Vulnerability Summary for the Week of July 31, 2023

Released
Aug 07, 2023
Document ID
SB23-219

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
yunyecms -- yunyecmsSQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.2023-07-319.8CVE-2020-21662
MISC
raspap -- raspapA Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.2023-08-019.8CVE-2022-39986
MISC
MISC
tp-link -- archer_ax21_firmwareTP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.2023-08-019.8CVE-2023-31710
MISC
synel -- synergy_fingerprint_terminalsSynel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials2023-07-309.8CVE-2023-32227
MISC
assaabloy -- control_id_idsecureControl ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.2023-08-039.8CVE-2023-33371
MISC
MISC
ajaxmanager_project -- ajaxmanager_file/ajaxmanager_databaseAn Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.2023-08-019.8CVE-2023-33493
MISC
phpjabbers_ltd. -- time_slots_booking_calendarImproper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.2023-08-019.8CVE-2023-33561
MISC
MISC
phpjabbers_ltd. -- time_slots_booking_calendarUser enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-019.8CVE-2023-33562
MISC
MISC
apple -- multiple_productsThe issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.2023-07-289.8CVE-2023-34425
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
greenshot -- greenshotGreenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.2023-08-019.8CVE-2023-34634
MISC
MISC
MISC
MISC
wifi-soft -- unibox_administrationWifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.2023-07-319.8CVE-2023-34635
MISC
MISC
dedecms -- dedecmsRemote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.2023-07-319.8CVE-2023-34842
MISC
MISC
chamilo -- chamiloA command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.2023-08-019.8CVE-2023-34960
MISC
MISC
phpjabbers_ltd. -- availability_booking_calendarPHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.2023-08-049.8CVE-2023-36131
MISC
MISC
phpjabbers_ltd. -- availability_booking_calendarPHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.2023-08-049.8CVE-2023-36132
MISC
MISC
phpjabbers_ltd. -- availability_booking_calendarPHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.2023-08-049.8CVE-2023-36133
MISC
MISC
phpjabbers_ltd. -- cleaning_business_softwareIn PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.2023-08-049.8CVE-2023-36139
MISC
MISC
motocms -- motocmsMotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.2023-08-019.8CVE-2023-36210
MISC
MISC
apple -- multiple_productsAn integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.2023-07-289.8CVE-2023-36495
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
synel -- synergy_fingerprint_terminalsSynel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'2023-07-309.8CVE-2023-37213
MISC
heights-t -- ero1xs-pro_firmwareHeights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.2023-07-309.8CVE-2023-37214
MISC
jbl -- jbl_bar_5.1_surround_firmwareJBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials2023-07-309.8CVE-2023-37215
MISC
apple -- multiple_productsAn out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.2023-07-289.8CVE-2023-37285
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
pnpm -- pnpmpnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.2023-08-019.8CVE-2023-37478
MISC
MISC
MISC
semcms -- semcmsSEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.2023-07-319.8CVE-2023-37647
MISC
MISC
MISC
powerjob -- powerjobPowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.2023-07-289.8CVE-2023-37754
MISC
MISC
MISC
phpgurukul -- art_gallery_management_systemArt Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.2023-07-319.8CVE-2023-37771
MISC
apple -- multiple_productsA use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.2023-07-289.8CVE-2023-38598
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.2023-07-289.8CVE-2023-38604
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
jeecg-boot -- jeecg-bootjeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.2023-07-289.8CVE-2023-38992
MISC
lessthanoptimal -- boofcvBoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.2023-07-289.8CVE-2023-39010
MISC
larsga -- dukeDuke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.2023-07-289.8CVE-2023-39013
MISC
code4craft -- webmagicwebmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.2023-07-289.8CVE-2023-39015
MISC
bbossgroups -- bboss-persistentbboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39016
MISC
softwareag -- quartzquartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39017
MISC
ffmpeg -- ffmpegFFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39018
MISC
stanford -- stanford_parserstanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39020
MISC
wix -- wix_embedded_mysqlwix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39021
MISC
oscore -- oscoreoscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39022
MISC
university_compass_project -- university_compassuniversity compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.2023-07-289.8CVE-2023-39023
MISC
bmc -- control-mBMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).2023-07-319.8CVE-2023-39122
MISC
phpscriptpoint -- recipepointA vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability.2023-07-289.8CVE-2023-3984
MISC
MISC
sourcecodester -- online_jewelry_storeA vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.2023-07-289.8CVE-2023-3985
MISC
MISC
MISC
sourcecodester -- simple_online_mens_salon_management_systemA vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.2023-07-289.8CVE-2023-3987
MISC
MISC
MISC
cafe_billing_system_project -- cafe_billing_systemA vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability.2023-07-289.8CVE-2023-3988
MISC
MISC
MISC
fossbilling -- fossbillingInsufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.2023-07-319.8CVE-2023-4005
MISC
MISC
phpmyfaq -- phpmyfaqImproper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.2023-07-319.8CVE-2023-4006
MISC
MISC
mozilla -- multiple_productsMemory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-019.8CVE-2023-4056
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- multiple_productsMemory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.2023-08-019.8CVE-2023-4057
MISC
MISC
MISC
mozilla -- firefoxMemory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.2023-08-019.8CVE-2023-4058
MISC
MISC
google -- chromeHeap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)2023-07-299.6CVE-2022-4920
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)2023-07-299.6CVE-2022-4924
MISC
MISC
precisely -- spectrum_spatial_analystPrecisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).2023-07-319.1CVE-2022-42183
MISC
MISC
assaabloy -- control_id_idsecureA path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.2023-08-039.1CVE-2023-33369
MISC
MISC
google -- chromeUse after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2021-4317
MISC
MISC
google -- chromeObject corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2021-4318
MISC
MISC
google -- chromeUse after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2021-4319
MISC
MISC
google -- chromeUse after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2021-4320
MISC
MISC
google -- chromeUse after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)2023-07-298.8CVE-2021-4322
MISC
MISC
raspap -- raspapA Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.2023-08-018.8CVE-2022-39987
MISC
MISC
codesys -- codesys_control_for_beaglebone_sl
 
