U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Summary for the Week of May 8, 2023

Released
May 15, 2023
Document ID
SB23-135

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
scanservjs_project -- scanservjsOS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.2023-05-0710CVE-2023-2564MISCCONFIRM
jsreport -- jsreportCode Injection in GitHub repository jsreport/jsreport prior to 3.11.3.2023-05-0810CVE-2023-2583MISCCONFIRM
siemens -- scalance_lpe9403A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user.2023-05-099.9CVE-2023-27407MISC
siemens -- multiple_productsA vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.2023-05-099.9CVE-2023-30898MISC
siemens -- multiple_productsA vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system.2023-05-099.9CVE-2023-30899MISC
php-login_project -- php-loginA vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability.2023-05-069.8CVE-2016-15031MISCMISCMISCMISC
victor_cms_project -- victor_cmsSQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request.2023-05-089.8CVE-2020-23966MISCMISC
coinmarketstats -- bitcoin_\/_altcoin_payment_gateway_for_woocommerceThe Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users2023-05-089.8CVE-2022-4118MISC
quantumcloud -- ai_chatbotThe AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog2023-05-089.8CVE-2023-1650MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22779MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22780MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22781MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22782MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22783MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22784MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22785MISC
hp -- instantosThere are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-05-089.8CVE-2023-22786MISC
apple -- iphone_osThis was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper2023-05-089.8CVE-2023-23526MISCMISC
microsoft -- multiple_productsWindows Network File System Remote Code Execution Vulnerability2023-05-099.8CVE-2023-24941MISC
microsoft -- multiple_productsWindows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability2023-05-099.8CVE-2023-24943MISC
azuracast -- azuracastImproper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3.2023-05-059.8CVE-2023-2531CONFIRMMISC
apache -- airflowPrivilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.2023-05-089.8CVE-2023-25754MISCMISCMISC
online_tours_\&_travels_management_system_project -- online_tours_\&_travels_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprove_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228549 was assigned to this vulnerability.2023-05-109.8CVE-2023-2619MISCMISCMISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory2023-05-089.8CVE-2023-27953MISCMISCMISC
h3c -- gr-1200w_firmwareH3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad.2023-05-089.8CVE-2023-29693MISC
h3c -- gr-1200w_firmwareH3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set.2023-05-089.8CVE-2023-29696MISC
metersphere -- metersphereMetersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench2023-05-089.8CVE-2023-29944MISCMISC
totolink -- x5000r_firmwareTOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter.2023-05-059.8CVE-2023-30013MISC
judging_management_system_project -- judging_management_systemJudging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=.2023-05-089.8CVE-2023-30018MISC
totolink -- a7100ru_firmwareTOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection.2023-05-059.8CVE-2023-30053MISC
totolink -- a7100ru_firmwareTOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload.2023-05-059.8CVE-2023-30054MISC
sem-cms -- semcmsSemcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.2023-05-059.8CVE-2023-30090MISC
online_pizza_ordering_system_project -- online_pizza_ordering_systemSourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter.2023-05-089.8CVE-2023-30092MISCMISC
online_food_ordering_system_project -- online_food_ordering_systemAn arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.2023-05-059.8CVE-2023-30122MISC
tenda -- ac18_firmwareTenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function.2023-05-059.8CVE-2023-30135MISC
crmeb -- crmebCRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \attachment\SystemAttachmentServices.php.2023-05-089.8CVE-2023-30185MISCMISCMISC
netentsec -- application_security_gatewayNS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php.2023-05-059.8CVE-2023-30242MISCMISCMISC
apache -- brpcSecurity vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.
An attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.

Solution:
1. upgrade to bRPC >= 1.5.0, download link:  https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/
2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch:  https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218

2023-05-089.8CVE-2023-31039MISCMISC
tortall -- yasmyasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c.2023-05-099.8CVE-2023-31975MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory2023-05-089.1CVE-2023-27958MISCMISCMISC
clanscripts_project -- clanscriptsCross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5.2023-05-088.8CVE-2020-18131MISCMISC
mingsoft -- mcmsFile upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943.2023-05-088.8CVE-2020-22755MISCMISC
flycms_project -- flycmsCross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save.2023-05-088.8CVE-2020-36065MISCMISC
apache -- rangerAuthenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.2023-05-058.8CVE-2022-45048MISC
sloth_logo_customizer_project -- sloth_logo_customizerThe Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack2023-05-088.8CVE-2023-0603MISC
avirato -- hotels_online_booking_engineThe Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks.2023-05-088.8CVE-2023-0768MISC
monicahq -- monicaMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.2023-05-088.8CVE-2023-1094MISCMISC
arubanetworks -- arubaosMultiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.2023-05-088.8CVE-2023-22788MISC
arubanetworks -- arubaosMultiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.2023-05-088.8CVE-2023-22789MISC
arubanetworks -- arubaosMultiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.2023-05-088.8CVE-2023-22790MISC
apple -- iphone_osThis issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to break out of its sandbox2023-05-088.8CVE-2023-23532MISCMISC
microsoft -- multiple_productsWindows Bluetooth Driver Remote Code Execution Vulnerability2023-05-098.8CVE-2023-24947MISC
bumsys_project -- bumsysPHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.2023-05-058.8CVE-2023-2551MISCCONFIRM
bumsys_project -- bumsysCross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1.2023-05-058.8CVE-2023-2552CONFIRMMISC
advantech -- eki-1521_firmwareAdvantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.2023-05-088.8CVE-2023-2573MISCMISCMISCMISCMISCMISC
advantech -- eki-1521_firmwareAdvantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.2023-05-088.8CVE-2023-2574MISCMISCMISCMISCMISCMISC
advantech -- eki-1521_firmwareAdvantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request.2023-05-088.8CVE-2023-2575MISCMISCMISCMISCMISCMISC
apple -- macosA memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution2023-05-088.8CVE-2023-27934MISC
apple -- macosThe issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution2023-05-088.8CVE-2023-27935MISCMISCMISC
mitrastar -- gpt-2741gnac-n2_firmwareMitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function.2023-05-058.8CVE-2023-30065MISC
apple -- macosThis issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox2023-05-088.6CVE-2023-27944MISCMISCMISC
apple -- xcodeThe issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges2023-05-088.6CVE-2023-27967MISC
apache -- rangerAn Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled
This issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.
2023-05-058.1CVE-2021-40331MISC
microsoft -- multiple_productsWindows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability2023-05-098.1CVE-2023-24903MISC
microsoft -- multiple_productsWindows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability2023-05-098.1CVE-2023-28283MISC
microsoft -- multiple_productsWindows OLE Remote Code Execution Vulnerability2023-05-098.1CVE-2023-29325MISC
mblog_project -- mblogOS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected.2023-05-087.8CVE-2021-27280MISCMISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48243MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48244MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48245MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48246MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48247MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48248MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48249MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48250MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48368MISC
google -- androidIn audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48369MISC
google -- android.In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48383MISC
google -- androidIn srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-097.8CVE-2022-48384MISC
apple -- iphone_osThis issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to gain root privileges2023-05-087.8CVE-2023-23525MISCMISCCONFIRM
apple -- macosThe issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-087.8CVE-2023-23536MISCMISCMISCCONFIRM
microsoft -- multiple_productsWin32k Elevation of Privilege Vulnerability2023-05-097.8CVE-2023-24902MISC
microsoft -- multiple_productsRemote Desktop Client Remote Code Execution Vulnerability2023-05-097.8CVE-2023-24905MISC
microsoft -- multiple_productsWindows Backup Service Elevation of Privilege Vulnerability2023-05-097.8CVE-2023-24946MISC
microsoft -- multiple_productsWindows Kernel Elevation of Privilege Vulnerability2023-05-097.8CVE-2023-24949MISC
microsoft -- multiple_productsMicrosoft Excel Remote Code Execution Vulnerability2023-05-097.8CVE-2023-24953MISC
vim -- vimInteger Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.2023-05-097.8CVE-2023-2610MISCCONFIRM
apple -- macosAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory2023-05-087.8CVE-2023-27936MISCMISCMISCMISC
apple -- macosAn integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution2023-05-087.8CVE-2023-27937MISCMISCMISCMISCMISCMISC
apple -- macosAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution2023-05-087.8CVE-2023-27938MISC
apple -- macosAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution2023-05-087.8CVE-2023-27946MISCMISCMISCMISC
apple -- macosAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution2023-05-087.8CVE-2023-27949MISCMISCMISC
apple -- macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution2023-05-087.8CVE-2023-27957MISC
apple -- iphone_osThe issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-087.8CVE-2023-27959MISC
dell -- command_\|_monitorDell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path2023-05-057.8CVE-2023-28068MISC
apple -- iphone_osThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-087.8CVE-2023-28181MISCMISCMISCMISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29273MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29274MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29275MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29276MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29278MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29280MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29281MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29282MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29283MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29284MISC
adobe – substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-117.8CVE-2023-29285MISC
microsoft -- multiple_productsWin32k Elevation of Privilege Vulnerability2023-05-097.8CVE-2023-29336MISC
microsoft -- av1_video_extensionAV1 Video Extension Remote Code Execution Vulnerability2023-05-097.8CVE-2023-29340MISC
microsoft -- av1_video_extensionAV1 Video Extension Remote Code Execution Vulnerability2023-05-097.8CVE-2023-29341MISC
microsoft -- windows_sysmonSysInternals Sysmon for Windows Elevation of Privilege Vulnerability2023-05-097.8CVE-2023-29343MISC
siemens -- solid_edge_se2023A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)2023-05-097.8CVE-2023-30986MISC
tortall -- yasmyasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c.2023-05-097.8CVE-2023-31972MISC
tortall -- yasmyasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c.2023-05-097.8CVE-2023-31973MISC
tortall -- yasmyasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c.2023-05-097.8CVE-2023-31974MISC
ibm -- qradar_data_synchronizationIBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370.2023-05-067.5CVE-2022-22313MISCMISC
arubanetworks -- arubaosAn unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point.2023-05-087.5CVE-2023-22787MISC
microsoft -- windows_server_2022Windows SMB Denial of Service Vulnerability2023-05-097.5CVE-2023-24898MISC
microsoft -- multiple_productsWindows NFS Portmapper Information Disclosure Vulnerability2023-05-097.5CVE-2023-24901MISC
microsoft -- multiple_productsServer for NFS Denial of Service Vulnerability2023-05-097.5CVE-2023-24939MISC
microsoft -- multiple_productsWindows Pragmatic General Multicast (PGM) Denial of Service Vulnerability2023-05-097.5CVE-2023-24940MISC
microsoft -- multiple_productsRemote Procedure Call Runtime Denial of Service Vulnerability2023-05-097.5CVE-2023-24942MISC
ibm -- mq_applianceIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418.2023-05-057.5CVE-2023-26285MISCMISC
microsoft -- multiple_productsMicrosoft Word Security Feature Bypass Vulnerability2023-05-097.5CVE-2023-29335MISC
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-05-057.5CVE-2023-29350MISC
netentsec -- application_security_gatewayBeijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information.2023-05-057.5CVE-2023-30243MISCMISC
linuxfoundation -- rekorRekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds.2023-05-087.5CVE-2023-30551MISCMISCMISC
pimcore -- pimcorePimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually.2023-05-087.5CVE-2023-30855MISCMISCMISC
wjjsoft -- innokbWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal2023-05-087.5CVE-2023-31181MISC
ghost -- ghostGhost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.2023-05-057.5CVE-2023-32235MISCMISC
vk.company -- mymailThe myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server.2023-05-077.5CVE-2023-32290MISCMISCMISC
microsoft -- multiple_productsWindows Bluetooth Driver Elevation of Privilege Vulnerability2023-05-097.4CVE-2023-24948MISC
cmsmadesimple -- cms_made_simpleFile upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file.2023-05-087.2CVE-2021-28998MISCMISC
fastlinemedia -- customizer_export\/importThe Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present2023-05-087.2CVE-2023-1347MISC
basixonline -- nex-formsThe NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query.2023-05-087.2CVE-2023-2114MISCMISC
microsoft -- multiple_productsMicrosoft SharePoint Server Remote Code Execution Vulnerability2023-05-097.2CVE-2023-24955MISC
bumsys_project -- bumsysExternal Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.2023-05-057.2CVE-2023-2554CONFIRMMISC
sap -- businessobjects_business_intelligenceSAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.2023-05-097.2CVE-2023-28762MISCMISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.2023-05-097.2CVE-2023-28832MISC
s-cms -- s-cmsS-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.2023-05-057.2CVE-2023-29963MISC
microsoft -- windows_server_2008Windows Installer Elevation of Privilege Vulnerability2023-05-097.1CVE-2023-24904MISC
apple -- macosA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory2023-05-087.1CVE-2023-27968MISC
microsoft -- windows_server_2008Windows Graphics Component Elevation of Privilege Vulnerability2023-05-097CVE-2023-24899MISC

Back to top

 

