
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ESPv2 allows malicious requests to bypass authentication if both the conditions are true: The requested HTTP method is **not** in the API service definition (OpenAPI spec or gRPC `google.api.http` proto annotations, and the specified `X-HTTP-Method-Override` is a valid HTTP method in the API service definition. ESPv2 will forward the request to your backend without checking the JWT. Attackers can craft requests with a malicious `X-HTTP-Method-Override` value that allows them to bypass specifying JWTs. Restricting API access with API keys works as intended and is not affected by this vulnerability. Upgrade deployments to release v2.43.0 or higher to receive a patch. This release ensures that JWT authentication occurs, even when the caller specifies `x-http-method-override`. `x-http-method-override` is still supported by v2.43.0+. API clients can continue sending this header to ESPv2.2023-04-26not yet calculatedCVE-2023-30845
MISC
MISC
MISC
MISC
microsoft -- typed-rest-client
 
typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds.2023-04-26not yet calculatedCVE-2023-30846
MISC
MISC
h20 -- h20
 
H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later.2023-04-27not yet calculatedCVE-2023-30847
MISC
MISC
MISC
pimcore -- pimcore
 
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually.2023-04-27not yet calculatedCVE-2023-30848
MISC
MISC
MISC
pimcore -- pimcore
 
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.2023-04-27not yet calculatedCVE-2023-30849
MISC
MISC
MISC
pimcore -- pimcore
 
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually.2023-04-27not yet calculatedCVE-2023-30850
MISC
MISC
MISC
pimcore -- pimcore
 
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual.2023-04-27not yet calculatedCVE-2023-30852
MISC
MISC
MISC
gradle -- gradle_build_action
 
Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets configured for the repository. Secrets configured for GitHub Actions are normally passed to the Gradle Build Tool via environment variables. Due to the way that the Gradle Build Tool records these environment variables, they may be persisted into an entry in the GitHub Actions cache. This data stored in the GitHub Actions cache can be read by a GitHub Actions workflow running in an untrusted context, such as that running for a Pull Request submitted by a developer via a repository fork. This vulnerability was discovered internally through code review, and we have not seen any evidence of it being exploited in the wild. However, in addition to upgrading the Gradle Build Action, affected users should delete any potentially vulnerable cache entries and may choose to rotate any potentially affected secrets. Gradle Build Action v2.4.2 and newer no longer saves this sensitive data for later use, preventing ongoing leakage of secrets via the GitHub Actions Cache. While upgrading to the latest version of the Gradle Build Action will prevent leakage of secrets going forward, additional actions may be required due to current or previous GitHub Actions Cache entries containing this information. Current cache entries will remain vulnerable until they are forcibly deleted or they expire naturally after 7 days of not being used. Potentially vulnerable entries can be easily identified in the GitHub UI by searching for a cache entry with key matching `configuration-cache-*`. The maintainers recommend that users of the Gradle Build Action inspect their list of cache entries and manually delete any that match this pattern. While maintainers have not seen any evidence of this vulnerability being exploited, they recommend cycling any repository secrets if you cannot be certain that these have not been compromised. Compromise could occur if a user runs a GitHub Actions workflow for a pull request attempting to exploit this data. Warning signs to look for in a pull request include: - Making changes to GitHub Actions workflow files in a way that may attempt to read/extract data from the Gradle User Home or `<project-root>/.gradle` directories. - Making changes to Gradle build files or other executable files that may be invoked by a GitHub Actions workflow, in a way that may attempt to read/extract information from these locations. Some workarounds to limit the impact of this vulnerability are available: - If the Gradle project does not opt-in to using the configuration cache, then it is not vulnerable. - If the Gradle project does opt-in to using the configuration-cache by default, then the `--no-configuration-cache` command-line argument can be used to disable this feature in a GitHub Actions workflow. In any case, we recommend that users carefully inspect any pull request before approving the execution of GitHub Actions workflows. It may be prudent to require approval for all PRs from external contributors.2023-04-28not yet calculatedCVE-2023-30853
MISC
MISC
wwbn -- avideo
 
AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4.2023-04-28not yet calculatedCVE-2023-30854
MISC
gitsquared -- edex-ui
 
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The project has been archived since 2021, and as of time of publication there are no plans to patch this issue and release a new version. Some workarounds are available, including shutting down eDEX-UI when browsing the web and ensuring the eDEX terminal runs with lowest possible privileges.2023-04-28not yet calculatedCVE-2023-30856
MISC
MISC
MISC
aedart -- ion
 
@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.2023-04-28not yet calculatedCVE-2023-30857
MISC
MISC
denosaurs -- emoji
 
The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions.2023-04-28not yet calculatedCVE-2023-30858
MISC
MISC
MISC
enterprisedb -- ebd_postgres_advanced_server_(epas)
 
EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0.2023-04-23not yet calculatedCVE-2023-31043
MISC
MISC
MISC
MISC
MISC
backdrop_cms -- backdrop_cms
 
** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere."2023-04-24not yet calculatedCVE-2023-31045
MISC
MISC
repetier_server -- repetier_server
 
Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.2023-04-24not yet calculatedCVE-2023-31059
MISC
MISC
repetier_server -- repetier_server
 
Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise.2023-04-24not yet calculatedCVE-2023-31060
MISC
MISC
repetier_server -- repetier_server
 
Repetier Server through 1.4.10 does not have CSRF protection.2023-04-24not yet calculatedCVE-2023-31061
MISC
MISC
linux -- kernel
 
An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).2023-04-24not yet calculatedCVE-2023-31081
MISC
linux -- kernel
 
An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.2023-04-24not yet calculatedCVE-2023-31082
MISC
linux -- kernel
 
An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.2023-04-24not yet calculatedCVE-2023-31083
MISC
linux -- kernel
 
An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.2023-04-24not yet calculatedCVE-2023-31084
MISC
linux -- kernel
 
An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.2023-04-24not yet calculatedCVE-2023-31085
MISC
dradis -- dradis
 
Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars.2023-04-25not yet calculatedCVE-2023-31223
CONFIRM
drupal -- drupal
 
The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating.2023-04-26not yet calculatedCVE-2023-31250
CONFIRM
serenity_software -- multiple_products
 
An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user.2023-04-27not yet calculatedCVE-2023-31285
MISC
serenity_software -- multiple_products
 
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist.2023-04-27not yet calculatedCVE-2023-31286
MISC
serenity_software -- multiple_products
 
An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account.2023-04-27not yet calculatedCVE-2023-31287
MISC
trust_wallet -- wallet_core
 
Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March 2023. This occurs because the mt19937 Mersenne Twister takes a single 32-bit value as an input seed, resulting in only four billion possible mnemonics. The affected versions of the browser extension are 0.0.172 through 0.0.182. To steal funds efficiently, an attacker can identify all Ethereum addresses created since the 0.0.172 release, and check whether they are Ethereum addresses that could have been created by this extension. To respond to the risk, affected users need to upgrade the product version and also move funds to a new wallet address.2023-04-27not yet calculatedCVE-2023-31290
MISC
MISC
MISC
MISC
MISC
linux -- kernel
 
qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.2023-04-28not yet calculatedCVE-2023-31436
MISC
MISC
MISC
talend -- talend_studio
 
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.2023-04-28not yet calculatedCVE-2023-31444
MISC
MISC
smartdns -- smartdns
 
SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.2023-04-28not yet calculatedCVE-2023-31470
MISC
MISC
cauldron_development -- cbang
 
tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive.2023-04-28not yet calculatedCVE-2023-31483
MISC
MISC
http_tiny -- http_tiny
 
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.2023-04-29not yet calculatedCVE-2023-31484
MISC
MISC
MISC
MISC
MLIST
gitlab -- gitlab
 
GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.2023-04-29not yet calculatedCVE-2023-31485
MISC
MISC
MISC
MISC
MLIST
http_tiny -- http_tiny
 
HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.2023-04-29not yet calculatedCVE-2023-31486
MISC
MISC
MISC
MISC
MLIST

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.