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.2023-08-038.8CVE-2022-4046
MISC
google -- chromeInappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2022-4906
MISC
MISC
MISC
google -- chromeUninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)2023-07-298.8CVE-2022-4907
MISC
MISC
MISC
google -- chromeType Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2022-4912
MISC
MISC
google -- chromeHeap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-07-298.8CVE-2022-4914
MISC
MISC
google -- chromeUse after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2022-4916
MISC
MISC
google -- chromeUse after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)2023-07-298.8CVE-2022-4918
MISC
MISC
google -- chromeUse after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-07-298.8CVE-2022-4919
MISC
MISC
google -- chromeUse after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)2023-07-298.8CVE-2022-4921
MISC
MISC
google -- chromeInappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)2023-07-298.8CVE-2023-2313
MISC
MISC
MISC
sztozed -- zlt_s10g_firmwareA Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.2023-07-318.8CVE-2023-33534
MISC
phpjabbers_ltd. -- time_slots_booking_calendarIn PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.2023-08-018.8CVE-2023-33563
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.2023-07-318.8CVE-2023-35019
MISC
MISC
google -- chromeOut of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-07-288.8CVE-2023-3598
MISC
MISC
MISC
totalcms -- total_cmsFile Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.2023-08-038.8CVE-2023-36212
MISC
MISC
MISC
eramba -- erambaAn issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.2023-08-038.8CVE-2023-36255
MISC
MISC
apache -- nifiApache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.2023-07-298.8CVE-2023-36542
MISC
MISC
MISC
MISC
codesys -- codesys_development_system
 
In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.2023-08-038.8CVE-2023-3663
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-018.8CVE-2023-3727
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-018.8CVE-2023-3728
MISC
MISC
google -- chromeUse after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)2023-08-018.8CVE-2023-3729
MISC
MISC
google -- chromeUse after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-018.8CVE-2023-3730
MISC
MISC
google -- chromeUse after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)2023-08-018.8CVE-2023-3731
MISC
MISC
google -- chromeOut of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-018.8CVE-2023-3732
MISC
MISC
online_shopping_portal_project -- online_shopping_portalOnline Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.2023-08-018.8CVE-2023-37772
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.2023-07-288.8CVE-2023-38590
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.2023-07-288.8CVE-2023-38592
MISC
MISC
MISC
MISC
MISC
MISC
MISC
rconfig -- rconfigrconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.2023-08-018.8CVE-2023-39108
MISC
rconfig -- rconfigrconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.2023-08-018.8CVE-2023-39109
MISC
rconfig -- rconfigrconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.2023-08-018.8CVE-2023-39110
MISC
advantech -- iviewAn authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.2023-07-318.8CVE-2023-3983
MISC
google -- chromeType Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4069
MISC
MISC
MISC
google -- chromeHeap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4071
MISC
MISC
MISC
google -- chromeOut of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4072
MISC
MISC
MISC
google -- chromeOut of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4073
MISC
MISC
MISC
google -- chromeUse after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4074
MISC
MISC
MISC
google -- chromeUse after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-038.8CVE-2023-4075
MISC
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)2023-08-038.8CVE-2023-4076
MISC
MISC
MISC
google -- chromeInsufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)2023-08-038.8CVE-2023-4077
MISC
MISC
MISC
google -- chromeInappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)2023-08-038.8CVE-2023-4078
MISC
MISC
MISC
silverstripe -- frameworkSilverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.2023-08-018.1CVE-2023-32302
MISC
MISC
MISC
MISC
google -- chromeType Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-08-038.1CVE-2023-4068
MISC
MISC
MISC
google -- chromeType Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)2023-08-038.1CVE-2023-4070
MISC
MISC
MISC
wordpress -- wordpress
 
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.2023-08-048CVE-2023-4141
MISC
MISC
MISC
wordpress -- wordpress
 
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.2023-08-048CVE-2023-4142
MISC
MISC
MISC
psappdeploytoolkit -- powershell_app_deployment_toolkitIn PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-017.8CVE-2020-10962
MISC
MISC
ultralytics -- yolov5Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.2023-07-317.8CVE-2021-31680
MISC
ultralytics -- yolov3Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.2023-07-317.8CVE-2021-31681
MISC
ibm -- spectrum_scale_container_native_storage_accessIBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.2023-07-317.8CVE-2022-43831
MISC
MISC
broadcom -- brocade_fabric_osA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.2023-08-017.8CVE-2023-31425
MISC
viatomtech -- vihealth_for_androidAn issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component.2023-08-017.8CVE-2023-36351
MISC
MISC
tadiran_telecom -- aeonixTadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File2023-07-307.8CVE-2023-37219
MISC
f5_networks -- big-ip_edge_client_for_macos
 
The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-027.8CVE-2023-38418
MISC
webkul -- uvdeskAn arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.2023-08-017.8CVE-2023-39147
MISC
MISC
splunk -- soarSplunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.2023-07-317.8CVE-2023-3997
MISC
linux -- kernelA use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.2023-07-317.8CVE-2023-4004
MISC
MISC
MISC
mlflow -- mlflowOS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.2023-08-017.8CVE-2023-4033
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.2023-08-027.5CVE-2023-0632
MISC
MISC
underscore-keypath_project -- underscore-keypathVersions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.2023-08-017.5CVE-2023-26139
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.2023-07-287.5CVE-2023-32444
MISC
MISC
MISC
MISC
MISC
MISC
assaabloy -- control_id_idsecureAn uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.2023-08-037.5CVE-2023-33370
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.2023-08-027.5CVE-2023-3364
MISC
MISC
asus -- rt-ax88u_firmwareASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.2023-07-317.5CVE-2023-34358
MISC
asus -- rt-ax88u_firmwareASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.2023-07-317.5CVE-2023-34359
MISC
lavalite_cms -- lavalite_cmsLavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.2023-08-017.5CVE-2023-36983
MISC
MISC
lavalite_cms -- lavalite_cmsLavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.2023-08-017.5CVE-2023-36984
MISC
MISC
tadiran_telecom -- aeonixTadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2023-07-307.5CVE-2023-37218
MISC
f5_networks -- big-ip_configuration
 
