Vulnerability Summary for the Week of June 19, 2023

Released
Jun 26, 2023
Document ID
SB23-177

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
zyxel -- nas326_firmwareThe pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.2023-06-199.8CVE-2023-27992
MISC
marksoft -- marksoftImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.2023-06-199.8CVE-2023-2907
MISC
wordpress -- wordpressThe MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-06-249.8CVE-2023-3197
MISC
MISC
simple_customer_relationship_management -- simple_customer_relationship_managementSimple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.2023-06-169.8CVE-2023-34548
MISC
jeecg_boot -- jeecg_bootjeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.2023-06-169.8CVE-2023-34659
MISC
tp-link -- archer_ax10_firmwareTP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.2023-06-169.8CVE-2023-34832
MISC
MISC
MISC
MISC
progress -- moveit_transferIn Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3).2023-06-169.8CVE-2023-35708
MISC
MISC
MISC
wordpress -- wordpressThe CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe.2023-06-208.1CVE-2023-3325
MISC
MISC
MISC
microsoft -- sql_serverMicrosoft ODBC Driver for SQL Server Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32027
MISC
microsoft -- sql_serverMicrosoft OLE DB Remote Code Execution Vulnerability2023-06-167.8CVE-2023-32028
MISC
linux -- kernelAn issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.2023-06-167.8CVE-2023-35788
MISC
MISC
MISC
MLIST
juniper_networks -- junos_os/junos_os_evolvedAn Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.2023-06-217.5CVE-2023-0026
CONFIRM
MISC
isc -- bind_9Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the `max-cache-size` statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in `named` can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured `max-cache-size` limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.2023-06-217.5CVE-2023-2828
MISC
MISC
MISC
MISC
isc -- bind_9A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.2023-06-217.5CVE-2023-2829
MISC
isc -- bind_9If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.2023-06-217.5CVE-2023-2911
MISC
MISC
MISC
MISC
microsoft -- yarpYet Another Reverse Proxy (YARP) Denial of Service Vulnerability2023-06-237.5CVE-2023-33141
MISC
jfinal_cms -- jfinal_cmsjfinal CMS 5.1.0 has an arbitrary file read vulnerability.2023-06-167.5CVE-2023-34645
MISC
wordpress -- wordpressThe Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard.2023-06-227.2CVE-2019-25152
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2.2023-06-247.2CVE-2023-3388
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
mattermost -- mattermostMattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.2023-06-166.5CVE-2023-2784
MISC
fortinet -- fortiosA null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.2023-06-166.5CVE-2023-33306
MISC
fortinet -- fortiosA null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.2023-06-166.5CVE-2023-33307
MISC
MISC
jeecg_boot -- jeecg_bootjjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.2023-06-166.5CVE-2023-34660
MISC
wordpress -- wordpressThe Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-06-246.4CVE-2023-3387
MISC
MISC
MISC
everestthemes -- arya_multipurposeUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme <= 1.0.5 versions.2023-06-166.1CVE-2023-27420
MISC
react-storefront -- react-storefrontCross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.2023-06-166.1CVE-2023-3294
MISC
CONFIRM
wordpress -- wordpressThe WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-06-206.1CVE-2023-3320
MISC
MISC
MISC
apple -- macosA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-236CVE-2023-32369
MISC
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.2023-06-165.4CVE-2023-26013
MISC
wolterskluwer -- teammate+A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.2023-06-165.4CVE-2023-33438
MISC
MISC
bludit -- bluditBludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.2023-06-165.4CVE-2023-34845
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin <= 2.0.0 versions.2023-06-164.8CVE-2023-25963
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin <= 1.0.5 versions.2023-06-164.8CVE-2023-25974
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin <= 2.7.2 versions.2023-06-164.8CVE-2023-26515
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions.2023-06-164.8CVE-2023-26527
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2 versions.2023-06-164.8CVE-2023-26537
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin <= 1.5.4 versions.2023-06-164.8CVE-2023-26541
MISC
suitecrm -- suitecrmCross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.2023-06-164.8CVE-2023-3293
CONFIRM
MISC
mattermost -- mattermostMattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.2023-06-164.3CVE-2023-2783
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
nanopb -- nanopbNanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.2023-06-17not yet calculatedCVE-2014-125106
MISC
MISC
MISC
mozilla -- firefox
 
A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.2023-06-19not yet calculatedCVE-2019-25136
MISC
MISC
ebcms -- ebcmsFile upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.2023-06-20not yet calculatedCVE-2020-20067
MISC
dwsurvey -- dwsurveyCross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.2023-06-20not yet calculatedCVE-2020-20070
MISC
kilo -- kiloBuffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c.2023-06-20not yet calculatedCVE-2020-20335
MISC
wuzhicms -- wuzhicmsSQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.2023-06-20not yet calculatedCVE-2020-20413
MISC
opencart -- opencartSQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.2023-06-20not yet calculatedCVE-2020-20491
MISC
yzcms -- yzcmsCross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.2023-06-20not yet calculatedCVE-2020-20502
MISC
MISC
joyplus-cms -- joyplus-cmsSQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.2023-06-20not yet calculatedCVE-2020-20636
MISC
nodcms -- nodcmsCross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.2023-06-20not yet calculatedCVE-2020-20697
MISC
vim -- vimBuffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.2023-06-20not yet calculatedCVE-2020-20703
MISC
pluckcms -- pluckcmsFile Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.2023-06-20not yet calculatedCVE-2020-20718
MISC
taocms -- taocmsCross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.2023-06-20not yet calculatedCVE-2020-20725
MISC
gilacms -- gilacmsCross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.2023-06-20not yet calculatedCVE-2020-20726
MISC
ljcms -- ljcmsFile Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.2023-06-20not yet calculatedCVE-2020-20735
MISC
pluckcms -- pluckcmsAn issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.2023-06-20not yet calculatedCVE-2020-20918
MISC
pluckcms -- pluckcmsFile upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.2023-06-20not yet calculatedCVE-2020-20919
MISC
pluckcms -- pluckcmsFile Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.2023-06-20not yet calculatedCVE-2020-20969
MISC
zrlog -- zrlogCross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.2023-06-20not yet calculatedCVE-2020-21052
MISC
typora -- typoraCross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.2023-06-20not yet calculatedCVE-2020-21058
MISC
liufee_cms -- liufee_cmsFile Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.2023-06-20not yet calculatedCVE-2020-21174
MISC
yiicms -- yiicmsCross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.2023-06-20not yet calculatedCVE-2020-21246
MISC
hongcms -- hongcmsCross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.2023-06-20not yet calculatedCVE-2020-21252
MISC
easysoft -- zentaopmsCross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.2023-06-20not yet calculatedCVE-2020-21268
MISC
wuzhicms -- wuzhicms
 