Medium Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
esri -- portal_for_arcgisThere is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. 2023-05-096.8CVE-2023-25832MISCMISC
microsoft -- multiple_productsSecure Boot Security Feature Bypass Vulnerability2023-05-096.7CVE-2023-24932MISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges2023-05-086.7CVE-2023-27933MISCMISCMISCMISCMISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability.2023-05-056.7CVE-2023-32269MISCMISC
beescms -- beescmsCross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php.2023-05-086.5CVE-2020-22334MISCMISC
ibm -- mq_applianceIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354.2023-05-056.5CVE-2022-43919MISCMISC
enable\/disable_auto_login_when_register_project -- enable\/disable_auto_login_when_registerThe Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2023-05-086.5CVE-2023-0522MISC
google -- web_storiesThe Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit  ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d682023-05-086.5CVE-2023-1979MISCMISC
apple -- iphone_osAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory2023-05-086.5CVE-2023-23528MISCMISC
microsoft -- multiple_productsWindows Bluetooth Driver Information Disclosure Vulnerability2023-05-096.5CVE-2023-24944MISC
microsoft -- sharepointMicrosoft SharePoint Server Spoofing Vulnerability2023-05-096.5CVE-2023-24950MISC
microsoft -- sharepointMicrosoft SharePoint Server Information Disclosure Vulnerability2023-05-096.5CVE-2023-24954MISC
apple -- macosThe issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information2023-05-086.5CVE-2023-27954MISCMISCMISCMISCMISCMISCMLIST
apple -- macosA denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service2023-05-086.5CVE-2023-28180MISC
microsoft -- multiple_productsWindows MSHTML Platform Security Feature Bypass Vulnerability2023-05-096.5CVE-2023-29324MISC
struktur -- libheifA Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.2023-05-056.5CVE-2023-29659MISCFEDORAFEDORA
apple -- xcodeThis issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logs2023-05-086.3CVE-2023-27945MISC
external_media_without_import_project -- external_media_without_importA vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability.2023-05-056.1CVE-2017-20183MISCMISCMISCMISC
5none -- nonecmsCross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.2023-05-086.1CVE-2020-18282MISCMISC
ipandao -- editor.mdCross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.2023-05-086.1CVE-2020-19660MISCMISC
typecho -- typechoOpen redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php.2023-05-086.1CVE-2020-21038MISCMISC
squirrly -- seo_pluginUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions.2023-05-086.1CVE-2022-45065MISC
i13websolution -- easy_testimonial_slider_and_formUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions.2023-05-086.1CVE-2022-46799MISC
jazzcash -- woocommerce_jazzcash_gatewayUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions.2023-05-096.1CVE-2022-46822MISC
product_specifications_for_woocommerce_project -- product_specifications_for_woocommerceUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions.2023-05-096.1CVE-2022-46858MISC
woocommerce_custom_checkout_fields_editor_with_drag_\&_drop_project -- woocommerce_custom_checkout_fields_editor_with_drag_\&_dropUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions.2023-05-096.1CVE-2022-46864MISC
rocketapps -- open_graphiteUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions.2023-05-086.1CVE-2022-47439MISC
artisanworkshop -- japanized_for_woocommerceThe Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting2023-05-086.1CVE-2023-0948MISC
quantumcloud -- ai_chatbotThe AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them.2023-05-086.1CVE-2023-1011MISC
quantumcloud -- ai_chatbotThe AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard2023-05-086.1CVE-2023-1660MISC
wpinventory -- wp_inventory_managerThe WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators.2023-05-086.1CVE-2023-1806MISC
return_and_warranty_management_system_for_woocommerce_project -- return_and_warranty_management_system_for_woocommerceUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions.2023-05-086.1CVE-2023-22710MISC
newbinggogo_project -- newbinggogoA vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167.2023-05-066.1CVE-2023-2560MISCMISCMISC
multi_language_hotel_management_software_project -- multi_language_hotel_management_softwareA vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172.2023-05-076.1CVE-2023-2565MISCMISCMISC
esri -- portal_for_arcgisThere is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.2023-05-096.1CVE-2023-25829MISCMISC
esri -- portal_for_arcgisThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2023-05-096.1CVE-2023-25830MISCMISC
esri -- portal_for_arcgisThere is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.2023-05-096.1CVE-2023-25831MISCMISC
wjjsoft -- innokbWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.2023-05-086.1CVE-2023-31180MISC
cybonet -- pineapp_mail_secureCybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.2023-05-086.1CVE-2023-31183MISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.2023-05-096.1CVE-2023-31801MISCMISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web-based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to.2023-05-096CVE-2023-29104MISC
microsoft--- multiple_productsWindows NTLM Security Support Provider Information Disclosure Vulnerability2023-05-095.9CVE-2023-24900MISC
sap -- businessobjectsSAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.2023-05-095.9CVE-2023-28764MISCMISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS).2023-05-095.9CVE-2023-29105MISC
ibm -- cloud_pak_systemIBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290.2023-05-055.5CVE-2020-4914MISCMISC
google -- androidIn bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed.2023-05-095.5CVE-2022-38685MISC
ibm -- cognos_command_centerIBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179.2023-05-055.5CVE-2022-38707MISCMISC
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148.2023-05-065.5CVE-2022-43877MISCMISC
google -- androidIn modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-44419MISC
google -- androidIn modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-44420MISC
google -- androidIn soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-47490MISC
google -- androidIn soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-47492MISC
google -- androidIn soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-47493MISC
google -- androidIn soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48231MISC
google -- androidIn FM service, there is a possible missing params check. This could lead to local denial of service in FM service.2023-05-095.5CVE-2022-48232MISC
google -- androidIn FM service, there is a possible missing params check. This could lead to local denial of service in FM service.2023-05-095.5CVE-2022-48233MISC
google -- androidIn FM service, there is a possible missing params check. This could lead to local denial of service in FM service.2023-05-095.5CVE-2022-48234MISC
google -- androidIn telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48241MISC
google -- androidIn telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.2023-05-095.5CVE-2022-48242MISC
google -- androidIn dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.2023-05-095.5CVE-2022-48370MISC
google -- androidIn dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges.2023-05-095.5CVE-2022-48371MISC
google -- androidIn contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48375MISC
google -- androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48376MISC
google -- androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48377MISC
google -- androidIn engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48378MISC
google -- androidIn dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges.2023-05-095.5CVE-2022-48379MISC
ibm -- mq_applianceIBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216.2023-05-055.5CVE-2023-22874MISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. A user may gain access to protected parts of the file system2023-05-085.5CVE-2023-23527MISCMISCMISCMISCMISCMISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system2023-05-085.5CVE-2023-23533MISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory2023-05-085.5CVE-2023-23534MISCMISC
apple -- macosThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory2023-05-085.5CVE-2023-23535MISCMISCMISCMISCMISCMISC
apple -- macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information2023-05-085.5CVE-2023-23537MISCMISCMISCMISCMISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system2023-05-085.5CVE-2023-23538MISCMISC
microsoft--- multiple_productsWindows iSCSI Target Service Information Disclosure Vulnerability2023-05-095.5CVE-2023-24945MISC
apple -- iphone_osAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory2023-05-085.5CVE-2023-27929MISCMISCMISCMISC
apple -- iphone_osThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data2023-05-085.5CVE-2023-27931MISCMISCMISCMISCCONFIRMCONFIRM
apple -- iphone_osThis issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy2023-05-085.5CVE-2023-27932MISCMISCMISCMISCMISCMLIST
apple -- macosA validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory2023-05-085.5CVE-2023-27941MISCMISCCONFIRM
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data2023-05-085.5CVE-2023-27942MISCMISCMISCMISCMISCCONFIRM
apple -- iphone_osThis issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied2023-05-085.5CVE-2023-27943MISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper2023-05-085.5CVE-2023-27951MISCMISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to read arbitrary files2023-05-085.5CVE-2023-27955MISCMISCMISCMISC
apple -- macosMultiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information2023-05-085.5CVE-2023-27961MISCMISCMISCMISCMISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive information2023-05-085.5CVE-2023-28189MISCCONFIRM
apple -- macosA privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data2023-05-085.5CVE-2023-28190MISC
apple -- macosA permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information2023-05-085.5CVE-2023-28192MISCMISCMISC
apple -- macosA validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory2023-05-085.5CVE-2023-28200MISCMISCMISCMISC
microsoft--- multiple_productsWindows Driver Revocation List Security Feature Bypass Vulnerability2023-05-095.5CVE-2023-28251MISC
adobe -- substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-115.5CVE-2023-29277MISC
adobe -- substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-115.5CVE-2023-29279MISC
adobe -- substance_3d_painterAdobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-05-115.5CVE-2023-29286MISC
llvm -- llvmllvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.2023-05-055.5CVE-2023-29932MISC
llvm -- llvmllvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument.2023-05-055.5CVE-2023-29933MISC
llvm -- llvmllvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect().2023-05-055.5CVE-2023-29934MISC
llvm -- llvmllvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced.2023-05-055.5CVE-2023-29935MISC
llvm -- llvmllvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr).2023-05-055.5CVE-2023-29939MISC
llvm -- llvmllvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp.2023-05-055.5CVE-2023-29941MISC
llvm -- llvmllvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType.2023-05-055.5CVE-2023-29942MISC
ibm -- spectrum_scaleIBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187.2023-05-055.5CVE-2023-30434MISCMISCMISC
rymera -- wholesale_suiteAuth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions.2023-05-095.4CVE-2022-41640MISC
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.2023-05-055.4CVE-2022-43866MISCMISC
exxp_project -- exxpAuth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions.2023-05-085.4CVE-2022-45812MISC
pixelgrade -- pixfieldsAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.2023-05-095.4CVE-2022-46844MISC
topdigitaltrends -- ultimate_carousel_for_wpbakery_page_builderThe Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-085.4CVE-2023-0267MISC
topdigitaltrends -- mega_addons_for_wpbakery_page_builderThe Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-085.4CVE-2023-0268MISC
topdigitaltrends -- ultimate_carousel_for_elementorThe Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-085.4CVE-2023-0280MISC
quantumcloud -- ai_chatbotThe AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS2023-05-085.4CVE-2023-1651MISC
timersys -- wp_popupsThe WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-240032023-05-085.4CVE-2023-1905MISC
convertbox -- convertbox_auto_embedAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions.2023-05-095.4CVE-2023-23664MISC
givewp -- givewpAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions.2023-05-085.4CVE-2023-23668MISC
vertical_scroll_recent_post_project -- vertical_scroll_recent_postAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions.2023-05-095.4CVE-2023-23862MISC
surbma -- gdpr_proof_cookie_consent_\&_notice_barAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions.2023-05-085.4CVE-2023-23894MISC
hu-manity -- cookie_notice_\&_compliance_for_gdpr_\/_ccpaAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions.2023-05-075.4CVE-2023-24400MISC
lightspeedhq -- ecwid_ecommerce_shopping_cartAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions.2023-05-085.4CVE-2023-24408MISC
teampass -- teampassCross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7.2023-05-055.4CVE-2023-2516MISCCONFIRM
bumsys_project -- bumsysCross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0.2023-05-055.4CVE-2023-2553CONFIRMMISC
teampass -- teampassImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitHub repository nilsteampassnet/teampass prior to 3.0.7.2023-05-095.4CVE-2023-2591CONFIRMMISC
pimcore -- pimcoreCross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21.2023-05-105.4CVE-2023-2616MISCCONFIRM
machothemes -- newsmagAuth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions.2023-05-085.4CVE-2023-28493MISC
sap -- customer_relationship_management_webclient_uiSAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.2023-05-095.4CVE-2023-29188MISCMISC
apache -- airflowTask instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.2023-05-085.4CVE-2023-29247MISCMISCMISC
monicahq -- monicaMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter.2023-05-085.4CVE-2023-30787MISCMISC
monicahq -- monicaMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter.2023-05-085.4CVE-2023-30788MISCMISC
monicahq -- monicaMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter.2023-05-085.4CVE-2023-30789MISCMISC
monicahq -- monicaMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter.2023-05-085.4CVE-2023-30790MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.2023-05-095.4CVE-2023-31800MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.2023-05-095.4CVE-2023-31802MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters.2023-05-095.4CVE-2023-31804MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.2023-05-095.4CVE-2023-31806MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.2023-05-095.4CVE-2023-31807MISCMISC
apple -- iphone_osA buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service2023-05-085.3CVE-2023-23494MISC
microsoft -- remote_desktopMicrosoft Remote Desktop app for Windows Information Disclosure Vulnerability2023-05-095.3CVE-2023-28290MISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint.2023-05-095.3CVE-2023-29106MISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources.2023-05-095.3CVE-2023-29107MISC
microsoft -- visual_studio_codeVisual Studio Code Information Disclosure Vulnerability2023-05-095CVE-2023-29338MISC
mipcms -- mipcmsCross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.2023-05-084.8CVE-2020-18132MISCMISC
wsb_brands_project -- wsb_brandsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions.2023-05-084.8CVE-2022-47437MISC
wp_login_box_project -- wp_login_boxThe WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-084.8CVE-2023-0544MISC
byconsole -- pickup_\|_delivery_\|_dine-in_date_timeThe Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-084.8CVE-2023-0894MISC
quantumcloud -- ai_chatbotThe AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-084.8CVE-2023-1649MISC
arubanetworks -- arubaosA vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker.2023-05-084.8CVE-2023-22791MISC
disqus_conditional_load_project -- disqus_conditional_loadAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions.2023-05-094.8CVE-2023-23732MISC
lazy_social_comments_project -- lazy_social_commentsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions.2023-05-094.8CVE-2023-23733MISC
userlike -- userlikeAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions.2023-05-094.8CVE-2023-23734MISC
8web -- read_more_without_refreshAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions.2023-05-094.8CVE-2023-23793MISC
blackandwhitedigital -- treepressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions.2023-05-094.8CVE-2023-23863MISC
wp_content_filter_-_censor_all_offensive_content_from_your_site_project -- wp_content_filter_-_censor_all_offensive_content_from_your_siteAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions.2023-05-094.8CVE-2023-23883MISC
kanbanwp -- kanban_boards_for_wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.2023-05-094.8CVE-2023-23884MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-05-054.8CVE-2023-2427MISCCONFIRM
usbmemorydirect -- simple_custom_author_profilesAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions.2023-05-094.8CVE-2023-24372MISC
wp_simple_events_project -- wp_simple_eventsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions.2023-05-084.8CVE-2023-24376MISC
fareharbor -- fareharborAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions.2023-05-084.8CVE-2023-25021MISC
te-st -- yandex.news_feed_by_teplitsaAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions.2023-05-084.8CVE-2023-25052MISC
cms_press_project -- cms_pressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions.2023-05-084.8CVE-2023-25452MISC
jch_optimize_project -- jch_optimizeAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions.2023-05-064.8CVE-2023-25491MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13.2023-05-054.8CVE-2023-2550MISCCONFIRM
open-emr -- openemrCross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.2023-05-084.8CVE-2023-2566MISCCONFIRM
plugin-planet -- dashboard_widget_suiteAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions.2023-05-064.8CVE-2023-26517MISC
publish_to_schedule_project -- publish_to_scheduleAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions.2023-05-064.8CVE-2023-26519MISC
easy_event_calendar_project -- easy_event_calendarAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions.2023-05-084.8CVE-2023-28169MISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter.2023-05-094.8CVE-2023-31799MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.2023-05-094.8CVE-2023-31803MISCMISC
chamilo -- chamilo_lmsCross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.2023-05-094.8CVE-2023-31805MISCMISC
apple -- macosA race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks2023-05-084.7CVE-2023-27952MISC
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-05-054.7CVE-2023-29354MISC
esri -- portal_arcgisChanges to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.2023-05-094.6CVE-2023-25834MISCMISC
google -- androidIn mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-39089MISC
google -- androidIn phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-47334MISC
google -- androidIn MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48235MISC
google -- androidIn MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48236MISC
google -- androidIn Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48237MISC
google -- androidIn Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48238MISC
google -- androidIn camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48239MISC
google -- androidIn camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48240MISC
google -- androidIn bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48372MISC
google -- androidIn tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48373MISC
google -- androidIn tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48374MISC
google -- androidIn modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48380MISC
google -- androidIn modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48381MISC
google -- androidIn log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-094.4CVE-2022-48382MISC
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data.2023-05-094.3CVE-2023-29103MISC
esri -- portal_for_arcgisThere is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser (no stateful change made or customer data rendered).2023-05-104.1CVE-2023-25833MISCMISC