A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-027.5CVE-2023-38138
MISC
kepware -- kepserverexPTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.2023-07-317.5CVE-2023-3825
MISC
apple -- multiple_productsThis issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.2023-07-287.5CVE-2023-38571
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.2023-07-287.5CVE-2023-38601
MISC
MISC
MISC
MISC
MISC
MISC
apple -- macos_venturaAn injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.2023-07-287.5CVE-2023-38609
MISC
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.2023-07-287.5CVE-2023-38684
MISC
MISC
zimbra -- zimbra_collaborationIn Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.2023-07-317.5CVE-2023-38750
MISC
MISC
gitlab -- gitlab_ce/eeAn issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.2023-08-027.5CVE-2023-3900
MISC
MISC
gitlab -- gitlab_ce/eeAn issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.2023-08-027.5CVE-2023-3993
MISC
gitlab -- gitlab_ce/eeAn issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.2023-08-027.5CVE-2023-3994
MISC
MISC
gitlab -- gitlab_eeAn issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.2023-08-027.5CVE-2023-4011
MISC
mozilla -- multiple_productsAn out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-017.5CVE-2023-4048
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefoxA website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.2023-08-017.5CVE-2023-4051
MISC
MISC
wordpress -- wordpress
 
The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.2023-08-047.5CVE-2023-4139
MISC
MISC
codesys -- codesys_development_system
 
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .2023-08-037.3CVE-2023-3662
MISC
codesys -- codesys_development_system/scriptingIn CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.2023-07-287.3CVE-2023-3670
MISC
rail_pass_management_system_project -- rail_pass_management_systemSql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.2023-07-287.2CVE-2023-31932
MISC
rail_pass_management_system_project -- rail_pass_management_systemSql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.2023-07-287.2CVE-2023-31933
MISC
rail_pass_management_system_project -- rail_pass_management_systemSql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.2023-07-287.2CVE-2023-31936
MISC
rail_pass_management_system_project -- rail_pass_management_systemSql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.2023-07-287.2CVE-2023-31937
MISC
sysaid -- sysaid_on-premisesSysaid - CWE-434: Unrestricted Upload of File with Dangerous Type -  A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.2023-07-307.2CVE-2023-32225
MISC
f5_networks -- big-ip_edge_client_for_windows_and_macos
 
An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-027.1CVE-2023-36858
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpressThe WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.2023-08-046.6CVE-2023-4140
MISC
MISC
MISC
duxcms_project -- duxcmsCross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.2023-07-316.5CVE-2020-21881
MISC
google -- chromeInsufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)2023-07-296.5CVE-2021-4323
MISC
MISC
google -- chromeInsufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)2023-07-296.5CVE-2021-4324
MISC
MISC
wordpress -- wordpressThe Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions2023-07-316.5CVE-2022-4888
MISC
google -- chromeInsufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)2023-07-296.5CVE-2022-4911
MISC
MISC
google -- chromeInappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)2023-07-296.5CVE-2022-4913
MISC
MISC
google -- chromeInappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)2023-07-296.5CVE-2022-4915
MISC
MISC
google -- chromeInappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)2023-07-296.5CVE-2022-4922
MISC
MISC
google -- chromeInsufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)2023-07-296.5CVE-2022-4925
MISC
MISC
google -- chrome_for_androidInsufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)2023-07-296.5CVE-2022-4926
MISC
MISC
google -- chromeInsufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-07-296.5CVE-2023-2311
MISC
MISC
MISC
google -- chromeInsufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)2023-07-296.5CVE-2023-2314
MISC
MISC
MISC
ibm -- multi-enterprise_integration_gatewayIBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.2023-07-316.5CVE-2023-24971
MISC
MISC
broadcom -- brocade_fabric_osThe Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.2023-08-016.5CVE-2023-31426
MISC
sysaid -- sysaid_on-premisesSysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users may exfiltrate files from the server via an unspecified method.2023-07-306.5CVE-2023-32226
MISC
apple -- macos_venturaA logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.2023-07-286.5CVE-2023-32654
MISC
MISC
assaabloy -- control_id_idsecureSome API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.2023-08-036.5CVE-2023-33368
MISC
MISC
wordpress -- wordpressThe LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.2023-07-316.5CVE-2023-3345
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).2023-08-026.5CVE-2023-3385
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.2023-08-026.5CVE-2023-3401
MISC
MISC
ibm -- security_verify_governanceIBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.2023-07-316.5CVE-2023-35016
MISC
MISC
wordpress -- wordpressThe WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack2023-07-316.5CVE-2023-3507
MISC
wordpress -- wordpressThe WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks2023-07-316.5CVE-2023-3508
MISC
anasystem -- sensmini_m4_firmwareAnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device2023-07-306.5CVE-2023-37216
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-375502023-08-036.5CVE-2023-37545
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-375502023-08-036.5CVE-2023-37546
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-375502023-08-036.5CVE-2023-37547
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-375502023-08-036.5CVE-2023-37548
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-375502023-08-036.5CVE-2023-37549
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.2023-08-036.5CVE-2023-37550
MISC
codesys -- multiple_productsIn multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.2023-08-036.5CVE-2023-37551
MISC
codesys -- multiple_productsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.2023-08-036.5CVE-2023-37552
MISC
codesys -- multiple_productsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.2023-08-036.5CVE-2023-37553
MISC
codesys -- multiple_productsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.2023-08-036.5CVE-2023-37554
MISC
codesys -- multiple_productsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.2023-08-036.5CVE-2023-37555
MISC
codesys -- multiple_productsIn multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.2023-08-036.5CVE-2023-37556
MISC
codesys -- multiple_productsAfter successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.2023-08-036.5CVE-2023-37557
MISC
codesys -- multiple_productsAfter successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-375592023-08-036.5CVE-2023-37558
MISC
codesys -- multiple_productsAfter successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-375582023-08-036.5CVE-2023-37559
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.2023-07-286.5CVE-2023-38498
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.2023-07-286.5CVE-2023-38599
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefoxThe Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.2023-08-016.5CVE-2023-4052
MISC
MISC
MISC
mozilla -- firefoxA website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.2023-08-016.5CVE-2023-4053
MISC
MISC
google -- chromeInappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)2023-07-296.3CVE-2022-4909
MISC
MISC
MISC
abb -- ao-opcA vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 2023-07-286.3CVE-2023-2685
MISC
google -- chromeInsufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)2023-08-016.3CVE-2023-3739
MISC
MISC
qibosoft -- qibosoftCross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.2023-08-036.1CVE-2020-20808
MISC
yiiframework -- yiiYii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.2023-07-286.1CVE-2022-31454
MISC
MISC
wordpress -- wordpressThe Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.2023-07-316.1CVE-2023-0602
MISC
tribe29 -- checkmkReflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.2023-08-016.1CVE-2023-23548
MISC
wordpress -- wordpressThe Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.2023-07-316.1CVE-2023-3134
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.2023-07-286.1CVE-2023-32445
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-07-316.1CVE-2023-3292
MISC
phpjabbers_ltd. -- time_slots_booking_calendarThere is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.2023-08-016.1CVE-2023-33560
MISC
MISC
phpjabbers_ltd. -- time_slots_booking_calendarThere is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.2023-08-016.1CVE-2023-33564
MISC
MISC
phpjabbers_ltd. -- catering_systemPHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.2023-08-016.1CVE-2023-34869
MISC
MISC
fuge_cms -- fuge_cmsFuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.2023-07-316.1CVE-2023-34916
MISC
MISC
fuge_cms -- fuge_cmsFuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.2023-07-316.1CVE-2023-34917
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.2023-08-026.1CVE-2023-3500
MISC
MISC
vound-software -- intella_connectVound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.2023-07-316.1CVE-2023-35791
MISC
vound-software -- intella_connectVound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).2023-07-316.1CVE-2023-35792
MISC
phpjabbers_ltd. -- cleaning_business_softwarePHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.2023-08-046.1CVE-2023-36138
MISC
MISC
zimbra -- zimbra_collaborationZimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.2023-07-316.1CVE-2023-37580
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.2023-07-316.1CVE-2023-38305
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.2023-07-316.1CVE-2023-38306
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.2023-07-316.1CVE-2023-38308
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.2023-07-316.1CVE-2023-38309
MISC
MISC
sourcecodester -- jewelry_store_systemA vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability.2023-07-286.1CVE-2023-3989
MISC
MISC
MISC
mingsoft -- mcmsA vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.2023-07-286.1CVE-2023-3990
MISC
MISC
MISC
wordpress -- wordpressThe Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-08-026.1CVE-2023-4067
MISC
MISC
phpjabbers_ltd. -- shuttle_booking_softwareA vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4112
MISC
MISC
MISC
phpjabbers_ltd. -- service_booking_scriptA vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4113
MISC
MISC
MISC
phpjabbers_ltd. -- night_club_booking_softwareA vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4114
MISC
MISC
MISC
phpjabbers_ltd. -- cleaning_business_softwareA vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4115
MISC
MISC
MISC
phpjabbers_ltd. -- taxi_booking_scriptA vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4116
MISC
MISC
MISC
phpjabbers_ltd. -- rental_property_booking_calendarA vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-036.1CVE-2023-4117
MISC
MISC
MISC
f5_networks -- big-ip
 
Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password.  On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest. The following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F. The BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-026CVE-2023-3470
MISC
apple -- music_for_androidThis issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.2023-07-285.9CVE-2023-32427
MISC
apple -- music_for_androidThe issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.2023-07-285.5CVE-2023-28203
MISC
broadcom -- brocade_fabric_osBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.2023-08-015.5CVE-2023-31429
MISC
freedesktop -- popplerA vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.2023-07-315.5CVE-2023-34872
MISC
MISC
silabs -- gecko_software_development_kitUninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.2023-07-285.5CVE-2023-3488
MISC
MISC
artifex -- ghostscriptA buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.2023-08-015.5CVE-2023-38559
MISC
MISC
MISC
MISC
artifex -- ghostscriptAn integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.2023-08-015.5CVE-2023-38560
MISC
MISC
MISC
MISC
MISC
duxcms_project -- duxcmsCross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.2023-07-315.4CVE-2020-36763
MISC
google -- chromeInappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-07-295.4CVE-2022-4910
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.2023-08-025.4CVE-2023-2164
MISC
MISC
ibm -- multi-enterprise_integration_gatewayIBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.2023-07-315.4CVE-2023-22595
MISC
verint -- engagement_managementVerint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.2023-08-025.4CVE-2023-33257
MISC
asus -- rt-ax88u_firmwareA stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.2023-07-315.4CVE-2023-34360
MISC
faculty_evaulation_system_project -- faculty_evaulation_systemCross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.2023-08-015.4CVE-2023-36118
MISC
MISC
MISC
MISC
MISC
e107 -- e107Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.2023-08-025.4CVE-2023-36121
MISC
MISC
MISC
MISC
cubiclesoft -- barebones_cmsThe Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.2023-08-015.4CVE-2023-36211
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.2023-07-285.4CVE-2023-37467
MISC
MISC
hcl_software -- verseHCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.2023-08-015.4CVE-2023-37496
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.2023-07-315.4CVE-2023-38303
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.2023-07-315.4CVE-2023-38304
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.2023-07-315.4CVE-2023-38307
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.2023-07-315.4CVE-2023-38310
MISC
MISC
webmin -- webminAn issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.2023-07-315.4CVE-2023-38311
MISC
MISC
zoho_corp -- manageengine_supportcenter_plusZoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.2023-07-285.4CVE-2023-38331
MISC
MISC
f5_networks -- big-ip
 