An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.2023-06-20not yet calculatedCVE-2020-21325
MISC
greencms -- greencmsCross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.2023-06-20not yet calculatedCVE-2020-21366
MISC
phpmywind -- phpmywindSQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.2023-06-20not yet calculatedCVE-2020-21400
MISC
nucleuscms -- nucleuscmsFile Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.2023-06-20not yet calculatedCVE-2020-21474
MISC
alluxio -- alluxioCross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.2023-06-20not yet calculatedCVE-2020-21485
MISC
phpok -- phpokSQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file.2023-06-20not yet calculatedCVE-2020-21486
MISC
feehicms -- feehicmsFile Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.2023-06-20not yet calculatedCVE-2020-21489
MISC
apple -- macos
 
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution2023-06-23not yet calculatedCVE-2022-22630
MISC
MISC
MISC
semver -- semverVersions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.2023-06-21not yet calculatedCVE-2022-25883
MISC
MISC
MISC
MISC
MISC
MISC
riello ups -- netman-204There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations.2023-06-21not yet calculatedCVE-2022-3372
MISC
apple -- ios_and_ipados
 
This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2022-42792
MISC
apple -- macos
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key2023-06-23not yet calculatedCVE-2022-42807
MISC
apple -- macos
 
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression2023-06-23not yet calculatedCVE-2022-42834
MISC
MISC
MISC
apple -- macos
 
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system2023-06-23not yet calculatedCVE-2022-42860
MISC
MISC
MISC
temenos_cwx -- temenos_cwxAn access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.2023-06-21not yet calculatedCVE-2022-45287
MISC
MISC
MISC
apple -- ios_and_ipados
 
A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences2023-06-23not yet calculatedCVE-2022-46715
MISC
apple -- macos
 
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2022-46718
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.2023-06-19not yet calculatedCVE-2022-46850
MISC
wordpress -- wordpressUnauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.1.23 versions.2023-06-19not yet calculatedCVE-2022-47586
MISC
wordpress -- wordpressAuth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin <= 1.6.35 versions.2023-06-22not yet calculatedCVE-2022-47593
MISC
wordpress -- wordpressUnauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin <= 3.9.7 versions.2023-06-23not yet calculatedCVE-2022-47614
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48486
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48487
MISC
huawei -- harmonyos
 
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.2023-06-19not yet calculatedCVE-2022-48488
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48489
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48490
MISC
huawei -- harmonyos
 
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.2023-06-19not yet calculatedCVE-2022-48491
MISC
huawei -- emuiConfiguration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48492
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48493
MISC
huawei -- harmonyos
 
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.2023-06-19not yet calculatedCVE-2022-48494
MISC
huawei -- harmonyos
 
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.2023-06-19not yet calculatedCVE-2022-48495
MISC
huawei -- harmonyos
 
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.2023-06-19not yet calculatedCVE-2022-48496
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48497
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48498
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48499
MISC
huawei -- emui
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48500
MISC
huawei -- harmonyos
 
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.2023-06-19not yet calculatedCVE-2022-48501
MISC
dominion_voting_systems -- imagecast_precinct/imagecast_evolutionA flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.2023-06-19not yet calculatedCVE-2022-48506
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-06-19not yet calculatedCVE-2023-0368
MISC
wordpress -- wordpress
 
The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-06-19not yet calculatedCVE-2023-0489
MISC
silicon_labs -- z/ip_gatewayA vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.2023-06-21not yet calculatedCVE-2023-0969
MISC
silicon_labs -- z/ip_gatewayMultiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.2023-06-21not yet calculatedCVE-2023-0970
MISC
silicon_labs -- z/ip_gatewayA logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.2023-06-21not yet calculatedCVE-2023-0971
MISC
silicon_labs -- z/ip_gatewayDescription: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.2023-06-21not yet calculatedCVE-2023-0972
MISC
yoga_class_registration_system -- yoga_class_registration_systemYoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.2023-06-24not yet calculatedCVE-2023-1721
MISC
MISC
yoga_class_registration_system -- yoga_class_registration_systemYoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.2023-06-24not yet calculatedCVE-2023-1722
MISC
MISC
ladybirdweb -- faveo_helpdesk_for_linuxFaveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.2023-06-24not yet calculatedCVE-2023-1724
MISC
MISC
orangescrum -- orangescrum_for_linuxOrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.2023-06-23not yet calculatedCVE-2023-1783
MISC
MISC
cloudflare -- warp_client_for_windowsCloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.2023-06-20not yet calculatedCVE-2023-1862
MISC
MISC
MISC
chromium -- libwebpThere exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. 2023-06-20not yet calculatedCVE-2023-1999
MISC
vmware -- vcenter_serverThe vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.2023-06-22not yet calculatedCVE-2023-20892
MISC
vmware -- vcenter_serverThe VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.2023-06-22not yet calculatedCVE-2023-20893
MISC
vmware -- vcenter_serverThe VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.2023-06-22not yet calculatedCVE-2023-20894
MISC
vmware -- vcenter_serverThe VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.2023-06-22not yet calculatedCVE-2023-20895
MISC
vmware -- vcenter_serverThe VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).2023-06-22not yet calculatedCVE-2023-20896
MISC
wordpress -- wordpress
 
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.2023-06-19not yet calculatedCVE-2023-2221
MISC
hcl_software -- bigfix_osd_bare_metal_serverA clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.2023-06-22not yet calculatedCVE-2023-23343
MISC
hcl_software -- bigfix_webui_insightsA permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.2023-06-23not yet calculatedCVE-2023-23344
MISC
apple -- macos
 
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges2023-06-23not yet calculatedCVE-2023-23516
MISC
MISC
MISC
apple -- macos
 
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution2023-06-23not yet calculatedCVE-2023-23539
MISC
wordpress -- wordpress
 
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.2023-06-19not yet calculatedCVE-2023-2359
MISC
js_help_desk -- js_help_deskAuthorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.2023-06-23not yet calculatedCVE-2023-23679
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.2023-06-22not yet calculatedCVE-2023-23795
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin <= 1.1.2 versions.2023-06-22not yet calculatedCVE-2023-23807
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin <= 1.0.0 versions.2023-06-22not yet calculatedCVE-2023-23811
MISC
wordpress -- wordpress
 
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.2023-06-19not yet calculatedCVE-2023-2399
MISC
devolutions -- server
 
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.2023-06-20not yet calculatedCVE-2023-2400
MISC
wordpress -- wordpress
 
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-06-19not yet calculatedCVE-2023-2401
MISC
gl.inet -- gl-e750_mudiA vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.2023-06-21not yet calculatedCVE-2023-24261
MISC
wordpress -- wordpress
 
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.2023-06-19not yet calculatedCVE-2023-2492
MISC
autodesk -- autocad/mayaA maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.2023-06-23not yet calculatedCVE-2023-25003
MISC
nokia -- airscale_asika_single_ran_devicesAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.2023-06-16not yet calculatedCVE-2023-25187
MISC
MISC
MISC
wordpress -- wordpress
 