Back to top

 

Low Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
siemens -- simatic_cloud_connect_7A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web-based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`.2023-05-093.8CVE-2023-29128MISC
answer -- answerMissing Authorization in GitHub repository answerdev/answer prior to 1.0.9.2023-05-093.5CVE-2023-2590CONFIRMMISC
apple -- iphone_osA logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup2023-05-083.3CVE-2023-23523MISCMISC
siemens -- scalance_lp9403A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects.2023-05-093.3CVE-2023-27408MISC
microsoft -- multiple_productsMicrosoft Access Denial of Service Vulnerability2023-05-093.3CVE-2023-29333MISC
siemens -- solid_edge_se2023A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)2023-05-093.3CVE-2023-30985MISC
siemens -- scalance_lp9403A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service.2023-05-092.7CVE-2023-27410MISC
siemens -- scalance_lp9403A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`.2023-05-092.5CVE-2023-27409MISC

Back to top

 

Severity Not Yet Assigned

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
loadbalancer -- enterprise_va_maxThe web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.2023-05-12not yet calculatedCVE-2020-13377MISCMISC
loadbalancer -- enterprise_va_maxLoadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.2023-05-12not yet calculatedCVE-2020-13378MISCMISC
phodal -- cmdCross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function.2023-05-09not yet calculatedCVE-2020-18280MISC
shop_cms -- yershopInsecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter.2023-05-09not yet calculatedCVE-2020-23362MISC
verytops -- verydowsCross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script.2023-05-09not yet calculatedCVE-2020-23363MISC
amd -- multiple_productsInsufficient bounds checking in ASP may allow an
attacker to issue a system call from a compromised ABL which may cause arbitrary memory values to be initialized to zero, potentially leading to a loss of integrity.
2023-05-09not yet calculatedCVE-2021-26354MISCMISC
amd -- multiple_productsA TOCTOU in ASP bootloader may allow an attacker to tamper with the SPI ROM following data read to memory potentially resulting in S3 data corruption and information disclosure.2023-05-09not yet calculatedCVE-2021-26356MISCMISC
amd -- multiple_productsCertain size values in firmware binary headers
could trigger out of bounds reads during signature validation, leading to denial of service or potentially limited leakage of information about out-of-bounds memory contents.
2023-05-09not yet calculatedCVE-2021-26365MISC
amd -- multiple_productsA compromised or malicious ABL or UApp could
send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure.
2023-05-09not yet calculatedCVE-2021-26371MISCMISC
amd -- multiple_productsInsufficient input validation of mailbox data in the
SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
2023-05-09not yet calculatedCVE-2021-26379MISC
amd -- 3rd_gen_amd_epycInsufficient address validation, may allow an
attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability.
2023-05-09not yet calculatedCVE-2021-26397MISC
amd -- multiple_productsInsufficient validation in parsing Owner's
Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service.
2023-05-09not yet calculatedCVE-2021-26406MISCMISC
cms -- made_simpleSQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php.2023-05-08not yet calculatedCVE-2021-28999MISCMISC
sqlite -- sqlite3An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function.2023-05-09not yet calculatedCVE-2021-31239MISCMISCMISC
libming -- libmingAn issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file.2023-05-09not yet calculatedCVE-2021-31240MISC
trippo -- responsivefilemanagerCross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file.2023-05-09not yet calculatedCVE-2021-31711MISC
phpok -- phpokFile Upload vulnerability in PHPOK 5.7.140 allows remote attackers to run arbitrary code and gain escalated privileges via crafted zip file upload.2023-05-11not yet calculatedCVE-2021-34076MISC
ibm -- cognos_analyticsIBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213966.2023-05-12not yet calculatedCVE-2021-39036MISCMISC
electronics_and_telecommunications_research_institute -- shieldstoreA buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system.2023-05-09not yet calculatedCVE-2021-44283MISCMISCMISCMISC
en3rgy -- webcamserverBuffer Overflow vulnerability found in En3rgy WebcamServer v.0.5.2 allows a remote attacker to cause a denial of service via the WebcamServer.exe file.2023-05-10not yet calculatedCVE-2021-45345MISCMISCMISC
amd – multiple_productsInsufficient bounds checking in ASP (AMD Secure
Processor) may allow for an out of bounds read in SMI (System Management Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
2023-05-09not yet calculatedCVE-2021-46749MISC
amd – multiple_productsFailure to validate the length fields of the ASP
(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity.
2023-05-09not yet calculatedCVE-2021-46753MISC
amd – multiple_productsInsufficient input validation in the ASP (AMD
Secure Processor) bootloader may allow an attacker with a compromised Uapp or ABL to coerce the bootloader into exposing sensitive information to the SMU (System Management Unit) resulting in a potential loss of confidentiality and integrity.
2023-05-09not yet calculatedCVE-2021-46754MISC
amd – multiple_productsFailure to unmap certain SysHub mappings in
error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service.
2023-05-09not yet calculatedCVE-2021-46755MISC
amd – multiple_productsInsufficient validation of inputs in
SVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious Uapp or ABL to send malformed or invalid syscall to the bootloader resulting in a potential denial of service and loss of integrity.
2023-05-09not yet calculatedCVE-2021-46756MISCMISC
amd – multiple_productsImproper syscall input validation in AMD TEE
(Trusted Execution Environment) may allow an attacker with physical access and control of a Uapp that runs under the bootloader to reveal the contents of the ASP (AMD Secure Processor) bootloader accessible memory to a serial port,
resulting in a potential loss of integrity.
2023-05-09not yet calculatedCVE-2021-46759MISC
amd – multiple_productsA malicious or compromised UApp or ABL can send a malformed system call to the bootloader, which may result in an out-of-bounds memory access that may potentially lead to an attacker leaking sensitive information or achieving code execution.2023-05-09not yet calculatedCVE-2021-46760MISC
amd – multiple_productsInsufficient input validation in the SMU may allow an attacker to corrupt SMU SRAM potentially leading to a loss of integrity or denial of service.2023-05-09not yet calculatedCVE-2021-46762MISC
amd – multiple_productsInsufficient input validation in the SMU may enable a privileged attacker to write beyond the intended bounds of a shared memory buffer potentially leading to a loss of integrity.2023-05-09not yet calculatedCVE-2021-46763MISC
amd – multiple_productsImproper validation of DRAM addresses in SMU may allow an attacker to overwrite sensitive memory locations within the ASP potentially resulting in a denial of service.2023-05-09not yet calculatedCVE-2021-46764MISC
amd – multiple_productsInsufficient input validation in ASP may allow an attacker with a compromised SMM to induce out-of-bounds memory reads within
the ASP, potentially leading to a denial of service.
2023-05-09not yet calculatedCVE-2021-46765MISC
amd – multiple_productsInsufficient syscall input validation in the ASP
Bootloader may allow a privileged attacker to execute arbitrary DMA copies, which can lead to code execution.
2023-05-09not yet calculatedCVE-2021-46769MISC
amd – multiple_productsInsufficient input validation in ABL may enable a privileged attacker to corrupt ASP memory, potentially resulting in a loss of
integrity or code execution.
2023-05-09not yet calculatedCVE-2021-46773MISC
amd – multiple_productsImproper input validation in ABL may enable an attacker with physical access, to perform arbitrary memory overwrites,
potentially leading to a loss of integrity and code execution.
2023-05-09not yet calculatedCVE-2021-46775MISC
amd – multiple_productsTime-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.2023-05-09not yet calculatedCVE-2021-46792MISC
amd – multiple_productsInsufficient bounds checking in ASP (AMD Secure Processor) may allow for an out of bounds read in SMI (System Management
Interface) mailbox checksum calculation triggering a data abort, resulting in a potential denial of service.
2023-05-09not yet calculatedCVE-2021-46794MISC
intel -- hdmi_firmware_update_toolUncontrolled search path for the Intel(R) HDMI Firmware Update tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-21162MISC
intel -- qat_driver_windowsOut-of-bounds read in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-21239MISC
intel -- qat_driver_windowsOut-of-bounds write in software for the Intel QAT Driver for Windows before version 1.9.0-0008 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-21804MISC
amd -- 3rd_gen_amd_epycInsufficient input validation on the model specific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest memory integrity.2023-05-09not yet calculatedCVE-2022-23818MISC
intel -- intel_vroc_softwareImproper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-25976MISC
intel -- intel_maccpuid_softwareUncontrolled search path in the Intel(R) MacCPUID software before version 3.2 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-27180MISC
wordpress -- wordpressAuth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Atlas Gondal Export All URLs plugin <= 4.1 versions.2023-05-10not yet calculatedCVE-2022-27856MISC
intel -- nuc_biosImproper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-28699MISC
intel -- vroc_softwareNull pointer dereference in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-29508MISC
western_digital -- my_cloud_os_5Server-Side Request Forgery (SSRF) vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server. This issue affects My Cloud OS 5 devices before 5.26.202.2023-05-10not yet calculatedCVE-2022-29840MISC
western_digital -- my_cloud_os_5Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that was caused by a command that read files from a privileged location and created a system command without sanitizing the read data. This command could be triggered by an attacker remotely to cause code execution and gain a reverse shell in Western Digital My Cloud OS 5 devices. This issue affects My Cloud OS 5: before 5.26.119.2023-05-10not yet calculatedCVE-2022-29841MISC
western_digital -- my_cloud_os_5Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119.2023-05-10not yet calculatedCVE-2022-29842MISC
intel -- vroc_softwareUse after free in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-29919MISC
intel -- vroc_softwareIncorrect default permissions in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-30338MISC
intel -- nuc_biosImproper initialization for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-31477MISC
intel -- unite_pligin_sdkUncontrolled search path in the Intel(R) Unite(R) Plugin SDK before version 4.2 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-32576MISC
intel -- nuc_kitsImproper input validation in BIOS Firmware for some Intel(R) NUC Kits before version PY0081 may allow a privileged user to potentially enable information disclosure or denial of service via local access2023-05-10not yet calculatedCVE-2022-32577MISC
intel -- nuc_pro_software_suiteImproper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-32578MISC
intel -- multiple_productsImproper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-32582MISC
intel -- bios_firmwareImproper input validation for some Intel(R) BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-32766MISC
wordpress -- wordpressAuth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Themify Themify Portfolio Post plugin <= 1.2.4 versions.2023-05-10not yet calculatedCVE-2022-32970MISC
intel -- bios_firmawareImproper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-33894MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WaspThemes Visual CSS Style Editor plugin <= 7.5.8 versions.2023-05-10not yet calculatedCVE-2022-33961MISC
intel -- unite_client_softwareIncorrect default permissions in the software installer for Intel(R) Unite(R) Client software for Windows before version 4.2.34870 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-33963MISC
intel -- multiple_productsImproper input validation in BIOS firmware for some Intel(R) NUC 9 Extreme Laptop Kits, Intel(R) NUC Performance Kits, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, and Intel(R) NUC Compute Element may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-34147MISC
intel -- nuc_pro_software_suiteUncontrolled search path for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-34848MISC
intel -- nuc_pro_software_suitePath traversal for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-34855MISC
western_digital -- multiple_productsAn improper privilege management issue that could allow an attacker to cause a denial of service over the OTA mechanism was discovered in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191.2023-05-10not yet calculatedCVE-2022-36329MISC
western_digital -- multiple_productsA buffer overflow vulnerability was discovered on firmware version validation that could lead to an unauthenticated remote code execution in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi devices. An attacker would require exploitation of another vulnerability to raise their privileges in order to exploit this buffer overflow vulnerability.