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-025.4CVE-2023-38423
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.2023-07-315.4CVE-2023-4007
MISC
MISC
ibm -- tririga_application_platformIBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.2023-07-315.3CVE-2020-4868
MISC
MISC
precisely -- spectrum_spatial_analystPrecisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal.2023-07-315.3CVE-2022-42182
MISC
MISC
hashicorp -- vault/vault_enterpriseHashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.2023-07-315.3CVE-2023-3462
MISC
tadiran_telecom -- aeonixTadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy2023-07-305.3CVE-2023-37217
MISC
rws -- worldserverSession tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.2023-08-015.3CVE-2023-38357
MISC
MISC
FULLDISC
hashicorp -- vaultAn unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.2023-07-284.9CVE-2023-3774
MISC
neofr -- neofragCross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.2023-07-314.8CVE-2021-31651
MISC
wordpress -- wordpressThe Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-07-314.8CVE-2023-3130
MISC
rail_pass_management_system_project -- rail_pass_management_systemCross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.2023-07-284.8CVE-2023-31934
MISC
rail_pass_management_system_project -- rail_pass_management_systemCross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.2023-07-284.8CVE-2023-31935
MISC
MISC
sourcecodester -- simple_online_mens_salon_management_systemA vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.2023-07-284.8CVE-2023-3986
MISC
MISC
MISC
amd -- multiple_productsA potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.2023-08-014.7CVE-2023-20583
MISC
linux -- kernelA flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.2023-07-314.6CVE-2023-4010
MISC
MISC
MISC
f5_networks -- f50s-a
 
Audit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-024.4CVE-2023-36494
MISC
google -- chromeInappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)2023-07-294.3CVE-2021-4316
MISC
MISC
google -- chromePolicy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)2023-07-294.3CVE-2021-4321
MISC
MISC
octopus -- octopus_deployIn affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.2023-08-024.3CVE-2022-2416
MISC
google -- chromeInappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)2023-07-294.3CVE-2022-4908
MISC
MISC
MISC
google -- chrome_for_androidIncorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)2023-07-294.3CVE-2022-4917
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.2023-08-024.3CVE-2023-1210
MISC
MISC
gitlab -- gitlab_ce/eeAn issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge2023-08-024.3CVE-2023-2022
MISC
MISC
liferay -- digital_experience_platformThe organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.2023-08-024.3CVE-2023-3426
MISC
google -- chromeInappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3733
MISC
MISC
google -- chromeInappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3734
MISC
MISC
google -- chromeInappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3735
MISC
MISC
google -- chrome_for_androidInappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3736
MISC
MISC
google -- chromeInappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3737
MISC
MISC
google -- chromeInappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)2023-08-014.3CVE-2023-3738
MISC
MISC
google -- chromeInsufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)2023-08-014.3CVE-2023-3740
MISC
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.2023-07-284.3CVE-2023-37906
MISC
MISC
f5_networks -- big-ip
 
An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.2023-08-024.3CVE-2023-38419
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.2023-07-284.3CVE-2023-38685
MISC
MISC
jeesite -- jeesiteAn issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.2023-07-284.3CVE-2023-38988
MISC
jeesite -- jeesiteAn issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.2023-07-314.3CVE-2023-38989
MISC
jeesite -- jeesiteAn issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.2023-08-024.3CVE-2023-38990
MISC
wordpress -- wordpressSeveral plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-07-284.3CVE-2023-3977
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
codesys -- codesys_development_system
 