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-19not yet calculatedCVE-2023-2527
MISC
papercut -- ng/mfA Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.2023-06-20not yet calculatedCVE-2023-2533
MISC
MISC
libtiff -- libtifflibtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.2023-06-21not yet calculatedCVE-2023-25435
MISC
vaadin -- vaadinWhen adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.2023-06-22not yet calculatedCVE-2023-25499
MISC
MISC
vaadin -- vaadinPossible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.2023-06-22not yet calculatedCVE-2023-25500
MISC
MISC
nvidia -- jetson_agx_xavier_series/jetson_xavier_nxNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.2023-06-23not yet calculatedCVE-2023-25515
MISC
nvidia -- jetson_agx_xavier_series/jetson_xavier_nxNVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.2023-06-23not yet calculatedCVE-2023-25518
MISC
nvidia -- multiple_productsNVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.2023-06-23not yet calculatedCVE-2023-25520
MISC
mozilla -- firefox
 
The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.2023-06-19not yet calculatedCVE-2023-25733
MISC
MISC
mozilla -- firefox
 
An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. This vulnerability affects Firefox < 110.2023-06-19not yet calculatedCVE-2023-25736
MISC
MISC
mozilla -- firefox_for_android
 
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 110.1.0.2023-06-19not yet calculatedCVE-2023-25747
MISC
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-25936
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-25937
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-25938
MISC
wordpress -- wordpress
 
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-19not yet calculatedCVE-2023-2600
MISC
advantech -- r-seenetAdvantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.2023-06-22not yet calculatedCVE-2023-2611
MISC
sync -- word-wrapAll versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.2023-06-22not yet calculatedCVE-2023-26115
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteDefault permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26427
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteAttackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26428
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteControl characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26429
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteIPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26431
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteWhen adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26432
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteWhen adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26433
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteWhen adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26434
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteIt was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26435
MISC
MISC
MISC
MISC
open-xchange_ software_gmbh -- ox_app_suiteAttackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.2023-06-20not yet calculatedCVE-2023-26436
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin <= 0.1 versions.2023-06-22not yet calculatedCVE-2023-26534
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin <= 2.1.2 versions.2023-06-22not yet calculatedCVE-2023-26539
MISC
wordpress -- wordpress
 
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-06-19not yet calculatedCVE-2023-2654
MISC
wordpress -- wordpress
 
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-19not yet calculatedCVE-2023-2684
MISC
pluckcms -- pluckcmsAn issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.2023-06-22not yet calculatedCVE-2023-27083
MISC
wordpress -- wordpress
 
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.2023-06-19not yet calculatedCVE-2023-2719
MISC
makves -- dcapAn access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.2023-06-21not yet calculatedCVE-2023-27243
MISC
MISC
MISC
omron_corporation -- multiple_products
 
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)2023-06-19not yet calculatedCVE-2023-27396
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin <= 2.4.4 versions.2023-06-22not yet calculatedCVE-2023-27413
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin <= 3.4.4 versions.2023-06-21not yet calculatedCVE-2023-27414
MISC
wordpress -- wordpress
 
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2023-06-19not yet calculatedCVE-2023-2742
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions.2023-06-23not yet calculatedCVE-2023-27427
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin <= 5.4.4 versions.2023-06-21not yet calculatedCVE-2023-27429
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin <= 1.0.4 versions.2023-06-21not yet calculatedCVE-2023-27432
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions.2023-06-21not yet calculatedCVE-2023-27439
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin <= 2.9.1 versions.2023-06-21not yet calculatedCVE-2023-27443
MISC
wordpress -- wordpress
 
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.2023-06-21not yet calculatedCVE-2023-27450
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.3 versions.2023-06-22not yet calculatedCVE-2023-27452
MISC
wordpress -- wordpress
 
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.2023-06-19not yet calculatedCVE-2023-2751
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.2023-06-22not yet calculatedCVE-2023-27612
MISC
wordpress -- wordpress
 
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin <= 1.4.9 versions.2023-06-22not yet calculatedCVE-2023-27618
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.2023-06-22not yet calculatedCVE-2023-27629
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin <= 2023.05.04 versions.2023-06-22not yet calculatedCVE-2023-27631
MISC
wordpress -- wordpress
 
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-06-19not yet calculatedCVE-2023-2779
MISC
MISC
autodesk_installer
 
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.2023-06-23not yet calculatedCVE-2023-27908
MISC
apple -- macos
 
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges2023-06-23not yet calculatedCVE-2023-27930
MISC
MISC
MISC
MISC
apple -- macos
 
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections2023-06-23not yet calculatedCVE-2023-27940
MISC
MISC
MISC
apple -- airpods_firmware_update
 
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.2023-06-23not yet calculatedCVE-2023-27964
MISC
hcl_software -- bigfix_osd_bare_metal_serverThe OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.2023-06-22not yet calculatedCVE-2023-28006
MISC
hcl_software -- bigfix_osd_bare_metal_serverHost Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.2023-06-22not yet calculatedCVE-2023-28016
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28026
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28027
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28028
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable2023-06-23not yet calculatedCVE-2023-28029
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28030
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28031
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28032
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28033
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28034
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28035
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28036
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28039
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28040
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28041
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28042
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28044
MISC
wordpress -- wordpress
 
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.2023-06-19not yet calculatedCVE-2023-2805
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28050
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28052
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28054
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28056
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28058
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28059
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28060
MISC
dell -- cpg_biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.2023-06-23not yet calculatedCVE-2023-28061
MISC
dell -- cpg_biosDell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.2023-06-23not yet calculatedCVE-2023-28064
MISC
dell -- multiple_productsDell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.2023-06-23not yet calculatedCVE-2023-28065
MISC
dell -- multiple_productsDell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).2023-06-23not yet calculatedCVE-2023-28071
MISC
dell -- cpg_biosDell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.2023-06-23not yet calculatedCVE-2023-28073
MISC
pegasystems -- pega_platform
 
Pega platform clients who are using versions 6.1 through 8.8.3 and have upgraded from a version prior to 8.x may be utilizing default credentials.2023-06-22not yet calculatedCVE-2023-28094
MISC
wordpress -- wordpress
 
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot2023-06-19not yet calculatedCVE-2023-2811
MISC
wordpress -- wordpress
 
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-06-19not yet calculatedCVE-2023-2812
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin <= 1.0.0 versions.2023-06-22not yet calculatedCVE-2023-28166
MISC
wordpress -- wordpress
 
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme <= 1.3.1 versions.2023-06-22not yet calculatedCVE-2023-28171
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin <= 1.2.4 versions.2023-06-22not yet calculatedCVE-2023-28174
MISC
apple -- multiple_productsThis issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-28191
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app2023-06-23not yet calculatedCVE-2023-28202
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.2023-06-23not yet calculatedCVE-2023-28204
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme <= 1.3.0 versions.2023-06-22not yet calculatedCVE-2023-28418
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin <= 1.4.15 versions.2023-06-22not yet calculatedCVE-2023-28423
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin <= 1.4.2 versions.2023-06-22not yet calculatedCVE-2023-28496
MISC
wordpress -- wordpress
 