This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191. 

2023-05-10not yet calculatedCVE-2022-36330MISC
intel -- multiple_productsImproper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-36339MISC
intel -- nuc_pro_softwareIncorrect default permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-36391MISC
facebook -- hhvmHHVM 4.172.0 and all prior versions use TLS 1.0 for secure connections when handling tls:// URLs in the stream extension. TLS1.0 has numerous published vulnerabilities and is deprecated. HHVM 4.153.4, 4.168.2, 4.169.2, 4.170.2, 4.171.1, 4.172.1, 4.173.0 replaces TLS1.0 with TLS1.3.

Applications that call stream_socket_server or stream_socket_client functions with a URL starting with tls:// are affected.

2023-05-10not yet calculatedCVE-2022-36937MISCMISC
intel -- multiple_productsImproper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-37327MISC
intel -- ipp_cryptography_softwareInsufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-37409MISC
intel -- irocessorsExposure of resource to wrong sphere in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-38087MISC
intel -- multiple_productsUncontrolled search path in some Intel(R) NUC Chaco Canyon BIOS update software before version iFlashV Windows 5.13.00.2105 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-38101MISC
intel -- nuc_software_studio_service_installerInsecure inherited permissions in the Intel(R) NUC Software Studio Service installer before version 1.17.38.0 may allow an authenticated user to potentially enable escalation of privilege via local access2023-05-10not yet calculatedCVE-2022-38103MISC
intel -- fpgaImproper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-38787MISC
octopus -- deployIn affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service2023-05-10not yet calculatedCVE-2022-4008MISC
intel -- sur_softwareImproper access control in the Intel(R) SUR software before version 2.4.8989 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-40207MISC
intel -- dcm_softwareExposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-40210MISC
intel -- dcm_softwareInsufficiently protected credentials in the Intel(R) DCM software before version 5.0.1 may allow an authenticated user to potentially enable information disclosure via network access.2023-05-10not yet calculatedCVE-2022-40685MISC
intel -- hdmi_firmware_update_toolIncorrect default permissions for the Intel(R) HDMI Firmware Update Tool for NUC before version 1.79.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-40971MISC
intel -- qat_driversImproper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-40972MISC
intel -- cryptography_softwareIncomplete cleanup in the Intel(R) IPP Cryptography software before version 2021.6 may allow a privileged user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-40974MISC
wordpress -- wordpressImproper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-41610MISC
intel -- qat_driversImproper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-41621MISC
intel -- nuc_p144e_laptop_element_softwareUncontrolled search path element in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41628MISC
intel -- cryptography_softwareInsufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-41646MISC
intel -- vtune_profiler_softwareInsecure inherited permissions in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41658MISC
intel -- intel_nuc_p14e_laptop_element_software_for_windows_10Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41687MISC
intel -- intel_retail_edge_mobile_ios_applicationImproper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41690MISC
intel -- intel_quartus_prime_pro_edition_softwareUncontrolled search path in the Intel(R) Quartus(R) Prime Pro edition software before version 22.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41693MISC
intel -- intel_qat_drivers_for_windowsIncorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41699MISC
intel -- intel_connect_m_android_application Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41769MISC
intel -- intel_qat_drivers_for_windowsIncorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-41771MISC
intel -- intel_ofu_softwareImproper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access2023-05-10not yet calculatedCVE-2022-41784MISC
intel -- intel_connect_m_android_applicationUncontrolled resource consumption in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-41801MISC
intel -- intel_qat_drivers_for_linuxImproper buffer restriction in software for the Intel QAT Driver for Linux before version 1.7.l.4.12 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-41808MISC
intel -- intel_dcm_softwareProtection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.2023-05-10not yet calculatedCVE-2022-41979MISC
intel -- intel_vtune_tmprofiler_softwareUncontrolled search path element in the Intel(R) VTune(TM) Profiler software before version 2023.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41982MISC
weston_embedded -- uc-ftpsAn authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability.2023-05-10not yet calculatedCVE-2022-41985MISCMISC
intel -- intel_dcm_softwareUncontrolled search path in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-41998MISC
intel -- intel_ofu_softwareImproper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-42465MISC
intel -- intel_trace_analyzer_and_collector_softwareNull pointer dereference for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-42878MISC
intel -- intel_scs_softwareImproper authorization in the Intel(R) SCS software all versions may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-43465MISC
intel -- dsp_builder_software_installer_for_intel_fpgas_pro_editionUncontrolled search path for the DSP Builder software installer before version 22.4 for Intel(R) FPGAs Pro Edition may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-43474MISC
intel -- intel_dcm_softwareInsecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-43475MISC
intel -- intel_qat_engine_for_opensslImproper buffer restrictions in the Intel(R) QAT Engine for OpenSSL before version 0.6.16 may allow a privileged user to potentially enable escalation of privilege via network access.2023-05-10not yet calculatedCVE-2022-43507MISC
unisoc -- multiple_productsIn phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-09not yet calculatedCVE-2022-44433MISC
intel -- intel_dcm_softwareImproper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access.2023-05-10not yet calculatedCVE-2022-44610MISC
intel -- intel_dcm_softwareInsecure storage of sensitive information in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-44619MISC
intel -- intel_ema_softwareImproper authorization in the Intel(R) EMA software before version 1.9.0.0 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-45128MISC
wordpress -- wordpressThe Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.2023-05-09not yet calculatedCVE-2022-4537MISCMISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Nickys Image Map Pro for WordPress - Interactive SVG Image Map Builder plugin < 5.6.9 versions.2023-05-10not yet calculatedCVE-2022-45846MISC
intel -- intel_retail_edge_android_applicationImproper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2022-46279MISC
weston_embedded -- uc-ftpsAn out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability. This vulnerability occurs when no IP address argument is provided to the `PORT` command.2023-05-10not yet calculatedCVE-2022-46377MISCMISC
weston_embedded -- uc-ftpsAn out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability. This vulnerability occurs when no port argument is provided to the `PORT` command.2023-05-10not yet calculatedCVE-2022-46378MISCMISC
intel -- intel_smart_campus_android_applicationUncontrolled resource consumption in the Intel(R) Smart Campus Android application before version 9.9 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2022-46645MISC
intel -- intel_nuc_pro_software_suiteInsecure inherited permissions for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2022-46656MISC
apple -- macosAn integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox2023-05-08not yet calculatedCVE-2022-46720MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flyzoo Flyzoo Chat plugin <= 2.3.3 versions.2023-05-10not yet calculatedCVE-2022-46817MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Continuous announcement scroller plugin <= 13.0 versions.2023-05-10not yet calculatedCVE-2022-46819MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin <= 6.2 versions.2023-05-10not yet calculatedCVE-2022-46861MISC
yonque -- phpok_v6.3PHPOK v6.3 was discovered to contain a remote code execution (RCE) vulnerability.2023-05-11not yet calculatedCVE-2022-47129MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPManageNinja LLC Ninja Tables plugin <= 4.3.4 versions.2023-05-10not yet calculatedCVE-2022-47137MISC
unisoc -- multiple_productsIn h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges.2023-05-09not yet calculatedCVE-2022-47340MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.2023-05-10not yet calculatedCVE-2022-47423MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MantraBrain Yatra plugin <= 2.1.14 versions.2023-05-10not yet calculatedCVE-2022-47436MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Charitable Donations & Fundraising Team Donation Forms by Charitable plugin <= 1.7.0.10 versions.2023-05-10not yet calculatedCVE-2022-47441MISC
unisoc -- multiple_productsIn ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47469MISC
unisoc -- multiple_productsIn ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47470MISC
unisoc -- multiple_productsIn modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47485MISC
unisoc -- multiple_productsIn ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47486MISC
unisoc -- multiple_productsIn thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges.2023-05-09not yet calculatedCVE-2022-47487MISC
unisoc -- multiple_productsIn spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47488MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47489MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47491MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47494MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47495MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47496MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47497MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47498MISC
unisoc -- multiple_productsIn soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-47499MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.5 versions.2023-05-10not yet calculatedCVE-2022-47587MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.2023-05-10not yet calculatedCVE-2022-47590MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions.2023-05-10not yet calculatedCVE-2022-47600MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Stephenson WP-CORS plugin <= 0.2.1 versions.2023-05-10not yet calculatedCVE-2022-47606MISC
jedox -- rtn_directoryA Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods.2023-05-12not yet calculatedCVE-2022-47879MISCMISC
jedox -- test_connection_functionAn Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections' cleartext password via the 'test connection' function.2023-05-12not yet calculatedCVE-2022-47880MISCMISC
vinteo_vcc -- conference_parameterVinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.2023-05-12not yet calculatedCVE-2022-48020MISCMISCMISC
unisoc -- multiple_productsIn cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-48385MISC
unisoc -- multiple_productsthe apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-48386MISC
unisoc -- multiple_productsthe apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-48387MISC
unisoc -- multiple_productsIn powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.2023-05-09not yet calculatedCVE-2022-48388MISC
unisoc -- multiple_productsIn modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.2023-05-09not yet calculatedCVE-2022-48389MISC
palo_alto_networks -- pan_osA cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.2023-05-10not yet calculatedCVE-2023-0007MISC
palo_alto_networks -- pan_osA file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to export local files from the firewall through a race condition.2023-05-10not yet calculatedCVE-2023-0008MISC
wordpress -- wordpressThe Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link.2023-05-08not yet calculatedCVE-2023-0421MISC
wordpress -- wordpressThe Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-05-08not yet calculatedCVE-2023-0514MISC
wordpress -- wordpressThe Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-05-08not yet calculatedCVE-2023-0526MISC
wordpress -- wordpressThe Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-08not yet calculatedCVE-2023-0536MISC
wordpress -- wordpressThe Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-05-08not yet calculatedCVE-2023-0537MISC
wordpress -- wordpressThe Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-08not yet calculatedCVE-2023-0542MISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0851MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0852MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0853MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0854MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0855MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersBuffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0856MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersUnintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0857MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersImproper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the product. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0858MISCMISCMISCMISC
canon -- canon_office/small_office_multifunction_printers_and_laser_printersArbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.2023-05-11not yet calculatedCVE-2023-0859MISCMISCMISCMISC
monicahq -- monicahqMonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter.2023-05-08not yet calculatedCVE-2023-1031MISCMISC
netapp -- snapcenterSnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.2023-05-12not yet calculatedCVE-2023-1096MISC
wordpress -- wordpressThe Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin2023-05-08not yet calculatedCVE-2023-1408MISC
cloudflare -- circl_goWhen sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.

The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.

2023-05-10not yet calculatedCVE-2023-1732MISC
rockwell_automation -- kinetix_5500_drivesRockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default.  This could potentially allow attackers unauthorized access to the device through the open ports.2023-05-11not yet calculatedCVE-2023-1834MISC
sdg_technologies -- pnpscada_systemThe PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.2023-05-12not yet calculatedCVE-2023-1934MISC
cisco -- asr_5000_series_softwareA vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.

This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.

There are workarounds that address this vulnerability.

2023-05-09not yet calculatedCVE-2023-20046MISCMISC
cisco -- sd-wan_vmanageA vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.

This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root.