A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.2023-08-033.3CVE-2023-3669
MISC
google -- chromeInappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)2023-07-293.1CVE-2022-4923
MISC
MISC
bluetens -- bluetensqBluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.2023-08-033.1CVE-2023-26979
MISC
MISC
discourse -- discourseDiscourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.2023-07-283.1CVE-2023-37904
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
semcms -- semcmsFile Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.2023-08-05not yet calculatedCVE-2020-23564
MISC
MISC
cisco -- cisco_sd-wan_vmanageA vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.2023-08-04not yet calculatedCVE-2020-26064
MISC
cisco -- cisco_sd-wan_vmanageA vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.2023-08-04not yet calculatedCVE-2020-26065
MISC
cisco -- email_security_applianceA vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.2023-08-04not yet calculatedCVE-2020-26082
MISC
octopus -- octopus_serverIn affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.2023-08-02not yet calculatedCVE-2022-2346
MISC
cybozu_inc -- remote_servicePath traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.2023-08-03not yet calculatedCVE-2022-26838
MISC
MISC
dell -- xtremio_x2_xmsDell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.2023-08-03not yet calculatedCVE-2022-34453
MISC
ibm -- sdk_java_technology_editionIBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.2023-08-02not yet calculatedCVE-2022-40609
MISC
MISC
openrefine -- openrefineOpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.2023-08-04not yet calculatedCVE-2022-41401
MISC
MISC
MISC
ngsurvey -- ngsurveyInformation disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.2023-08-02not yet calculatedCVE-2022-46484
MISC
ngsurvey -- ngsurveyData Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".2023-08-02not yet calculatedCVE-2022-46485
MISC
stormshield_sas -- ssl_vpn_clientAn issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.2023-08-05not yet calculatedCVE-2022-46782
MISC
google -- chromeInappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-08-04not yet calculatedCVE-2022-4955
MISC
MISC
keycloaks -- openid_connectA flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.2023-08-04not yet calculatedCVE-2023-0264
MISC
mitsubishi_electric_corporation -- got2000_seriesWeak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.2023-08-04not yet calculatedCVE-2023-0525
MISC
MISC
MISC
tel-ster -- telwin_scada_webinterfaceExternal input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.2023-08-03not yet calculatedCVE-2023-0956
MISC
MISC
MISC
advantech -- webaccess/scadaAll versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.2023-08-02not yet calculatedCVE-2023-1437
MISC
emerson_electric -- roc800-seriesROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.2023-08-02not yet calculatedCVE-2023-1935
MISC
cisco -- small_business_ip_phonesA vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2023-08-03not yet calculatedCVE-2023-20181
MISC
cisco -- broadworksA vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2023-08-03not yet calculatedCVE-2023-20204
MISC
cisco -- cisco_sd-wan_vmanageA vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.2023-08-03not yet calculatedCVE-2023-20214
MISC
cisco -- secure_web_applianceA vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.2023-08-03not yet calculatedCVE-2023-20215
MISC
cisco -- broadworksA vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.2023-08-03not yet calculatedCVE-2023-20216
MISC
cisco -- small_business_ip_phonesA vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]2023-08-03not yet calculatedCVE-2023-20218
MISC
axis_communications_ab -- axis_license_plate_verifierA broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges.2023-08-03not yet calculatedCVE-2023-21407
MISC
axis_communications_ab -- axis_license_plate_verifierDue to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems.2023-08-03not yet calculatedCVE-2023-21408
MISC
axis_communications_ab -- axis_license_plate_verifierDue to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application.2023-08-03not yet calculatedCVE-2023-21409
MISC
axis_communications_ab -- axis_license_plate_verifierUser provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution.2023-08-03not yet calculatedCVE-2023-21410
MISC
axis_communications_ab -- axis_license_plate_verifierUser provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution.2023-08-03not yet calculatedCVE-2023-21411
MISC
axis_communications_ab -- axis_license_plate_verifierUser provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections.2023-08-03not yet calculatedCVE-2023-21412
MISC
omron_corporation -- cx-programmerUse after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.2023-08-03not yet calculatedCVE-2023-22277
MISC
omron_corporation -- cx-programmerUse after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.2023-08-03not yet calculatedCVE-2023-22314
MISC
omron_corporation -- cx-programmerUse after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.2023-08-03not yet calculatedCVE-2023-22317
MISC
ibm -- robotic_process_automationIBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.2023-08-02not yet calculatedCVE-2023-23476
MISC
MISC
nvidia -- omniverse_workstation_launcherNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.2023-08-03not yet calculatedCVE-2023-25524
MISC
insyde_software -- insydeh20An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.2023-08-03not yet calculatedCVE-2023-25600
MISC
MISC
xiaomi -- cloud_service_applicationA XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.2023-08-02not yet calculatedCVE-2023-26316
MISC
xiaomi -- multiple_productsA vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.2023-08-02not yet calculatedCVE-2023-26317
MISC
ox_software -- ox_app_suiteAttackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26430
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteExternal service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26438
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26439
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26440
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteCacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26441
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteIn case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26442
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteFull-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26443
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteFrontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26445
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26446
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26447
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteCustom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26448
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26449
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteThe "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26450
MISC
MISC
MISC
MISC
ox_software -- ox_app_suiteFunctions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.2023-08-02not yet calculatedCVE-2023-26451
MISC
MISC
MISC
MISC
cloudflare -- warpThe Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.2023-08-03not yet calculatedCVE-2023-2754
MISC
MISC
MISC
insyde_software -- insydeh20An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.2023-08-03not yet calculatedCVE-2023-28468
MISC
MISC
golang -- goA maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.2023-08-02not yet calculatedCVE-2023-29407
MISC
MISC
MISC
golang -- goThe TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.2023-08-02not yet calculatedCVE-2023-29408
MISC
MISC
MISC
golang -- goExtremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.2023-08-02not yet calculatedCVE-2023-29409
MISC
MISC
MISC
MISC
zoho_corp-- manageengine_network_configuration_managerAn issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.2023-08-04not yet calculatedCVE-2023-29505
MISC
MISC
pyrocms -- pyrocmsPyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.2023-08-04not yet calculatedCVE-2023-29689
MISC
assman_group -- digitus_plug&view_ip_cameraAssmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.2023-08-04not yet calculatedCVE-2023-30146
MISC
MISC
n-table_technologies -- n-central_serverAn issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.2023-08-04not yet calculatedCVE-2023-30297
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.2023-08-05not yet calculatedCVE-2023-30491
MISC