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin <= 2.0.0 versions.2023-06-22not yet calculatedCVE-2023-28534
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin <= 1.3.10 versions.2023-06-22not yet calculatedCVE-2023-28695
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6 versions.2023-06-22not yet calculatedCVE-2023-28750
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions.2023-06-23not yet calculatedCVE-2023-28751
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin <= 1.6.5 versions.2023-06-22not yet calculatedCVE-2023-28774
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.2023-06-22not yet calculatedCVE-2023-28776
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin <= 1.2.2 versions.2023-06-22not yet calculatedCVE-2023-28778
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 21.1.2 versions.2023-06-22not yet calculatedCVE-2023-28784
MISC
zscaler -- client_connectorA URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. 2023-06-22not yet calculatedCVE-2023-28799
MISC
MISC
MISC
MISC
MISC
MISC
zscaler -- client_connectorWhen using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.2023-06-22not yet calculatedCVE-2023-28800
MISC
MISC
MISC
MISC
MISC
MISC
ibm -- spectrum_protect_backup-archive_clientIBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.2023-06-22not yet calculatedCVE-2023-28956
MISC
MISC
wordpress -- wordpress
 
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin2023-06-19not yet calculatedCVE-2023-2899
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions.2023-06-23not yet calculatedCVE-2023-29100
MISC
subnet_solutions -- powersystem_centerSUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.2023-06-19not yet calculatedCVE-2023-29158
MISC
mozilla -- multiple_products_for_macos
 
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.2023-06-19not yet calculatedCVE-2023-29531
MISC
MISC
MISC
MISC
mozilla -- multiple_products_for_windows
 
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. *Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.2023-06-19not yet calculatedCVE-2023-29532
MISC
MISC
MISC
MISC
mozilla -- firefox_for_android
 
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. *This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.2023-06-19not yet calculatedCVE-2023-29534
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_products_for_windows
 
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.2023-06-19not yet calculatedCVE-2023-29542
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_products_for_windows
 
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. *This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected.* This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.2023-06-19not yet calculatedCVE-2023-29545
MISC
MISC
MISC
MISC
mozilla -- multiple_products_for_android
 
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. *This bug only affects Firefox for Android. Other operating systems are unaffected.* This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.2023-06-19not yet calculatedCVE-2023-29546
MISC
MISC
gbcom_lac -- web_control_centerCross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.2023-06-22not yet calculatedCVE-2023-29707
MISC
MISC
wavlink -- wn579x3
 
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.2023-06-22not yet calculatedCVE-2023-29708
MISC
MISC
wildix -- wsg24poeAn issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.2023-06-22not yet calculatedCVE-2023-29709
MISC
MISC
interlink -- psg-5124An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.2023-06-22not yet calculatedCVE-2023-29711
MISC
MISC
dtstack taier -- dtstack taierAn insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.2023-06-23not yet calculatedCVE-2023-29860
MISC
fortra -- globalscape_eft
 
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited2023-06-22not yet calculatedCVE-2023-2989
MISC
MISC
fortra -- globalscape_eft
 
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service2023-06-22not yet calculatedCVE-2023-2990
MISC
MISC
fortra -- globalscape_eft
 
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message2023-06-22not yet calculatedCVE-2023-2991
MISC
MISC
laravel-s -- laravel-slaravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.2023-06-22not yet calculatedCVE-2023-29931
MISC
linux -- kernel
 
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.2023-06-19not yet calculatedCVE-2023-3022
MISC
MISC
magnussolution -- magnusbillingCommand Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.2023-06-23not yet calculatedCVE-2023-30258
MISC
MISC
raspap -- raspap-webguiCommand injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.2023-06-23not yet calculatedCVE-2023-30260
MISC
MISC
neox_contact_center -- neox_contact_centerCross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.2023-06-22not yet calculatedCVE-2023-30347
MISC
libcoap_library -- libcoap_libraryBuffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.2023-06-23not yet calculatedCVE-2023-30362
MISC
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins <= 1.8.1.2 versions.2023-06-22not yet calculatedCVE-2023-30500
MISC
MISC
ricoh_company -- printer_driver_packager_nx
 
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.2023-06-19not yet calculatedCVE-2023-30759
MISC
MISC
MISC
silicon_labs -- unify_gatewayDescription: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.2023-06-21not yet calculatedCVE-2023-3110
MISC
hashicorp -- terraform_enterpriseTerraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.2023-06-22not yet calculatedCVE-2023-3114
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin <= 6.13.0 versions.2023-06-22not yet calculatedCVE-2023-31213
MISC
fuji_electric/hakko_electronics -- v-server/v-server_liteStack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.2023-06-19not yet calculatedCVE-2023-31239
MISC
MISC
grafana -- grafanaGrafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.2023-06-22not yet calculatedCVE-2023-3128
MISC
sick_ag -- eventcam_appA remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.2023-06-19not yet calculatedCVE-2023-31410
MISC
MISC
MISC
sick_ag -- eventcam_appA remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.2023-06-19not yet calculatedCVE-2023-31411
MISC
MISC
MISC
oracle -- apache/streampipes
 
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.2023-06-23not yet calculatedCVE-2023-31469
MISC
sage -- x3Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.2023-06-22not yet calculatedCVE-2023-31867
MISC
MISC
sage -- x3Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished.2023-06-22not yet calculatedCVE-2023-31868
MISC
MISC
linux -- kernel
 
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.2023-06-23not yet calculatedCVE-2023-3212
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.2023-06-20not yet calculatedCVE-2023-3220
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.2023-06-19not yet calculatedCVE-2023-32201
MISC
MISC
mozilla -- firefox
 
Service workers could reveal script base URL due to dynamic `import()`. This vulnerability affects Firefox < 113.2023-06-19not yet calculatedCVE-2023-32208
MISC
MISC
mozilla -- firefox
 
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.2023-06-19not yet calculatedCVE-2023-32209
MISC
MISC
mozilla -- firefox
 
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.2023-06-19not yet calculatedCVE-2023-32210
MISC
MISC
mozilla -- multiple_products
 
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.2023-06-19not yet calculatedCVE-2023-32214
MISC
MISC
MISC
MISC
mozilla -- firefox
 
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.2023-06-19not yet calculatedCVE-2023-32216
MISC
MISC
wordpress -- wordpressAuth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme <= 7.2.1 versions.2023-06-22not yet calculatedCVE-2023-32239
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.2023-06-19not yet calculatedCVE-2023-32270
MISC
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.2023-06-19not yet calculatedCVE-2023-32273
MISC
MISC
enphase -- installer_toolkitEnphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.2023-06-20not yet calculatedCVE-2023-32274
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.2023-06-19not yet calculatedCVE-2023-32276
MISC
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.2023-06-19not yet calculatedCVE-2023-32288
MISC
MISC
nextcloud -- security-advisoriesNextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.2023-06-22not yet calculatedCVE-2023-32320
MISC
MISC
MISC
apple -- itunes_for_windows
 
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges2023-06-23not yet calculatedCVE-2023-32351
MISC
apple -- macos
 
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks2023-06-23not yet calculatedCVE-2023-32352
MISC
MISC
MISC
MISC
MISC
apple -- itunes_for_windows
 