2023-05-09not yet calculatedCVE-2023-20098MISCMISC
amd -- amd_epycImproper access control settings in ASP
Bootloader may allow an attacker to corrupt the return address causing a
stack-based buffer overrun potentially leading to arbitrary code execution.
2023-05-09not yet calculatedCVE-2023-20520MISC
amd -- amd_epycAn attacker with a compromised ASP could
possibly send malformed commands to an ASP on another CPU, resulting in an out
of bounds write, potentially leading to a loss a loss of integrity.
2023-05-09not yet calculatedCVE-2023-20524MISC
vmware -- aria_operationsVMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.2023-05-12not yet calculatedCVE-2023-20877MISC
vmware -- aria_operationsVMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.2023-05-12not yet calculatedCVE-2023-20878MISC
vmware -- aria_operationsVMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.2023-05-12not yet calculatedCVE-2023-20879MISC
openstack -- openstackA flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.2023-05-12not yet calculatedCVE-2023-2088MISC
vmware -- aria_operationsVMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.2023-05-12not yet calculatedCVE-2023-20880MISC
axis -- axis_osAXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication, nor can it be used to compromise the device or any customer data.2023-05-08not yet calculatedCVE-2023-21404MISC
linux -- kernelA flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.2023-05-09not yet calculatedCVE-2023-2156MISCMISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.2023-05-12not yet calculatedCVE-2023-2181MISCMISCCONFIRM
intel -- server_board_bmc_firmwareAccess of memory location after end of buffer in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22297MISC
intel -- nuc_bios_firmwareImproper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22312MISC
intel -- oneapi_toolkitUncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.0.251 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22355MISC
seiko_solutions -- skybridge_mb-a100/110Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product.2023-05-10not yet calculatedCVE-2023-22361MISCMISCMISCMISCMISCMISC
intel -- server_board_bmc_firmwareImproper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-22379MISC
intel -- scs_add-onIncorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22440MISC
seiko solutions -- skybridge_seriesMissing authentication for critical function exists in Seiko Solutions SkyBridge series, which may allow a remote attacker to obtain or alter the setting information of the product or execute some critical functions without authentication, e.g., rebooting the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier2023-05-10not yet calculatedCVE-2023-22441MISCMISCMISCMISCMISCMISC
intel -- server_board_bmc_firmwareOut of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22442MISC
intel -- server_board_bmc_firmwareInteger overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access.2023-05-10not yet calculatedCVE-2023-22443MISC
intel -- open_cas_software_for_linuxInsertion of sensitive information into log file in the Open CAS software for Linux maintained by Intel before version 22.6.2 may allow a privileged user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-22447MISC
intel -- server_board_bmc_firmwareBuffer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-22661MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions.2023-05-12not yet calculatedCVE-2023-22685MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Custom4Web Affiliate Links Lite plugin <= 2.5 versions.2023-05-10not yet calculatedCVE-2023-22696MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Agent Evolution IMPress Listings plugin <= 2.6.2 versions.2023-05-10not yet calculatedCVE-2023-22711MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3 versions.2023-05-11not yet calculatedCVE-2023-22720MISC
western_digital -- multiple_products

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.

This issue affects My Cloud OS 5 Mobile App: before 4.21.0; My Cloud Home Mobile App: before 4.21.0; ibi Mobile App: before 4.21.0; MyCloud OS 5 Web App: before 4.26.0-6126; My Cloud Home Web App: before 4.26.0-6126; ibi Web App: before 4.26.0-6126.

2023-05-08not yet calculatedCVE-2023-22813MISC
schweitzer_engineering_laboratories -- multiple_productsA Channel Accessible by Non-Endpoint vulnerability in the Schweitzer Engineering Laboratories SEL Real-Time Automation Controller (RTAC) could allow a remote attacker to perform a man-in-the-middle (MiTM) that could result in denial of service.

See the ACSELERATOR RTAC SEL-5033 Software instruction manual date code 20210915 for more details.

2023-05-10not yet calculatedCVE-2023-2310MISC
synapsoft -- pdfocusSynapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal.2023-05-12not yet calculatedCVE-2023-23169MISCMISC
sick -- flexi_classicMissing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets.2023-05-12not yet calculatedCVE-2023-23444MISCMISCMISC
apple -- macos/ios/ipadosThe issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-08not yet calculatedCVE-2023-23540MISCMISCMISC
apple -- ios/ipadosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts2023-05-08not yet calculatedCVE-2023-23541MISCMISC
apple -- macosA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data2023-05-08not yet calculatedCVE-2023-23542MISCMISCMISC
apple -- macos/ios/ipadosThe issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera2023-05-08not yet calculatedCVE-2023-23543MISCMISCMISC
intel -- trace_analyzer_collector_softwareStack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-23569MISC
intel -- unite_androidImproper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-23573MISC
seiko_solutions -- mb-a200_firmwareImproper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port.2023-05-10not yet calculatedCVE-2023-23578MISCMISCMISCMISCMISCMISC
intel -- trace_analyzer_collector_softwareStack-based buffer overflow for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-23580MISC
wordpress -- wordpressAuth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions.2023-05-09not yet calculatedCVE-2023-23647MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Andrew @ Geeenville Web Design Easy Sign Up plugin <= 3.4.1 versions.2023-05-10not yet calculatedCVE-2023-23701MISC
wordpress -- wordpressAuth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Christof Servit affiliate-toolkit plugin <= 3.3.3 versions.2023-05-10not yet calculatedCVE-2023-23786MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Florin Arjocu Custom More Link Complete plugin <= 1.4.1 versions.2023-05-10not yet calculatedCVE-2023-23788MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.2023-05-10not yet calculatedCVE-2023-23789MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss Semalt Blocker plugin <= 1.1.3 versions.2023-05-10not yet calculatedCVE-2023-23794MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.2023-05-12not yet calculatedCVE-2023-23810MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joost de Valk Enhanced WP Contact Form plugin <= 2.2.3 versions.2023-05-10not yet calculatedCVE-2023-23812MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions.2023-05-12not yet calculatedCVE-2023-23867MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flector BBSpoiler plugin <= 2.01 versions.2023-05-10not yet calculatedCVE-2023-23873MISC
seiko_solutions -- skybridge_mb-a200_firmware_basicImproper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product.2023-05-10not yet calculatedCVE-2023-23901MISCMISCMISCMISCMISCMISC
seiko_solutions -- skybirdge_mb-4100/110_firmwareMissing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to execute some critical functions without authentication, e.g., rebooting the product.2023-05-10not yet calculatedCVE-2023-23906MISCMISCMISCMISCMISCMISC
intel -- trace_analyzer_collector_softwareOut-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-23909MISC
intel -- trace_analyzer_collector_softwareOut-of-bounds write for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-23910MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions.2023-05-10not yet calculatedCVE-2023-24392MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb ur Rehman Simple PopUp plugin <= 1.8.6 versions.2023-05-10not yet calculatedCVE-2023-24406MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin <= 3.2 versions.2023-05-10not yet calculatedCVE-2023-24418MISC
rockwell_automation -- thinmanagerRockwell Automation ThinManager product allows the use of medium strength ciphers.  If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the client and server API.2023-05-11not yet calculatedCVE-2023-2443MISC
rockwell_automation -- factorytalk_vantagepointA cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. This vulnerability can be exploited in two ways. If an attacker sends a malicious link to a computer that is on the same domain as the FactoryTalk Vantagepoint server and a user clicks the link, the attacker could impersonate the legitimate user and send requests to the affected product.  Additionally, if an attacker sends an untrusted link to a computer that is not on the same domain as the server and a user opens the FactoryTalk Vantagepoint website, enters credentials for the FactoryTalk Vantagepoint server, and clicks on the malicious link a cross site request forgery attack would be successful as well.2023-05-11not yet calculatedCVE-2023-2444MISC
intel -- server_board_bmc_firmwareOut of bounds read in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-24475MISC
milesight -- ncr/cameraMilesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request.2023-05-08not yet calculatedCVE-2023-24505MISC
milesight -- ncr/camera

Milesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request.

2023-05-08not yet calculatedCVE-2023-24506MISC
agilepoint -- nx

AgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.

2023-05-08not yet calculatedCVE-2023-24507MISC
go -- html/templateAngle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.2023-05-11not yet calculatedCVE-2023-24539MISCMISCMISCMISC
go -- html/templateNot all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.2023-05-11not yet calculatedCVE-2023-24540MISCMISCMISCMISC
google -- chromeos_audio_serverOut of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)2023-05-12not yet calculatedCVE-2023-2457MISCMISC
google -- chromeos_cameraUse after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)2023-05-12not yet calculatedCVE-2023-2458MISCMISC
seiko_solutions -- skybridge_mb-a100/110_firmwareCleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote authenticated attacker to obtain an APN credential for the product.2023-05-10not yet calculatedCVE-2023-24586MISCMISCMISCMISCMISCMISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project.2023-05-08not yet calculatedCVE-2023-2478MISCMISCCONFIRM
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fernando Briano UserAgent-Spy plugin <= 1.3.1 versions.2023-05-11not yet calculatedCVE-2023-2490MISC
ibm -- business_automation_workflowIBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.2023-05-06not yet calculatedCVE-2023-24957MISCMISC
autodesk -- 3ds_max_usd_pluginA maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.2023-05-12not yet calculatedCVE-2023-25005MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25006MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.2023-05-12not yet calculatedCVE-2023-25007MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25008MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25009MISC
seiko_solutions -- skybridge_mb-a100/110Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier. If the telnet connection is enabled, a remote unauthenticated attacker may eavesdrop on or alter the administrator's communication to the product.2023-05-10not yet calculatedCVE-2023-25070MISCMISCMISCMISCMISCMISC
seiko_solutions -- skybridge_mb-a100/110Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product.2023-05-10not yet calculatedCVE-2023-25072MISCMISCMISCMISCMISCMISC
cloudflare -- workerdPrior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior.

In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug was never exploitable on the Cloudflare Workers platform, but could theoretically be exploitable on deployments of workerd running on machines with a huge amount of memory. Moreover, in order to be remotely exploited, an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low.

A fix that addresses this vulnerability has been released in version v1.20230419.0 and users are encouraged to update to the latest version available.