palantir -- palantirThe foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint2023-08-03not yet calculatedCVE-2023-30950
MISC
palantir -- palantirThe Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).2023-08-03not yet calculatedCVE-2023-30951
MISC
palantir -- palantirA security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .2023-08-03not yet calculatedCVE-2023-30952
MISC
palantir -- palantirA security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.2023-08-03not yet calculatedCVE-2023-30958
MISC
freebsd -- freebsdA set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.2023-08-01not yet calculatedCVE-2023-3107
MISC
MISC
broadcom -- brocade_fabric_osBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.2023-08-01not yet calculatedCVE-2023-31427
MISC
broadcom -- brocade_fabric_osBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.2023-08-02not yet calculatedCVE-2023-31428
MISC
broadcom -- brocade_fabric_osA buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.2023-08-02not yet calculatedCVE-2023-31430
MISC
broadcom -- brocade_fabric_osA buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.2023-08-02not yet calculatedCVE-2023-31431
MISC
broadcom -- brocade_fabric_osThrough manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.2023-08-02not yet calculatedCVE-2023-31432
MISC
qemu -- qemuA flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.2023-08-03not yet calculatedCVE-2023-3180
MISC
MISC
broadcom -- brocade_fabric_osSystem files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.2023-08-02not yet calculatedCVE-2023-31926
MISC
broadcom -- brocade_fabric_osAn information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.2023-08-02not yet calculatedCVE-2023-31927
MISC
broadcom -- brocade_fabric_osA reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.2023-08-02not yet calculatedCVE-2023-31928
MISC
fabasoft -- cloud_enterprise_clientFabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.2023-08-03not yet calculatedCVE-2023-32764
MISC
MISC
ininet -- scada_webserverSpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.2023-08-02not yet calculatedCVE-2023-3329
MISC
suprema_inc -- biostar_2An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.2023-08-03not yet calculatedCVE-2023-33363
MISC
MISC
suprema_inc -- biostar_2An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.2023-08-03not yet calculatedCVE-2023-33364
MISC
MISC
suprema_inc -- biostar_2A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.2023-08-03not yet calculatedCVE-2023-33365
MISC
MISC
suprema_inc -- biostar_2A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.2023-08-03not yet calculatedCVE-2023-33366
MISC
MISC
suprema_inc -- biostar_2A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.2023-08-05not yet calculatedCVE-2023-33367
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.2023-08-04not yet calculatedCVE-2023-33372
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.2023-08-04not yet calculatedCVE-2023-33373
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.2023-08-04not yet calculatedCVE-2023-33374
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices.2023-08-04not yet calculatedCVE-2023-33375
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-04not yet calculatedCVE-2023-33376
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-04not yet calculatedCVE-2023-33377
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-04not yet calculatedCVE-2023-33378
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.2023-08-04not yet calculatedCVE-2023-33379
MISC
MISC
shelly -- 4pm_proShelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.2023-08-02not yet calculatedCVE-2023-33383
MISC
MISC
mitsubishi_electric_corporation -- cnc_seriesBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.2023-08-03not yet calculatedCVE-2023-3346
MISC
MISC
MISC
cloudflare -- wranglerThe Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.2023-08-03not yet calculatedCVE-2023-3348
MISC
MISC
MISC
ai-dev -- aitableai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.2023-08-04not yet calculatedCVE-2023-33665
MISC
MISC
ai-dev -- aitableai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.2023-08-03not yet calculatedCVE-2023-33666
MISC
MISC
mitsubishi_electric_corporation -- got2000_seriesPredictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.2023-08-04not yet calculatedCVE-2023-3373
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions.2023-08-05not yet calculatedCVE-2023-34010
MISC
vmware -- horizon_serverVMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.2023-08-04not yet calculatedCVE-2023-34037
MISC
vmware -- horizon_serverVMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.2023-08-04not yet calculatedCVE-2023-34038
MISC
keyfactor -- ejbcaIn the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.2023-08-03not yet calculatedCVE-2023-34196
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.2023-08-05not yet calculatedCVE-2023-34377
MISC
ezviz -- multiple_productsIn certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).2023-08-01not yet calculatedCVE-2023-34551
MISC
MISC
ezviz -- multiple_productsIn certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.2023-08-01not yet calculatedCVE-2023-34552
MISC
MISC
ruijie_networks -- multiple_productsRemote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.2023-07-31not yet calculatedCVE-2023-34644
MISC
freebsd -- freebsdThe fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.2023-08-01not yet calculatedCVE-2023-3494
MISC
ivanti -- epmmA path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.2023-08-03not yet calculatedCVE-2023-35081
MISC
supermicro -- motherboardsA shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.2023-07-31not yet calculatedCVE-2023-35861
MISC
MISC
MISC
gatesair -- flexiva_fm_transmitter/exciterCross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.2023-08-02not yet calculatedCVE-2023-36081
MISC
MISC
MISC
gatesair -- flexiva_fm_transmitter/exciterAn isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.2023-08-03not yet calculatedCVE-2023-36082
MISC
MISC
MISC
langchain -- langchainAn issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.2023-08-05not yet calculatedCVE-2023-36095
MISC
MISC
MISC
phpjabbers_ltd. -- class_scheduling_systemIn PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.2023-08-04not yet calculatedCVE-2023-36134
MISC
MISC
phpjabbers_ltd. -- class_scheduling_systemUser enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-04not yet calculatedCVE-2023-36135
MISC
MISC
phpjabbers_ltd. -- class_scheduling_systemThere is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.2023-08-04not yet calculatedCVE-2023-36137
MISC
MISC
phpjabbers_ltd. -- class_scheduling_systemUser enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-04not yet calculatedCVE-2023-36141
MISC
MISC
sourcecodester -- toll_tax_management_systemCross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.2023-08-04not yet calculatedCVE-2023-36158
MISC
MISC
MISC
MISC
sourcecodester -- lost_and_found_information_systemCross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.2023-08-04not yet calculatedCVE-2023-36159
MISC
MISC
motocms -- motocmsSQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.2023-08-03not yet calculatedCVE-2023-36213
MISC
MISC
xoops_cms -- xoops_cmsCross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.2023-08-03not yet calculatedCVE-2023-36217
MISC
MISC
dedecms -- dedecmsDedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).2023-08-03not yet calculatedCVE-2023-36298
MISC
typecho -- typechoA File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.2023-08-03not yet calculatedCVE-2023-36299
MISC
MISC
aerospike -- aerospike_java_clientThe Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue.2023-08-04not yet calculatedCVE-2023-36480
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.2023-08-05not yet calculatedCVE-2023-36678
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.2023-08-05not yet calculatedCVE-2023-36686
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.2023-08-05not yet calculatedCVE-2023-36689
MISC
hewlett_packard_enterprise -- arubaAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.2023-08-01not yet calculatedCVE-2023-3718
MISC
ws-inc -- j_wbem_serverIn WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.2023-08-03not yet calculatedCVE-2023-37364
MISC
MISC
metabase -- metabaseMetabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.2023-08-04not yet calculatedCVE-2023-37470
MISC
sensormatic_electronics_johnson_controls_inc. -- videoedgeA local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.2023-08-03not yet calculatedCVE-2023-3749
MISC
MISC