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges2023-06-23not yet calculatedCVE-2023-32353
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory2023-06-23not yet calculatedCVE-2023-32354
MISC
MISC
MISC
apple -- macos
 
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-23not yet calculatedCVE-2023-32355
MISC
MISC
MISC
apple -- multiple_products
 
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked2023-06-23not yet calculatedCVE-2023-32357
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macos
 
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents2023-06-23not yet calculatedCVE-2023-32360
MISC
MISC
MISC
apple -- macos
 
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32363
MISC
apple -- multiple_products
 
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication2023-06-23not yet calculatedCVE-2023-32365
MISC
MISC
apple -- multiple_products
 
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data2023-06-23not yet calculatedCVE-2023-32367
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-23not yet calculatedCVE-2023-32368
MISC
MISC
MISC
MISC
MISC
apple -- multiple_products
 
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox2023-06-23not yet calculatedCVE-2023-32371
MISC
MISC
apple -- multiple_products
 
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory2023-06-23not yet calculatedCVE-2023-32372
MISC
MISC
MISC
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.2023-06-23not yet calculatedCVE-2023-32373
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macos_venture/macos_montereyAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-23not yet calculatedCVE-2023-32375
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system2023-06-23not yet calculatedCVE-2023-32376
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution2023-06-23not yet calculatedCVE-2023-32380
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory2023-06-23not yet calculatedCVE-2023-32382
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution2023-06-23not yet calculatedCVE-2023-32384
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination2023-06-23not yet calculatedCVE-2023-32385
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data2023-06-23not yet calculatedCVE-2023-32386
MISC
MISC
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution2023-06-23not yet calculatedCVE-2023-32387
MISC
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32388
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory2023-06-23not yet calculatedCVE-2023-32389
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup2023-06-23not yet calculatedCVE-2023-32390
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user2023-06-23not yet calculatedCVE-2023-32391
MISC
MISC
MISC
MISC
apple -- multiple_productsA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2023-32392
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen2023-06-23not yet calculatedCVE-2023-32394
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-23not yet calculatedCVE-2023-32395
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system2023-06-23not yet calculatedCVE-2023-32397
MISC
MISC
MISC
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges2023-06-23not yet calculatedCVE-2023-32398
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2023-32399
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app2023-06-23not yet calculatedCVE-2023-32400
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information2023-06-23not yet calculatedCVE-2023-32402
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2023-32403
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32404
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges2023-06-23not yet calculatedCVE-2023-32405
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32407
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2023-32408
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.2023-06-23not yet calculatedCVE-2023-32409
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state2023-06-23not yet calculatedCVE-2023-32410
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32411
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution2023-06-23not yet calculatedCVE-2023-32412
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges2023-06-23not yet calculatedCVE-2023-32413
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macosThe issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox2023-06-23not yet calculatedCVE-2023-32414
MISC
apple -- multiple_productsThis issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information2023-06-23not yet calculatedCVE-2023-32415
MISC
MISC
MISC
apple -- watchosThis issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features2023-06-23not yet calculatedCVE-2023-32417
MISC
apple -- ios/ipadosThe issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution2023-06-23not yet calculatedCVE-2023-32419
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory2023-06-23not yet calculatedCVE-2023-32420
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences2023-06-23not yet calculatedCVE-2023-32422
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information2023-06-23not yet calculatedCVE-2023-32423
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.2023-06-23not yet calculatedCVE-2023-32434
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.2023-06-23not yet calculatedCVE-2023-32435
MISC
MISC
MISC
MISC
apple -- multiple_productsA type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.2023-06-23not yet calculatedCVE-2023-32439
MISC
MISC
MISC
MISC
dell -- powerstoreDell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks2023-06-22not yet calculatedCVE-2023-32449
MISC
dell -- vxrailDell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.2023-06-23not yet calculatedCVE-2023-32463
MISC
dell -- vxrailDell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.2023-06-23not yet calculatedCVE-2023-32464
MISC
dell -- cpg_biosDell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.2023-06-23not yet calculatedCVE-2023-32480
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.2023-06-19not yet calculatedCVE-2023-32538
MISC
MISC
fuji_electric/hakko_electronics -- tellus/tellus_lite
 
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.2023-06-19not yet calculatedCVE-2023-32542
MISC
MISC
advantech -- r-seenetAdvantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.2023-06-22not yet calculatedCVE-2023-3256
MISC
dynamic -- linqDynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.2023-06-22not yet calculatedCVE-2023-32571
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions.2023-06-23not yet calculatedCVE-2023-32580
MISC
subnet_solutions -- powersystem_centerSUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.2023-06-19not yet calculatedCVE-2023-32659
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).2023-06-22not yet calculatedCVE-2023-32960
MISC
admidio -- admidioImproper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.2023-06-23not yet calculatedCVE-2023-3302
MISC
CONFIRM
admidio -- admidioImproper Access Control in GitHub repository admidio/admidio prior to 4.2.9.2023-06-23not yet calculatedCVE-2023-3303
MISC
CONFIRM
admidio -- admidioImproper Access Control in GitHub repository admidio/admidio prior to 4.2.9.2023-06-23not yet calculatedCVE-2023-3304
CONFIRM
MISC
c-data -- web_management_systemA vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.2023-06-18not yet calculatedCVE-2023-3305
MISC
MISC
MISC
ruijie -- rg-ew1200gA vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-18not yet calculatedCVE-2023-3306
MISC
MISC
MISC
minical --minicalA vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-18not yet calculatedCVE-2023-3307
MISC
MISC
MISC
whaleal_icefrog -- whaleal_icefrogA vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.2023-06-18not yet calculatedCVE-2023-3308
MISC
MISC
MISC
sourcecodester -- resort_management_system
 
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.2023-06-18not yet calculatedCVE-2023-3309
MISC
MISC
MISC
code-projects -- agro-school_management_system
 
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.2023-06-18not yet calculatedCVE-2023-3310
MISC
MISC
MISC
puneethreddyhc -- online_shopping_system_advancedA vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.2023-06-18not yet calculatedCVE-2023-3311
MISC
MISC
MISC
linux -- kernel
 
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.2023-06-19not yet calculatedCVE-2023-3312
MISC
jenkins -- jenkins
 
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.2023-06-19not yet calculatedCVE-2023-3315
MISC
libtiff -- libtiffA NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.2023-06-19not yet calculatedCVE-2023-3316
MISC
linux -- kernel
 
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.2023-06-23not yet calculatedCVE-2023-3317
MISC
sourcecodester -- resort_management_system
 
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.2023-06-19not yet calculatedCVE-2023-3318
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin <= 1.3.0 versions.2023-06-19not yet calculatedCVE-2023-33213
MISC
freebsd -- freebsd
 
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.2023-06-22not yet calculatedCVE-2023-3326
MISC
urlnorm_crate -- urlnorm_crateThe urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.2023-06-21not yet calculatedCVE-2023-33289
MISC
MISC
MISC
fortinet -- fortinac
 