2023-05-12not yet calculatedCVE-2023-2512MISCMISC
linux -- kernelA use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors.2023-05-08not yet calculatedCVE-2023-2513MISCMISCMISC
mattermost -- mattermostMattermost Sever fails to redact the DB username and password before emitting an application log during server initialization. 2023-05-12not yet calculatedCVE-2023-2514MISC
mattermost -- mattermostMattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin2023-05-12not yet calculatedCVE-2023-2515MISC
intel -- intel_server_board_bmc_firmwareImproper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-25175MISC
intel -- intel_unite_android_applicationUncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2023-25179MISC
seiko_solutions -- multiple_productsUse of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Affected products and versions are as follows: SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, and SkySpider MB-R210 firmware Ver. 1.01.00 and earlier.2023-05-10not yet calculatedCVE-2023-25184MISCMISCMISCMISCMISCMISC
fetlife -- rollout-uiCross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality.2023-05-11not yet calculatedCVE-2023-25309MISCMISCMISCMISC
otrs_ag -- otrsImproper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via ticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation and the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.2023-05-08not yet calculatedCVE-2023-2534MISC
soft-o -- free_password_managerA DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.2023-05-12not yet calculatedCVE-2023-25428MISCMISC
codesolz -- easy_ad_managerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions.2023-05-12not yet calculatedCVE-2023-25460MISC
intel -- intel_server_board_bmc_firmwareImproper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-25545MISC
ipfs -- boxoBoxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. In versions 0.4.0 and 0.5.0, if an attacker is able allocate arbitrary many bytes in the Bitswap server, those allocations are lasting even if the connection is closed. This affects users accepting untrusted connections with the Bitswap server and also affects users using the old API stubs at `github.com/ipfs/go-libipfs/bitswap` because users then transitively import `github.com/ipfs/go-libipfs/bitswap/server`. Boxo versions 0.6.0 and 0.4.1 contain a patch for this issue. As a workaround, those who are using the stub object at `github.com/ipfs/go-libipfs/bitswap` not taking advantage of the features provided by the server can refactor their code to use the new split API that will allow them to run in a client only mode: `github.com/ipfs/go-libipfs/bitswap/client`.2023-05-10not yet calculatedCVE-2023-25568CONFIRMMISCMISCMISC
intel -- intel_nuc_bios_firmwareImproper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2023-25771MISC
intel -- intel_retail_edge_mobile_android_applicationImproper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local access.2023-05-10not yet calculatedCVE-2023-25772MISC
intel -- intel_server_board_bmc_firmwareImproper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-25776MISC
strikingly -- strickingly_cmsA prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser.2023-05-08not yet calculatedCVE-2023-2582MISC
ibm -- security_verify_accessIBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.2023-05-12not yet calculatedCVE-2023-25927MISCMISC
sourcecodester -- food_ordering_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396.2023-05-09not yet calculatedCVE-2023-2594MISCMISC
sourcecodester -- billing_management_systemA vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability.2023-05-09not yet calculatedCVE-2023-2595MISCMISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.2023-05-12not yet calculatedCVE-2023-25958MISC
sourcecodester -- online_reviewer_systemA vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228398 is the identifier assigned to this vulnerability.2023-05-09not yet calculatedCVE-2023-2596MISCMISCMISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.2023-05-09not yet calculatedCVE-2023-2609MISCCONFIRM
m_static -- m_staticAll versions of the package m.static are vulnerable to Directory Traversal due to improper input sanitization of the path being requested via the requestFile function.2023-05-10not yet calculatedCVE-2023-26126MISCMISC
pimcore -- pimcoreCross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21.2023-05-10not yet calculatedCVE-2023-2614MISCCONFIRM
pimcore -- pimcoreCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21.2023-05-10not yet calculatedCVE-2023-2615CONFIRMMISC
opencv -- we_qrcode_moduleA vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-228547.2023-05-10not yet calculatedCVE-2023-2617MISCMISCMISCMISC
opencv -- we_qrcode_moduleA vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Affected by this issue is the function DecodedBitStreamParser::decodeHanziSegment of the file qrcode/decoder/decoded_bit_stream_parser.cpp. The manipulation leads to memory leak. The attack may be launched remotely. The name of the patch is 2b62ff6181163eea029ed1cab11363b4996e9cd6. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-228548.2023-05-10not yet calculatedCVE-2023-2618MISCMISCMISCMISC
pimcore -- customer_data_frameworkImproper Neutralization of Formula Elements in a CSV File in GitHub repository pimcore/customer-data-framework prior to 3.3.9.2023-05-10not yet calculatedCVE-2023-2629CONFIRMMISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21.2023-05-10not yet calculatedCVE-2023-2630MISCCONFIRM
sourcecodester -- online_internship_management_systemA vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228770 is the identifier assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2641MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. This affects an unknown part of the file adminpanel/admin/facebox_modal/updateCourse.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228771.2023-05-11not yet calculatedCVE-2023-2642MISCMISCMISC
sourcecodester -- file_tracker_manager_systemA vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. This vulnerability affects unknown code of the file register/update_password.php of the component POST Parameter Handler. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228772.2023-05-11not yet calculatedCVE-2023-2643MISCMISCMISC
digitalpersona -- fpsensorA vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1. This issue affects some unknown processing of the file C:\Program Files (x86)\FPSensor\bin\DpHost.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-228773 was assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2644MISCMISC
usr -- usr-g806A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Affected is an unknown function of the component Web Management Page. The manipulation of the argument username/password with the input root leads to use of hard-coded password. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-228774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-11not yet calculatedCVE-2023-2645MISCMISCMISC
tp-link -- archer_c7v2A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component GET Request Parameter Handler. The manipulation leads to denial of service. The attack can only be done within the local network. The associated identifier of this vulnerability is VDB-228775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-11not yet calculatedCVE-2023-2646MISCMISC
weaver -- e-officeA vulnerability was found in Weaver E-Office 9.5 and classified as critical. Affected by this issue is some unknown functionality of the file /webroot/inc/utility_all.php of the component File Upload Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-11not yet calculatedCVE-2023-2647MISCMISCMISC
weaver -- e-officeA vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-11not yet calculatedCVE-2023-2648MISCMISCMISC
tenda -- ac23A vulnerability was found in Tenda AC23 16.03.07.45_cn. It has been declared as critical. This vulnerability affects unknown code of the file /bin/ate of the component Service Port 7329. The manipulation of the argument v2 leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-11not yet calculatedCVE-2023-2649MISCMISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780.2023-05-11not yet calculatedCVE-2023-2652MISCMISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2653MISCMISCMISC
sourcecodester -- ac_repair_and_services_systemA vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2656MISCMISCMISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799.2023-05-11not yet calculatedCVE-2023-2657MISCMISCMISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800.2023-05-11not yet calculatedCVE-2023-2658MISCMISCMISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2659MISCMISCMISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.2023-05-11not yet calculatedCVE-2023-2660MISCMISCMISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.2023-05-11not yet calculatedCVE-2023-2661MISCMISCMISC
xpdf -- xpdfIn Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.2023-05-11not yet calculatedCVE-2023-2662MISC
xpdf -- xpdf In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.2023-05-11not yet calculatedCVE-2023-2663MISC
xpdf -- xpdf In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.2023-05-11not yet calculatedCVE-2023-2664MISC
francoisjacquet -- rosariosisStorage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.2023-05-12not yet calculatedCVE-2023-2665CONFIRMMISC
froxlor -- froxlorAllocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.2023-05-12not yet calculatedCVE-2023-2666CONFIRMMISC
sourcecodester -- lost_and_found_information_systemA vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883.2023-05-12not yet calculatedCVE-2023-2667MISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884.2023-05-12not yet calculatedCVE-2023-2668MISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability.2023-05-12not yet calculatedCVE-2023-2669MISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability.2023-05-12not yet calculatedCVE-2023-2670MISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887.2023-05-12not yet calculatedCVE-2023-2671MISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888.2023-05-12not yet calculatedCVE-2023-2672MISCMISC
openemr -- openemrImproper Access Control in GitHub repository openemr/openemr prior to 7.0.1.2023-05-12not yet calculatedCVE-2023-2674CONFIRMMISC
h3c -- r160A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability.2023-05-12not yet calculatedCVE-2023-2676MISCMISCMISC
sourcecodester -- covid-19_contact_tracing_systemA vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. This affects an unknown part of the file admin/establishment/manage.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228891.2023-05-12not yet calculatedCVE-2023-2677MISCMISCMISC
sourcecodester -- file_tracker_manager_systemA vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /file_manager/admin/save_user.php of the component POST Parameter Handler. The manipulation of the argument firstname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228892.2023-05-12not yet calculatedCVE-2023-2678MISCMISCMISC
caton -- liveA vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-12not yet calculatedCVE-2023-2682MISCMISC
lavalite -- cmsLavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack.2023-05-12not yet calculatedCVE-2023-27237MISCMISCMISCMISCMISC
lavalite -- cmsLavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning.2023-05-12not yet calculatedCVE-2023-27238MISCMISC
intel -- wake_up_latency_tracerUncontrolled search path in the WULT software maintained by Intel(R) before version 1.0.0 (commit id 592300b) may allow an unauthenticated user to potentially enable escalation of privilege via network access.2023-05-10not yet calculatedCVE-2023-27298MISC
intel -- nuc_p14e_laptop_element_softwareIncorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-27382MISC
omron -- cx-driveHeap-based buffer overflow vulnerability exists in CX-Drive All models V3.01 and earlier. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.2023-05-10not yet calculatedCVE-2023-27385MISCMISC
intel -- pathfinderUncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-27386MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Viable Blog theme <= 1.1.4 versions.2023-05-10not yet calculatedCVE-2023-27419MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maui Marketing Update Image Tag Alt Attribute plugin <= 2.4.5 versions.2023-05-10not yet calculatedCVE-2023-27455MISC
jubei_inc -- jb_inquiry_formJB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40.2023-05-10not yet calculatedCVE-2023-27510MISCMISC
ministry_of_justice_japan -- shinseiyo_sogo_softShinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker.2023-05-10not yet calculatedCVE-2023-27527MISCMISC
ibm -- websphere_application_serverIBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249185.2023-05-11not yet calculatedCVE-2023-27554MISCMISC
node.js -- n8nThe n8n package 0.218.0 for Node.js allows Directory Traversal.2023-05-10not yet calculatedCVE-2023-27562MISCMISC
node.js -- n8nThe n8n package 0.218.0 for Node.js allows Escalation of Privileges.2023-05-10not yet calculatedCVE-2023-27563MISCMISC
node.js -- n8nThe n8n package 0.218.0 for Node.js allows Information Disclosure.2023-05-10not yet calculatedCVE-2023-27564MISCMISC
optoma -- 1080pstx_c02An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.2023-05-12not yet calculatedCVE-2023-27823MISCMISC
ibm -- spectrum_protect_plus_serverIBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.2023-05-12not yet calculatedCVE-2023-27863MISCMISC
ibm -- spectrum_protect_plus_serverIBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. IBM X-Force ID: 249518.2023-05-11not yet calculatedCVE-2023-27870MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Joruri Gw Ver 3.2.5 and earlier allows a remote authenticated attacker to inject an arbitrary script via Message Memo function of the affected product.2023-05-10not yet calculatedCVE-2023-27888MISCMISC
wordpress -- wordpressCross-site request forgery (CSRF) vulnerability in LIQUID SPEECH BALLOON versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of a user and to perform unintended operations by having a user view a malicious page.2023-05-10not yet calculatedCVE-2023-27889MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by having a user who is logging in the WordPress where the product is installed visit a malicious URL.2023-05-10not yet calculatedCVE-2023-27918MISCMISC
next_engine -- ec-cubeAuthentication bypass vulnerability in NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series) all versions allows a remote unauthenticated attacker to alter the information stored in the system.2023-05-10not yet calculatedCVE-2023-27919MISCMISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts2023-05-08not yet calculatedCVE-2023-27928MISCMISCMISCMISCMISCMISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory2023-05-08not yet calculatedCVE-2023-27956MISCMISCMISCMISCMISC
apple -- macosThis issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand2023-05-08not yet calculatedCVE-2023-27960MISC
apple -- macosA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system2023-05-08not yet calculatedCVE-2023-27962MISCMISCMISC
apple -- multiple_productsThe issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user2023-05-08not yet calculatedCVE-2023-27963MISCMISCMISCMISCMISC
apple -- macosA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-08not yet calculatedCVE-2023-27965MISCMISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandbox2023-05-08not yet calculatedCVE-2023-27966MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-08not yet calculatedCVE-2023-27969MISCMISCMISCMISCMISC
apple -- ios/ipadosAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges2023-05-08not yet calculatedCVE-2023-27970MISC
ivanti -- avalancheAn improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass.2023-05-09not yet calculatedCVE-2023-28125MISC
ivanti -- avalancheAn authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message.2023-05-09not yet calculatedCVE-2023-28126MISC
ivanti -- avalancheA path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.2023-05-09not yet calculatedCVE-2023-28127MISC
apple -- macosAn unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.2023-05-09not yet calculatedCVE-2023-28128MISC
apple -- multiple_productsA logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to bypass Privacy preferences2023-05-08not yet calculatedCVE-2023-28178MISCMISCMISC
apple -- multiple_productsThe issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device2023-05-08not yet calculatedCVE-2023-28182MISCMISCMISCMISCMISC
apple -- ios/ipadosThe issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen2023-05-08not yet calculatedCVE-2023-28194MISC
apple -- multiple_productsThis issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution2023-05-08not yet calculatedCVE-2023-28201MISCMISCMISCMISC
rocket.chat -- rocket.chatA security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled.2023-05-09not yet calculatedCVE-2023-28316MISC
rocket.chat -- rocket.chatA vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order.2023-05-09not yet calculatedCVE-2023-28317MISC
rocket.chat -- rocket.chatA vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices.2023-05-09not yet calculatedCVE-2023-28318MISC
rocket.chat -- rocket.chatAn improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is allowed to edit message in the target room.2023-05-11not yet calculatedCVE-2023-28325MISC
rocket.chat -- rocket.chatA vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU and rendering the service unresponsive.2023-05-11not yet calculatedCVE-2023-28356MISC
rocket.chat -- rocket.chatA vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members to unauthorized users. This allows authenticated users to enumerate whether a username is a member of a channel that they do not have access to.2023-05-11not yet calculatedCVE-2023-28357MISC
rocket.chat -- rocket.chatA vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover.2023-05-11not yet calculatedCVE-2023-28358MISC
rocket.chat -- rocket.chatA NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. This can be exploited by unauthenticated users when there is at least one custom emoji uploaded to the Rocket.Chat instance. The vulnerability causes a delay in the server response, with the potential for limited impact.2023-05-11not yet calculatedCVE-2023-28359MISC
brave -- braveAn omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user.2023-05-11not yet calculatedCVE-2023-28360MISC
ubiquiti -- unifiA Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a malicious webpage.Affected Products:Cloud Key Gen2Cloud Key Gen2 PlusUNVRUNVR ProfessionalUDMUDM ProfessionalUDM SEUDRMitigation:Update affected products to UniFi OS 3.0.13 or later.2023-05-11not yet calculatedCVE-2023-28361MISC
intel -- i915_graphics_drivers_for_linuxImproper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-10not yet calculatedCVE-2023-28410MISC
intel -- server_board_bmcDouble free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access.2023-05-10not yet calculatedCVE-2023-28411MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions.2023-05-12not yet calculatedCVE-2023-28414MISC
ibm -- planning_analytics_localIBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.2023-05-12not yet calculatedCVE-2023-28520MISCMISC
ibm -- api_connectIBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.2023-05-12not yet calculatedCVE-2023-28522MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App WPMobile.App — Android and iOS Mobile Application plugin <= 11.20 versions.2023-05-10not yet calculatedCVE-2023-28932MISC
oracle -- apacheAttacker can access arbitrary recording/room

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

2023-05-12not yet calculatedCVE-2023-28936MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29022MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.2023-05-11not yet calculatedCVE-2023-29023MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product. A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.2023-05-11not yet calculatedCVE-2023-29024MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29025MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29026MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29027MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29028MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user data and modify the web interface. Additionally, a malicious user could potentially cause interruptions to the availability of the web page.2023-05-11not yet calculatedCVE-2023-29029MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.2023-05-11not yet calculatedCVE-2023-29030MISC
rockwell_automation -- armorstart_stA cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation of this vulnerability.2023-05-11not yet calculatedCVE-2023-29031MISC
oracle -- apacheAn attacker that has gained access to certain private information can use this to act as other user.