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.2023-06-23not yet calculatedCVE-2023-33299
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin <= 4.0.2 versions.2023-06-22not yet calculatedCVE-2023-33323
MISC
puneethreddyhc -- online_shopping_system_advancedA vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.2023-06-20not yet calculatedCVE-2023-3337
MISC
MISC
datev_eg -- personal-management_system_comfort/comfort_plusA reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.2023-06-22not yet calculatedCVE-2023-33387
MISC
MISC
MISC
code-projects -- agro-school_management_system
 
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.2023-06-21not yet calculatedCVE-2023-3339
MISC
MISC
MISC
sourcecodester -- online_school_fees_system
 
A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument name_startsWith leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232016.2023-06-20not yet calculatedCVE-2023-3340
MISC
MISC
MISC
blogengine.net -- blogengine.netBlogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.2023-06-21not yet calculatedCVE-2023-33405
MISC
craft_cms -- craft_cmsCraft CMS through 4.4.9 is vulnerable to HTML Injection.2023-06-20not yet calculatedCVE-2023-33495
MISC
MISC
ros2 -- ros2ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.2023-06-23not yet calculatedCVE-2023-33565
MISC
MISC
sourcecodester -- enrollment_system_project
 
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.2023-06-21not yet calculatedCVE-2023-33584
MISC
MISC
MISC
MISC
user_registration/login_and_user_management_system -- user_registration/login_and_user_management_systemUser Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.2023-06-21not yet calculatedCVE-2023-33591
MISC
MISC
broadleaf -- broadleafBroadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.2023-06-21not yet calculatedCVE-2023-33725
MISC
wavlink -- wn579x3
 
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-06-23not yet calculatedCVE-2023-3380
MISC
MISC
MISC
sourcecodester -- online_school_fees_system
 
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.2023-06-23not yet calculatedCVE-2023-3381
MISC
MISC
MISC
sourcecodester -- game_result_matrix_system
 
A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability.2023-06-23not yet calculatedCVE-2023-3382
MISC
MISC
MISC
sourcecodester -- game_result_matrix_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239.2023-06-23not yet calculatedCVE-2023-3383
MISC
MISC
MISC
ibm -- spss_modelerIBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.2023-06-22not yet calculatedCVE-2023-33842
MISC
MISC
enphase -- envoyEnphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.2023-06-20not yet calculatedCVE-2023-33869
MISC
sourcecodester -- human_resource_management_system
 
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.2023-06-23not yet calculatedCVE-2023-3391
MISC
MISC
MISC
fossbilling -- fossbilling
 
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.2023-06-23not yet calculatedCVE-2023-3393
MISC
MISC
fossbilling -- fossbilling
 
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.2023-06-23not yet calculatedCVE-2023-3394
MISC
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin <= 5.5.5 versions.2023-06-22not yet calculatedCVE-2023-33997
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin <= 3.6.2 versions.2023-06-22not yet calculatedCVE-2023-34006
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions.2023-06-23not yet calculatedCVE-2023-34012
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions.2023-06-23not yet calculatedCVE-2023-34021
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.2023-06-22not yet calculatedCVE-2023-34028
MISC
flask-appbuilder -- flask-appbuilderFlask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.2023-06-22not yet calculatedCVE-2023-34110
MISC
MISC
MISC
MISC
huawei -- harmonyos
 
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.2023-06-19not yet calculatedCVE-2023-34155
MISC
huawei -- harmonyos
 
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.2023-06-19not yet calculatedCVE-2023-34156
MISC
huawei -- harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.2023-06-19not yet calculatedCVE-2023-34158
MISC
huawei -- harmonyos
 
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.2023-06-19not yet calculatedCVE-2023-34159
MISC
huawei -- harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.2023-06-19not yet calculatedCVE-2023-34160
MISC
huawei -- harmonyos
 
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.2023-06-19not yet calculatedCVE-2023-34161
MISC
huawei -- harmonyos
 
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.2023-06-19not yet calculatedCVE-2023-34162
MISC
huawei -- harmonyos
 
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.2023-06-19not yet calculatedCVE-2023-34163
MISC
huawei -- harmonyos
 
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.2023-06-19not yet calculatedCVE-2023-34166
MISC
huawei -- harmonyos
 
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.2023-06-19not yet calculatedCVE-2023-34167
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin <= 3.5.7 versions.2023-06-22not yet calculatedCVE-2023-34170
MISC
mongoose -- mongooseThe HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.2023-06-23not yet calculatedCVE-2023-34188
MISC
MISC
MISC
progress -- openedge_management/openedge_explorerIn Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.2023-06-23not yet calculatedCVE-2023-34203
MISC
openprinting -- cupsOpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.2023-06-22not yet calculatedCVE-2023-34241
MISC
MISC
MISC
MISC
glpi-project -- glpi-agentThe GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.2023-06-23not yet calculatedCVE-2023-34254
MISC
MISC
oracle -- apache/accumulo
 
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.2023-06-21not yet calculatedCVE-2023-34340
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions.2023-06-22not yet calculatedCVE-2023-34368
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.2023-06-19not yet calculatedCVE-2023-34373
MISC
mozilla -- multiple_products
 
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.2023-06-19not yet calculatedCVE-2023-34414
MISC
MISC
MISC
MISC
mozilla -- firefox
 
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.2023-06-19not yet calculatedCVE-2023-34415
MISC
MISC
mozilla -- multiple_products
 
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.2023-06-19not yet calculatedCVE-2023-34416
MISC
MISC
MISC
MISC
mozilla -- firefox
 
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.2023-06-19not yet calculatedCVE-2023-34417
MISC
MISC
tauri-apps -- tauriTauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg. `$HOME/*`), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the `fs` endpoint are affected. The regression has been patched on version 1.4.1.2023-06-23not yet calculatedCVE-2023-34460
MISC
MISC
MISC
MISC
pybb -- pybbPyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious `<a>` that looks like ```<a href=javascript:alert (1)>xss</a>``` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit `5defd92`, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the `|safe` tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section.2023-06-19not yet calculatedCVE-2023-34461
MISC
MISC
netty -- nettyNetty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.2023-06-22not yet calculatedCVE-2023-34462
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.2023-06-23not yet calculatedCVE-2023-34464
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group).2023-06-23not yet calculatedCVE-2023-34465
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.2023-06-23not yet calculatedCVE-2023-34466
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.2023-06-23not yet calculatedCVE-2023-34467
MISC
MISC
MISC
langchain -- langchainLangchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.2023-06-20not yet calculatedCVE-2023-34541
MISC
wafu -- keyless_smart_lockAn issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.2023-06-22not yet calculatedCVE-2023-34553
MISC
netgear -- R6250netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.2023-06-20not yet calculatedCVE-2023-34563
MISC
MISC
aeotec -- wallmote_switchA vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.2023-06-20not yet calculatedCVE-2023-34596
MISC
MISC
fibaro -- motion_sensorA vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.2023-06-20not yet calculatedCVE-2023-34597
MISC
MISC
adiscon -- loganalyzerAdiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.2023-06-20not yet calculatedCVE-2023-34600
MISC
MISC
jeesite -- jeesiteJeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.2023-06-22not yet calculatedCVE-2023-34601
MISC
jeecgboot -- jeecgbootJeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.2023-06-19not yet calculatedCVE-2023-34602
MISC
jeecgboot -- jeecgbootJeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.2023-06-19not yet calculatedCVE-2023-34603
MISC
kioware_for_windows -- kioware_for_windowsKioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.2023-06-19not yet calculatedCVE-2023-34641
MISC
MISC
kioware_for_windows -- kioware_for_windowsKioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.2023-06-19not yet calculatedCVE-2023-34642
MISC
MISC
eyoucms -- eyoucmsA stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.2023-06-19not yet calculatedCVE-2023-34657
MISC
elenos -- etg150_fm_transmitterImproper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases.2023-06-23not yet calculatedCVE-2023-34671
MISC
MISC
elenos -- etg150_fm_transmitterImproper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.2023-06-23not yet calculatedCVE-2023-34672
MISC
MISC
elenos -- etg150_fm_transmitterElenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.2023-06-23not yet calculatedCVE-2023-34673
MISC
MISC
dmarcts-report-viewer -- dmarcts-report-viewerCross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.2023-06-22not yet calculatedCVE-2023-34796
MISC
MISC
topdesk -- topdeskXML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.2023-06-22not yet calculatedCVE-2023-34923
MISC
MISC
casdoor -- casdoorCasdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.2023-06-22not yet calculatedCVE-2023-34927
MISC
MISC
MISC
onlyoffice -- community_serverOnlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.2023-06-22not yet calculatedCVE-2023-34939
MISC
MISC
MISC
oracle -- apache/tomcat
 
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.2023-06-21not yet calculatedCVE-2023-34981
MISC
oracle -- apache/airflow
 
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.2023-06-19not yet calculatedCVE-2023-35005
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions.2023-06-23not yet calculatedCVE-2023-35048
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.7 versions.2023-06-22not yet calculatedCVE-2023-35090
MISC
wordpress -- wordpress
 
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.2023-06-22not yet calculatedCVE-2023-35093
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin <= 1.0.40 versions.2023-06-20not yet calculatedCVE-2023-35095
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin <= 0.1.1 versions.2023-06-20not yet calculatedCVE-2023-35097
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.2023-06-20not yet calculatedCVE-2023-35098
MISC
moodle -- moodle
 
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.2023-06-22not yet calculatedCVE-2023-35131
MISC
moodle -- moodle
 
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.2023-06-22not yet calculatedCVE-2023-35132
MISC
moodle -- moodle
 
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.2023-06-22not yet calculatedCVE-2023-35133
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.2023-06-23not yet calculatedCVE-2023-35150
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.2023-06-23not yet calculatedCVE-2023-35151
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.2023-06-23not yet calculatedCVE-2023-35152
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch.2023-06-23not yet calculatedCVE-2023-35153
MISC
MISC
MISC
knowagelabs -- knowage-serverKnowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.2023-06-23not yet calculatedCVE-2023-35154
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `<xwiki-host>/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `<xwiki-host>` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.2023-06-23not yet calculatedCVE-2023-35155
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn't enough to entirely fix the vulnerability.2023-06-23not yet calculatedCVE-2023-35156
MISC
MISC
MISC
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.2023-06-23not yet calculatedCVE-2023-35157
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-23not yet calculatedCVE-2023-35158
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-23not yet calculatedCVE-2023-35159
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-23not yet calculatedCVE-2023-35160
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-23not yet calculatedCVE-2023-35161
MISC
MISC
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.2023-06-23not yet calculatedCVE-2023-35162
MISC
MISC
MISC
MISC
vegaprotocol -- vegaVega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for `mainnet1` in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.2023-06-23not yet calculatedCVE-2023-35163
MISC
MISC
MISC
aws -- cloud_development_kitAWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages `aws-cdk-lib` 2.0.0 until 2.80.0 and `@aws-cdk/aws-eks` 1.57.0 until 1.202.0, `eks.Cluster` and `eks.FargateCluster` constructs create two roles, `CreationRole` and `default MastersRole`, that have an overly permissive trust policy. The first, referred to as the `CreationRole`, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g `KubernetesManifest`, `HelmChart`, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the `default MastersRole`, is provisioned only if the `mastersRole` property isn't provided and has permissions to execute `kubectl` commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in `@aws-cdk/aws-eks` v1.202.0 and `aws-cdk-lib` v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the `default MastersRole`, use the `mastersRole` property to explicitly provide a role.2023-06-23not yet calculatedCVE-2023-35165
MISC
MISC
xwiki -- xwiki-platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.2023-06-20not yet calculatedCVE-2023-35166
MISC
MISC
MISC
remult -- remultRemult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the `@Entity` decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the `id` of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the `apiPrefilter` option to a filter object instead of a function.2023-06-23not yet calculatedCVE-2023-35167
MISC
MISC
MISC
webklex -- php-imapPHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with `Attachment::save()` without providing a `$filename` or passing unsanitized user input is affected by this attack. An attacker can send an email with a malicious attachment to the inbox, which gets crawled with `webklex/php-imap` or `webklex/laravel-imap`. Prerequisite for the vulnerability is that the script stores the attachments without providing a `$filename`, or providing an unsanitized `$filename`, in `src/Attachment::save(string $path, string $filename = null)`. In this case, where no `$filename` gets passed into the `Attachment::save()` method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a `$filename` into the `Attachment::save()` method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. ".php") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests. Version 5.3.0 contains a patch for this issue.2023-06-23not yet calculatedCVE-2023-35169
MISC
MISC
MISC
MISC
MISC
nextcloud -- server/enterprise_serverNextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.2023-06-23not yet calculatedCVE-2023-35171
MISC
MISC
MISC
nextcloud -- server/enterprise_serverNextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.2023-06-23not yet calculatedCVE-2023-35172
MISC
MISC
MISC
nextcloud -- end-to-end_encryption_appNextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.2023-06-23not yet calculatedCVE-2023-35173
MISC
MISC
MISC
livebook-dev -- livebookLivebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.2023-06-22not yet calculatedCVE-2023-35174
MISC
MISC
MISC
MISC
MISC
progess - whatsup_goldIn Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.2023-06-23not yet calculatedCVE-2023-35759
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin <= 3.1.2 versions.2023-06-19not yet calculatedCVE-2023-35772
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin <= 1.13.1 versions.2023-06-19not yet calculatedCVE-2023-35775
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.2023-06-19not yet calculatedCVE-2023-35776
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin <= 2.3.1 versions.2023-06-19not yet calculatedCVE-2023-35779
MISC
safe -- softwarez_fme_serverA directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.2023-06-23not yet calculatedCVE-2023-35801
MISC
MISC
CONFIRM
sugarcrm -- enterpriseAn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35808
MISC
sugarcrm -- enterpriseAn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35809
MISC
sugarcrm -- enterpriseAn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35810
MISC
sugarcrm -- enterpriseAn issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.2023-06-17not yet calculatedCVE-2023-35811
MISC
sitecore -- multiple_productsMultiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.2023-06-17not yet calculatedCVE-2023-35813
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.2023-06-18not yet calculatedCVE-2023-35823
MISC
MISC
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.2023-06-18not yet calculatedCVE-2023-35824
MISC
MISC
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.2023-06-18not yet calculatedCVE-2023-35826
MISC
MISC
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.2023-06-18not yet calculatedCVE-2023-35827
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.2023-06-18not yet calculatedCVE-2023-35828
MISC
MISC
MISC
MISC
linux -- kernel
 