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 3.1.3 before 7.1.0

2023-05-12not yet calculatedCVE-2023-29032MISC
samsung -- exynos_modemsAn issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface.2023-05-09not yet calculatedCVE-2023-29092MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions.2023-05-10not yet calculatedCVE-2023-29101MISC
vitess -- vitessVitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Prior to version 16.0.2, users can either intentionally or inadvertently create a shard containing `/` characters from VTAdmin such that from that point on, anyone who tries to create a new shard from VTAdmin will receive an error. Attempting to view the keyspace(s) will also no longer work. Creating a shard using `vtctldclient` does not have the same problem because the CLI validates the input correctly. Version 16.0.2, corresponding to version 0.16.2 of the `go` module, contains a patch for this issue. Some workarounds are available. Always use `vtctldclient` to create shards, instead of using VTAdmin; disable creating shards from VTAdmin using RBAC; and/or delete the topology record for the offending shard using the client for your topology server.2023-05-11not yet calculatedCVE-2023-29195MISCMISCMISCMISCMISCMISC
intel -- oneapi_toolkitsImproper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-29242MISC
oracle -- apacheAn attacker who has gained access to an admin account can perform RCE via null-byte injection

Vendor: The Apache Software Foundation

Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0

2023-05-12not yet calculatedCVE-2023-29246MISC
go -- html/templateTemplates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.2023-05-11not yet calculatedCVE-2023-29400MISCMISCMISCMISC
rockwell_automation -- arena_simulationAn arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.2023-05-09not yet calculatedCVE-2023-29460MISC
rockwell_automation -- arena_simulationAn arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.

potentially resulting in a complete loss of confidentiality, integrity, and availability.

2023-05-09not yet calculatedCVE-2023-29461MISC
rockwell_automation -- arena_simulationAn arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap.

potentially resulting in a complete loss of confidentiality, integrity, and availability.

2023-05-09not yet calculatedCVE-2023-29462MISC
extplorer -- extplorereXtplorer 2.1.15 is vulnerable to Insecure Permissions. File upload in file manager allows uploading zip file containing php pages with arbitrary code executions.2023-05-12not yet calculatedCVE-2023-29657MISCMISC
kodbox -- kodboxkodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue.2023-05-12not yet calculatedCVE-2023-29790MISC
kodbox -- kodboxkodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information.2023-05-11not yet calculatedCVE-2023-29791MISC
vogtmh -- cmapsCross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.2023-05-12not yet calculatedCVE-2023-29808MISCMISCMISC
maximilian_vogt -- companymapsSQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.2023-05-12not yet calculatedCVE-2023-29809MISCMISCMISCMISC
webroot -- secureanywhereAn issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.2023-05-12not yet calculatedCVE-2023-29818MISCMISCMISC
webroot -- secureanywhereAn issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.2023-05-12not yet calculatedCVE-2023-29819MISCMISCMISC
webroot -- secureanywhereAn issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer.2023-05-12not yet calculatedCVE-2023-29820MISCMISCMISC
medical_systems -- medisys_weblabMedical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files.2023-05-11not yet calculatedCVE-2023-29863MISCMISCMISC
genesys -- cic_polycom_phoneAn issue was found in Genesys CIC Polycom phone provisioning TFTP Server all version allows a remote attacker to execute arbitrary code via the login crednetials to the TFTP server configuration page.2023-05-10not yet calculatedCVE-2023-29930MISCMISC
maximilian_vogt -- cmapsCross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.2023-05-12not yet calculatedCVE-2023-29983MISCMISCMISCMISC
spring_boot_actuator -- logviewspring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view.2023-05-11not yet calculatedCVE-2023-29986MISC
imgproxy -- imgproxyimgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.2023-05-08not yet calculatedCVE-2023-30019MISCMISC
fico_origination_manager -- decision_moduleA session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.2023-05-09not yet calculatedCVE-2023-30056MISCMISCMISC
fico_origination_manager -- decision_moduleMultiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-05-09not yet calculatedCVE-2023-30057MISCMISCMISC
libming -- swftophpBuffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c.2023-05-09not yet calculatedCVE-2023-30083MISC
libming -- swftophpAn issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c.2023-05-09not yet calculatedCVE-2023-30084MISC
libming -- swftophpBuffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c.2023-05-09not yet calculatedCVE-2023-30085MISC
libtiff -- libtiffBuffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c.2023-05-09not yet calculatedCVE-2023-30086MISCMISCMISC
cesanta -- mjsBuffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c.2023-05-09not yet calculatedCVE-2023-30087MISC
cesanta -- mjsAn issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c.2023-05-09not yet calculatedCVE-2023-30088MISC
craftcms -- craftcmsAn issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.2023-05-12not yet calculatedCVE-2023-30130MISCMISC
mlflow -- mlflowA directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.2023-05-11not yet calculatedCVE-2023-30172MISCMISC
prestashop -- possearchproductsPrestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find().2023-05-12not yet calculatedCVE-2023-30192MISCMISC
prestashop -- posstaticfooterPrestashop posstaticfooter <= 1.0.0 is vulnerable to SQL Injection via posstaticfooter::getPosCurrentHook().2023-05-10not yet calculatedCVE-2023-30194MISCMISC
cyberghostvpn -- window_clientCyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe.2023-05-09not yet calculatedCVE-2023-30237MISCMISCMISC
judging_management_system -- judging_management_systemSQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.2023-05-12not yet calculatedCVE-2023-30246MISCMISC
oretnom23 -- storage_unit_rental_management_systemFile Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.2023-05-12not yet calculatedCVE-2023-30247MISCMISC
webkil -- qloappsCross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.2023-05-11not yet calculatedCVE-2023-30256MISCMISCMISC
fiio_m6 -- build_numberA buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root.2023-05-08not yet calculatedCVE-2023-30257MISCMISC
softexpert -- excellence_suiteSoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php.2023-05-12not yet calculatedCVE-2023-30330MISCMISC
asmbb -- multiple_productsAsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries.2023-05-08not yet calculatedCVE-2023-30334MISCMISCMISCMISCMISC
shenzen_tenda_technology -- ip_camera_cp3Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for root which is stored using weak encryption. This vulnerability allows attackers to connect to the TELNET service (or UART) by using the exposed credentials.2023-05-10not yet calculatedCVE-2023-30351MISCMISC
shenzen_tenda_technology -- ip_camera_cp3Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 was discovered to contain a hard-coded default password for the RTSP feed.2023-05-10not yet calculatedCVE-2023-30352MISC
shenzen_tenda_technology -- ip_camera_cp3Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows unauthenticated remote code execution via an XML document.2023-05-10not yet calculatedCVE-2023-30353MISC
shenzen_tenda_technology -- ip_camera_cp3Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 does not defend against physical access to U-Boot via the UART: the Wi-Fi password is shown, and the hardcoded boot password can be inserted for console access.2023-05-10not yet calculatedCVE-2023-30354MISCMISC
shenzen_tenda_technology -- ip_camera_cp3Missing Support for an Integrity Check in Shenzen Tenda Technology IP Camera CP3 V11.10.00.2211041355 allows attackers to update the device with crafted firmware2023-05-10not yet calculatedCVE-2023-30356MISC
moveit -- moveitMoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.2023-05-11not yet calculatedCVE-2023-30394MISCMISCMISCMISCMISC
sap_se -- sap_businessobjects_business_intelligence_platformSAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.2023-05-09not yet calculatedCVE-2023-30740MISCMISC
sap_se -- sap_businessobjects_business_intelligence_platformDue to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2023-05-09not yet calculatedCVE-2023-30741MISCMISC
sap_se -- sap_crm_webclient_uiSAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.2023-05-09not yet calculatedCVE-2023-30742MISCMISC
sap_se -- sapui5Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.2023-05-09not yet calculatedCVE-2023-30743MISCMISC
sap_se -- sap_as_netweaver_javaIn SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.  A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.2023-05-09not yet calculatedCVE-2023-30744MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Booqable Rental Software Booqable Rental plugin <= 2.4.15 versions.2023-05-10not yet calculatedCVE-2023-30746MISC
intel -- soc_watch_based_softwareHeap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-30763MISC
intel -- intel_server_board_s2600wttImproper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-30768MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Engine Advanced Custom Fields Pro, WP Engine Advanced Custom Fields plugins <= 6.1.5 versions.2023-05-10not yet calculatedCVE-2023-30777MISCMISCMISC
vyper -- vyperVyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.2023-05-08not yet calculatedCVE-2023-30837MISCMISC
fluid-cloudnative -- fluidFluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.

Once the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.

To exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.

Version 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended.

2023-05-08not yet calculatedCVE-2023-30840MISCMISCMISCMISC
mutagen-io -- mutagenMutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk.2023-05-08not yet calculatedCVE-2023-30844MISCMISCMISC
wwbn -- avideoWWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue.2023-05-08not yet calculatedCVE-2023-30860MISCMISC
oracle -- apacheSQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06)

Note that Log4cxx is a C++ framework, so only C++ applications are affected.

Before version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library.  As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.

Three preconditions must be met for this vulnerability to be possible:

1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)

2. ODBCAppender enabled for logging messages to, generally done via a config file

3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.

Users are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases.
Note that this fix does require a configuration file update, as the old configuration files will not configure properly.  An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.

Example of old configuration snippet:

<appender name="SqlODBCAppender" class="ODBCAppender">

    <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />

    ... other params here ...

</appender>

The migrated configuration snippet with new ColumnMapping parameters:

<appender name="SqlODBCAppender" class="ODBCAppender">

    <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />

    <param name="ColumnMapping" value="message"/>
    ... other params here ...

</appender>

2023-05-08not yet calculatedCVE-2023-31038MISC
django -- djangoIn Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.2023-05-07not yet calculatedCVE-2023-31047CONFIRMMISCMISCFEDORA
effectindex -- tripreporter`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually.2023-05-08not yet calculatedCVE-2023-31123MISCMISC
socketio -- engineioEngine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.2023-05-08not yet calculatedCVE-2023-31125MISCMISCMISC
xwiki -- xwiki-commons`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix.2023-05-09not yet calculatedCVE-2023-31126MISCMISCMISC
dmtf -- libspdmlibspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual
authentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method's finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected.

This issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required.

libspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability.

2023-05-08not yet calculatedCVE-2023-31127MISCMISCMISC
contiki-ng -- contiki-ngThe Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.

The message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`.

The problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly.

2023-05-08not yet calculatedCVE-2023-31129MISCMISC
ghost -- ghostGhost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.

Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`.

2023-05-08not yet calculatedCVE-2023-31133MISCMISCMISC
tauri -- tauriTauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit
arbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC.
2023-05-09not yet calculatedCVE-2023-31134MISCMISCMISCMISCMISCMISC
postgresnio --postgresnioPostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users.2023-05-09not yet calculatedCVE-2023-31136MISCMISCMISCMISCMISCMISCMISCMISC
maradns -- maradnsMaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.

The vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service.

One proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58.

2023-05-09not yet calculatedCVE-2023-31137MISCMISCMISC
dhis2 -- dhis2_coreDHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests.2023-05-09not yet calculatedCVE-2023-31138MISCMISCMISCMISC
dhis2 -- dhis2_coreDHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens (PATs) generate unrestricted session cookies. This may lead to a bypass of other access restrictions (for example, based on allowed IP addresses or HTTP methods). DHIS2 implementers should upgrade to a supported version of DHIS2: 2.37.9.1, 2.38.3.1, or 2.39.1.2. Implementers can work around this issue by adding extra access control validations on a reverse proxy.2023-05-09not yet calculatedCVE-2023-31139MISCMISCMISCMISC
openproject -- openprojectOpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround.2023-05-08not yet calculatedCVE-2023-31140MISCMISCMISCMISC
opensearch -- opensearchOpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue.2023-05-08not yet calculatedCVE-2023-31141MISC
mage-ai -- mage-aimage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue.2023-05-09not yet calculatedCVE-2023-31143MISCMISC
craft_cms -- cmsCraft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.2023-05-09not yet calculatedCVE-2023-31144MISCMISC
vyper -- vyperVyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.2023-05-11not yet calculatedCVE-2023-31146MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Input Validation vulnerability

in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31148MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Input Validation vulnerability

in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to execute arbitrary code.
See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31149MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker to retrieve passwords.
See SEL Service Bulletin dated 2022-11-15 for more details.
2023-05-10not yet calculatedCVE-2023-31150MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Certificate Validation vulnerability

in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface

could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.
See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31151MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass.
See SEL Service Bulletin dated 2022-11-15 for more details.
2023-05-10not yet calculatedCVE-2023-31152MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.See SEL Service Bulletin dated 2022-11-15 for more details.2023-05-10not yet calculatedCVE-2023-31153MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31154MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31155MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31156MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31157MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31158MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31159MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31160MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow an authenticated remote attacker to use internal resources, allowing a variety of potential effects.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31161MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Input Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to arbitrarily alter the content of a configuration file.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31162MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31163MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31164MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31165MISCMISC
schweitzer_engineering_laboratories -- real-time_automation_controller_database_system An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote authenticated attacker to create folders in arbitrary paths of the file system.