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.2023-06-18not yet calculatedCVE-2023-35829
MISC
MISC
MISC
MISC
solon -- solonSolon before 2.3.3 allows Deserialization of Untrusted Data.2023-06-19not yet calculatedCVE-2023-35839
MISC
MISC
elfinder -- elfinder_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.2023-06-19not yet calculatedCVE-2023-35840
MISC
MISC
MISC
MISC
nocodb -- nocodbNocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.2023-06-19not yet calculatedCVE-2023-35843
MISC
MISC
MISC
lightdash -- lightdashpackages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.2023-06-19not yet calculatedCVE-2023-35844
MISC
MISC
MISC
MISC
picotcp -- picotcpVirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.2023-06-19not yet calculatedCVE-2023-35846
MISC
picotcp -- picotcpVirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).2023-06-19not yet calculatedCVE-2023-35847
MISC
picotcp -- picotcpVirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.2023-06-19not yet calculatedCVE-2023-35848
MISC
picotcp -- picotcpVirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.2023-06-19not yet calculatedCVE-2023-35849
MISC
suricata -- suricata
 
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.2023-06-19not yet calculatedCVE-2023-35852
MISC
MISC
MISC
MISC
suricata -- suricata
 
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.2023-06-19not yet calculatedCVE-2023-35853
MISC
MISC
MISC
zoho -- manageengine_adselfservice_plusZoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.2023-06-20not yet calculatedCVE-2023-35854
MISC
MISC
counter-strike -- counter-strikeA buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.2023-06-19not yet calculatedCVE-2023-35855
MISC
nintendo -- multiple_mario_kart_wii_versionsA buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.2023-06-19not yet calculatedCVE-2023-35856
MISC
siren -- investigateIn Siren Investigate before 13.2.2, session keys remain active even after logging out.2023-06-19not yet calculatedCVE-2023-35857
MISC
MISC
libcoap -- libcoaplibcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.2023-06-19not yet calculatedCVE-2023-35862
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin <= 0.5 versions.2023-06-20not yet calculatedCVE-2023-35878
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin <= 7.13.52 versions.2023-06-20not yet calculatedCVE-2023-35882
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.2023-06-20not yet calculatedCVE-2023-35884
MISC
cloudpanel_2 -- cloudpanel_2CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.2023-06-20not yet calculatedCVE-2023-35885
MISC
wordpress -- wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.2023-06-22not yet calculatedCVE-2023-35917
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin <= 2.2.33 versions.2023-06-22not yet calculatedCVE-2023-35918
MISC
intellectualsites -- fastasyncworldeditFastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the `Infinity` keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.2023-06-23not yet calculatedCVE-2023-35925
MISC
MISC
MISC
backstage -- backstageBackstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of `@backstage/plugin-scaffolder-backend`.2023-06-22not yet calculatedCVE-2023-35926
MISC
MISC
MISC
nextcloud -- server/enterprise_serverNextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the "Administration" > "Sharing" settings `…/index.php/settings/admin/sharing`. Afterwards, trigger a recreation of the local system addressbook with the following `occ dav:sync-system-addressbook`.2023-06-23not yet calculatedCVE-2023-35927
MISC
MISC
MISC
nextcloud -- server/enterprise_serverNextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages`. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings `…/index.php/settings/admin/externalstorages` with the types FTP, Nextcloud, SFTP, and/or WebDAV.2023-06-23not yet calculatedCVE-2023-35928
MISC
MISC
MISC
shescape -- shescapeShescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.2023-06-23not yet calculatedCVE-2023-35931
MISC
MISC
MISC
MISC
jcvi -- jcvijcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.2023-06-23not yet calculatedCVE-2023-35932
MISC
MISC
eyoucms -- eyoucmsThere is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.32023-06-22not yet calculatedCVE-2023-36093
MISC
funadmin -- funadminfunadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.2023-06-22not yet calculatedCVE-2023-36097
MISC
sqlite3 -- sqlite3sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.2023-06-23not yet calculatedCVE-2023-36191
MISC
sngrep -- sngrepSngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.2023-06-23not yet calculatedCVE-2023-36192
MISC
gifsicle -- gifsicleGifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.2023-06-23not yet calculatedCVE-2023-36193
MISC
libming_ listswf -- libming_ listswflibming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.2023-06-22not yet calculatedCVE-2023-36239
MISC
flvmeta -- flvmetaFLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.2023-06-22not yet calculatedCVE-2023-36243
MISC
libredwg -- libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.2023-06-23not yet calculatedCVE-2023-36271
MISC
libredwg -- libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.2023-06-23not yet calculatedCVE-2023-36272
MISC
libredwg -- libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.2023-06-23not yet calculatedCVE-2023-36273
MISC
libredwg -- libredwg
 
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.2023-06-23not yet calculatedCVE-2023-36274
MISC
webkul -- qloappsAn unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.2023-06-23not yet calculatedCVE-2023-36284
MISC
webkul -- qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.2023-06-23not yet calculatedCVE-2023-36287
MISC
webkul -- qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.2023-06-23not yet calculatedCVE-2023-36288
MISC
webkul -- qloappsAn unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.2023-06-23not yet calculatedCVE-2023-36289
MISC
codekop -- codekop
 
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.2023-06-23not yet calculatedCVE-2023-36345
MISC
codekop -- codekop
 
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.2023-06-23not yet calculatedCVE-2023-36346
MISC
codekop -- codekop
 
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.2023-06-23not yet calculatedCVE-2023-36348
MISC
tp-link -- multiple_products
 
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36354
MISC
tp-link -- multiple_products
 
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36355
MISC
tp-link -- multiple_products
 
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36356
MISC
tp-link -- multiple_products
 
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36357
MISC
tp-link -- multiple_products
 
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36358
MISC
tp-link -- multiple_products
 
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-06-22not yet calculatedCVE-2023-36359
MISC
monetdb_server -- monetdb_server
 
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36362
MISC
monetdb_server -- monetdb_server
 
An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36363
MISC
monetdb_server -- monetdb_server
 
An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36364
MISC
monetdb_server -- monetdb_server
 
An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36365
MISC
monetdb_server -- monetdb_server
 
An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36366
MISC
monetdb_server -- monetdb_server
 
An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36367
MISC
monetdb_server -- monetdb_server
 
An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36368
MISC
monetdb_server -- monetdb_server
 
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36369
MISC
monetdb_server -- monetdb_server
 
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36370
MISC
monetdb_server -- monetdb_server
 
An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-06-22not yet calculatedCVE-2023-36371
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.