See SEL Service Bulletin dated 2022-11-15 for more details.

2023-05-10not yet calculatedCVE-2023-31166MISCMISC
agilepoint -- nxAgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.2023-05-08not yet calculatedCVE-2023-31178MISC
agilepoint -- nxAgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.2023-05-08not yet calculatedCVE-2023-31179MISC
easytor -- easytorEasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.2023-05-08not yet calculatedCVE-2023-31182MISC
intel -- trace_analyzer_collectorUncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-31197MISC
intel -- solid_state_drive_toolboxImproper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-31199MISC
sap -- businessobjects_business_intelligence_platformUnder certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.2023-05-09not yet calculatedCVE-2023-31404MISCMISC
sap -- businessobjects_business_intelligence_platformDue to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.2023-05-09not yet calculatedCVE-2023-31406MISCMISC
sap -- business_planning_and_consolidationSAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.2023-05-09not yet calculatedCVE-2023-31407MISCMISC
lightbend_akka -- lightbend_akkaIn Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not validate (e.g., via TLS) the authenticity of the discovered service, this may result in exfiltration of application data (e.g., persistence events may be published to an unintended Kafka broker). If such validation is performed, then the poisoning constitutes a denial of access to the intended service. This affects Akka 2.5.14 through 2.8.0, and Akka Discovery through 2.8.0.2023-05-11not yet calculatedCVE-2023-31442MISCMISC
cassia -- access_controllerCassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users.2023-05-11not yet calculatedCVE-2023-31445MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL.2023-05-10not yet calculatedCVE-2023-31471MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied.2023-05-09not yet calculatedCVE-2023-31472MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to read an arbitrary file name while using root privileges. The -f option can be used with a configuration file.2023-05-11not yet calculatedCVE-2023-31473MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name.2023-05-09not yet calculatedCVE-2023-31474MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.2023-05-11not yet calculatedCVE-2023-31475MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www).2023-05-09not yet calculatedCVE-2023-31476MISCMISC
glinet -- glinetA path traversal issue was discovered on GL.iNet devices before 3.216. Through the file sharing feature, it is possible to share an arbitrary directory, such as /tmp or /etc, because there is no server-side restriction to limit sharing to the USB path.2023-05-11not yet calculatedCVE-2023-31477MISCMISC
glinet -- glinetAn issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key.2023-05-09not yet calculatedCVE-2023-31478MISCMISC
frrouting -- bgpdAn issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function.2023-05-09not yet calculatedCVE-2023-31489MISC
frrouting -- bgpdAn issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.2023-05-09not yet calculatedCVE-2023-31490MISC
quick_heal_technologies -- limited_seqrite_endpoint_securityIncorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary to the target system.2023-05-11not yet calculatedCVE-2023-31497MISC
php_gurukul -- hospital_management_systemA privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token parameter.2023-05-11not yet calculatedCVE-2023-31498MISCMISCMISC
altenergy -- power_control_softwareAltenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php.2023-05-11not yet calculatedCVE-2023-31502MISC
prestashop -- prestashopA cross-site scripting (XSS) vulnerability in PrestaShop v1.7.7.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the message parameter in /contactform/contactform.php.2023-05-11not yet calculatedCVE-2023-31508MISC
motorola -- cx2l_routerMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter.2023-05-11not yet calculatedCVE-2023-31528MISC
motorola -- cx2l_routerMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter.2023-05-11not yet calculatedCVE-2023-31529MISC
motorola -- cx2l_routerMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter.2023-05-11not yet calculatedCVE-2023-31530MISC
motorola -- cx2l_routerMotorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter.2023-05-11not yet calculatedCVE-2023-31531MISC
xpdf -- xpdfimagesxpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS).2023-05-10not yet calculatedCVE-2023-31554MISC
podofo -- podofoinfopodofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad.2023-05-10not yet calculatedCVE-2023-31555MISC
podofo -- podofoinfopodofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent.2023-05-10not yet calculatedCVE-2023-31556MISC
xpdf -- xpdfimagesxpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS).2023-05-10not yet calculatedCVE-2023-31557MISC
podofo -- podofoPodofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted().2023-05-10not yet calculatedCVE-2023-31566MISC
podofo -- podofoPodofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3.2023-05-10not yet calculatedCVE-2023-31567MISC
podofo -- podofoPodofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4.2023-05-10not yet calculatedCVE-2023-31568MISC
jerryscript-project -- jerryscriptJerryscript 3.0.0(commit 1a2c047) was discovered to contain a heap-buffer-overflow via the component lexer_compare_identifier_to_chars at /jerry-core/parser/js/js-lexer.c.2023-05-10not yet calculatedCVE-2023-31906MISC
jerryscript-project -- jerryscriptJerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via the component scanner_literal_is_created at /jerry-core/parser/js/js-scanner-util.c.2023-05-10not yet calculatedCVE-2023-31907MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component ecma_builtin_typedarray_prototype_sort.2023-05-10not yet calculatedCVE-2023-31908MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain a heap-buffer-overflow via the component parser_parse_function_statement at /jerry-core/parser/js/js-parser-statm.c.2023-05-10not yet calculatedCVE-2023-31910MISC
jerryscript-project -- jerryscriptJerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.2023-05-12not yet calculatedCVE-2023-31913MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.2023-05-12not yet calculatedCVE-2023-31914MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.2023-05-12not yet calculatedCVE-2023-31916MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.2023-05-12not yet calculatedCVE-2023-31918MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.2023-05-12not yet calculatedCVE-2023-31919MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.2023-05-12not yet calculatedCVE-2023-31920MISC
jerryscript-project -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.2023-05-12not yet calculatedCVE-2023-31921MISC
quickjs -- commitQuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c.2023-05-12not yet calculatedCVE-2023-31922MISC
libming -- libminglibming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c.2023-05-09not yet calculatedCVE-2023-31976MISC
catdoc -- catdocCatdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c.2023-05-09not yet calculatedCVE-2023-31979MISC
sngrep -- sngrepSngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c.2023-05-09not yet calculatedCVE-2023-31981MISC
sngrep -- sngrepSngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c.2023-05-09not yet calculatedCVE-2023-31982MISC
edimax -- wireless_router_n300_firmware_br-6428nsA Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.2023-05-12not yet calculatedCVE-2023-31983MISC
edimax -- wireless_router_n300_firmware_br-6428nsA Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations.2023-05-12not yet calculatedCVE-2023-31985MISC
vyper -- vyperVyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.2023-05-11not yet calculatedCVE-2023-32058MISCMISC
vyper -- vyperVyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.2023-05-11not yet calculatedCVE-2023-32059MISCMISC
dhis2 -- coreDHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known.2023-05-09not yet calculatedCVE-2023-32060MISC
time_tracker -- time_trackerTime Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783.2023-05-09not yet calculatedCVE-2023-32066MISCMISC
xwiki -- platformXWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.2023-05-09not yet calculatedCVE-2023-32069MISCMISCMISC
xwiki -- platformXWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. There are no known workarounds apart from upgrading to a fixed version.2023-05-10not yet calculatedCVE-2023-32070MISCMISCMISC
xwiki -- platformXWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01.2023-05-09not yet calculatedCVE-2023-32071MISCMISCMISCMISC
wwbn -- avideoWWBN AVideo is an open source video platform. In versions 12.4 and prior, a command injection vulnerability exists at `plugin/CloneSite/cloneClient.json.php` which allows Remote Code Execution if you CloneSite Plugin. This is a bypass to the fix for CVE-2023-30854, which affects WWBN AVideo up to version 12.3. This issue is patched in commit 1df4af01f80d56ff2c4c43b89d0bac151e7fb6e3.2023-05-12not yet calculatedCVE-2023-32073MISCMISC
pimcore -- customer_managemenr_frameworkThe Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. In `pimcore/customer-management-framework-bundle` prior to version 3.3.9, business logic errors are possible in the `Conditions` tab since the counter can be a negative number. This vulnerability is capable of the unlogic in the counter value in the Conditions tab. Users should update to version 3.3.9 to receive a patch or, as a workaround, or apply the patch manually.2023-05-11not yet calculatedCVE-2023-32075MISCMISCMISCMISC
in-toto -- in-totoin-toto is a framework to protect supply chain integrity. The in-toto configuration is read from various directories and allows users to configure the behavior of the framework. The files are from directories following the XDG base directory specification. In versions 1.4.0 and prior, among the files read is `.in_totorc` which is a hidden file in the directory in which in-toto is run. If an attacker controls the inputs to a supply chain step, they can mask their activities by also passing in an `.in_totorc` file that includes the necessary exclude patterns and settings. RC files are widely used in other systems and security issues have been discovered in their implementations as well. Maintainers found in their conversations with in-toto adopters that `in_totorc` is not their preferred way to configure in-toto. As none of the options supported in `in_totorc` is unique, and can be set elsewhere using API parameters or CLI arguments, the maintainers decided to drop support for `in_totorc`. in-toto's `user_settings` module has been dropped altogether in commit 3a21d84f40811b7d191fa7bd17265c1f99599afd. Users may also sandbox functionary code as a security measure.2023-05-10not yet calculatedCVE-2023-32076MISCMISCMISCMISC
pterodactyl -- wingsWings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerability has been resolved in version `v1.11.6` of Wings, and has been back-ported to the 1.7 release series in `v1.7.5`. Anyone running `v1.11.x` should upgrade to `v1.11.6` and anyone running `v1.7.x` should upgrade to `v1.7.5`.

There are no workarounds aside from upgrading. Running Wings with a rootless container runtime may mitigate the severity of any attacks, however the majority of users are using container runtimes that run as root as per the Wings documentation. SELinux may prevent attackers from performing certain operations against the host system, however privileged containers have a lot of freedom even on systems with SELinux enabled.

It should be noted that this was a known attack vector, for attackers to easily exploit this attack it would require compromising an administrator account on a Panel. However, certain eggs (the data structure that holds the install scripts that get passed to Wings) have an issue where they are unknowingly executing shell commands with escalated privileges provided by untrusted user data.

2023-05-10not yet calculatedCVE-2023-32080MISCMISCMISC
vertx -- stompVert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds.2023-05-12not yet calculatedCVE-2023-32081MISCMISC
etcd-io -- etcdetcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease when `Keys` parameter is true, even a user doesn't have read permission to the keys. The impact is limited to a cluster which enables auth (RBAC). Versions 3.4.26 and 3.5.9 fix this issue. There are no known workarounds.2023-05-11not yet calculatedCVE-2023-32082MISCMISCMISCMISC
sap_se -- powerdesigner_proxyIn SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.2023-05-09not yet calculatedCVE-2023-32111MISCMISC
sap_se -- vendor_master_hierarchyVendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.2023-05-09not yet calculatedCVE-2023-32112MISCMISC
sap_se -- gui_for_windowsSAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.2023-05-09not yet calculatedCVE-2023-32113MISCMISC
linux -- kernelIn the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.2023-05-08not yet calculatedCVE-2023-32233MISCMISCMISCMISCMISCDEBIAN
wordpress -- wordpressImproper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.2023-05-12not yet calculatedCVE-2023-32243MISCMISC
planetlabs -- planet_client_pythonPlanet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.2023-05-12not yet calculatedCVE-2023-32303MISCMISCMISC
aiven -- extrasaiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire `superuser` privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the `postgres` user. The issue has been patched as of version 1.1.9.2023-05-12not yet calculatedCVE-2023-32305MISCMISC
time_tracker -- time_trackerTime Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the `reports.php` page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in `ttReportHelper.class.php` from version 1.22.13.5792.2023-05-12not yet calculatedCVE-2023-32306MISC
veritas -- infoscale_operations_managerAn issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The VIOM web application does not validate user-supplied data and appends it to OS commands and internal binaries used by the application. An attacker with root/administrator level privileges can leverage this to read sensitive data stored on the servers, modify data or server configuration, and delete data or application configuration.2023-05-10not yet calculatedCVE-2023-32568MISC
veritas -- infoscale_operations_managerAn issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.2023-05-10not yet calculatedCVE-2023-32569MISC
videolan -- dav1dVideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.2023-05-10not yet calculatedCVE-2023-32570MISCMISC
qt-project -- qt-projectIn Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled.2023-05-10not yet calculatedCVE-2023-32573MISC
luatex -- luatexLuaTeX before 1.17.0 enables the socket library by default.2023-05-11not yet calculatedCVE-2023-32668MISCMISCMISC

Back to top

 

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.