hcl_software -- hcl_unica_platformThe Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.2023-08-03not yet calculatedCVE-2023-37497
MISC
hcl_software -- hcl_unica_platformA user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.  It is possible that an attacker could potentially escalate their privileges.2023-08-03not yet calculatedCVE-2023-37498
MISC
hcl_software -- hcl_unica_platformA Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user's session and perform other attacks.2023-08-03not yet calculatedCVE-2023-37499
MISC
hcl_software -- hcl_unica_platformA Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user's session and perform other attacks.2023-08-03not yet calculatedCVE-2023-37500
MISC
hcl_software -- hcl_unica_campaignA Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user's session and perform other attacks.2023-08-03not yet calculatedCVE-2023-37501
MISC
cloudflare -- odoh-rsA vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.2023-08-03not yet calculatedCVE-2023-3766
MISC
MISC
nextgen_healthcare -- mirth_connectA remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.2023-08-03not yet calculatedCVE-2023-37679
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.2023-08-05not yet calculatedCVE-2023-37873
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.2023-08-05not yet calculatedCVE-2023-37874
MISC
projectdiscovery -- nucleiNuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.2023-08-04not yet calculatedCVE-2023-37896
MISC
MISC
MISC
openssl -- opensslIssue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.2023-07-31not yet calculatedCVE-2023-3817
MISC
MISC
MISC
MISC
MISC
MISC
MISC
oxid_esales_ag -- eshop_enterprise_editionOXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.2023-08-02not yet calculatedCVE-2023-38330
CONFIRM
MISC
zoho_corp -- manageengine_admanager_plusZoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.2023-08-04not yet calculatedCVE-2023-38332
MISC
MISC
hedgedoc -- hedgedocHedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.2023-08-04not yet calculatedCVE-2023-38487
MISC
MISC
metersphere -- metersphereMeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.2023-08-04not yet calculatedCVE-2023-38494
MISC
MISC
rust-lang -- cargoCargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.2023-08-04not yet calculatedCVE-2023-38497
MISC
MISC
MISC
MISC
MISC
MISC
seiko_epson_corporation -- printer_web_configImproper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.2023-08-02not yet calculatedCVE-2023-38556
MISC
MISC
matrix -- matrix/sydentSydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.2023-08-04not yet calculatedCVE-2023-38686
MISC
MISC
MISC
MISC
MISC
MISC
MISC
twitch -- twitch-tuitwitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.2023-08-04not yet calculatedCVE-2023-38688
MISC
MISC
MISC
rs485 -- logistics_pipesLogistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.2023-08-04not yet calculatedCVE-2023-38689
MISC
MISC
MISC
matrix -- matrix/appservicematrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.2023-08-04not yet calculatedCVE-2023-38690
MISC
MISC
MISC
matrix -- matrix/appservicematrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.2023-08-04not yet calculatedCVE-2023-38691
MISC
MISC
cloudexplorer_lite -- cloudexplorer_liteCloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.2023-08-04not yet calculatedCVE-2023-38692
MISC
MISC
MISC
cypress-image-snapshot -- cypress-image-snapshotcypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.2023-08-04not yet calculatedCVE-2023-38695
MISC
MISC
MISC
MISC
socketry -- protocol-http1protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.2023-08-04not yet calculatedCVE-2023-38697
MISC
MISC
MISC
MISC
ensodomains -- ens-contractsEthereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.2023-08-04not yet calculatedCVE-2023-38698
MISC
MISC
MISC
mindsdb -- mindsdbMindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.2023-08-04not yet calculatedCVE-2023-38699
MISC
MISC
MISC
matrix -- matrix/appservicematrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.2023-08-04not yet calculatedCVE-2023-38700
MISC
MISC
MISC
knowage_labs -- knowage_serverKnowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.2023-08-04not yet calculatedCVE-2023-38702
MISC
pimcore -- pimcorePimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.2023-08-04not yet calculatedCVE-2023-38708
MISC
MISC
omron_corporation -- cj2m_cpu_unitDenial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.2023-08-03not yet calculatedCVE-2023-38744
MISC
MISC
omron_corporation -- cx-programmerOut-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.2023-08-03not yet calculatedCVE-2023-38746
MISC
MISC
omron_corporation -- cx-programmerHeap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.2023-08-03not yet calculatedCVE-2023-38747
MISC
MISC
omron_corporation -- cx-programmerUse after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.2023-08-03not yet calculatedCVE-2023-38748
MISC
MISC
django -- django/django-sspaneldjango-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.2023-08-04not yet calculatedCVE-2023-38941
MISC
django -- django/django-translatorDango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json.2023-08-03not yet calculatedCVE-2023-38942
MISC
MISC
shuize_0x727 -- shuize_0x727ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini.2023-08-05not yet calculatedCVE-2023-38943
MISC
MISC
wbce_cms -- wbce_cmsAn arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.2023-08-03not yet calculatedCVE-2023-38947
MISC
jizhi_cms -- jizhi_cmsAn arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.2023-08-03not yet calculatedCVE-2023-38948
MISC
zkteco -- biotimeAn issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.2023-08-03not yet calculatedCVE-2023-38949
MISC
MISC
zkteco -- biotimeA path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.2023-08-03not yet calculatedCVE-2023-38950
MISC
MISC
zkteco -- biotimeA path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.2023-08-03not yet calculatedCVE-2023-38951
MISC
MISC
zkteco -- biotimeInsecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.2023-08-03not yet calculatedCVE-2023-38952
MISC
MISC
zkteco -- bioaccessZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.2023-08-03not yet calculatedCVE-2023-38954
MISC
MISC
zkteco -- bioaccessZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.2023-08-03not yet calculatedCVE-2023-38955
MISC
MISC
zkteco -- bioaccessA path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.2023-08-03not yet calculatedCVE-2023-38956
MISC
MISC
zkteco -- bioaccessAn access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.2023-08-03not yet calculatedCVE-2023-38958
MISC
MISC
creative_item_academy_lms -- creative_item_academy_lmsCreative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.2023-08-04not yet calculatedCVE-2023-38964
MISC
jeesite -- jeesiteAn issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.2023-08-04not yet calculatedCVE-2023-38991
MISC
renault -- zoe_ev_2021Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.2023-08-03not yet calculatedCVE-2023-39075
MISC
webboss.io -- cmsWebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.2023-08-03not yet calculatedCVE-2023-39096
MISC
webboss.io -- cmsWebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.2023-08-03not yet calculatedCVE-2023-39097
MISC
nomachine -- nomachineAn arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.2023-08-04not yet calculatedCVE-2023-39107
MISC
MISC
MISC
ecshop -- ecshopECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.2023-08-04not yet calculatedCVE-2023-39112
MISC
ngiflib  -- ngiflibngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.2023-08-02not yet calculatedCVE-2023-39113
MISC
ngiflib  -- ngiflibngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.2023-08-02not yet calculatedCVE-2023-39114
MISC
emlog -- emlogemlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.2023-08-03not yet calculatedCVE-2023-39121
MISC
MISC
papercut -- papercut_ng/papercut_mfPaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.2023-08-04not yet calculatedCVE-2023-39143
MISC
MISC
element55 -- knowmoreElement55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.2023-08-03not yet calculatedCVE-2023-39144
MISC
MISC
gitlab -- gitlab_enterpriseAn issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.2023-08-03not yet calculatedCVE-2023-3932
MISC
MISC
sulu -- suluSulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.2023-08-04not yet calculatedCVE-2023-39343
MISC
MISC
MISC
social-media-skeleton -- social-media-skeletonsocial-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.2023-08-04not yet calculatedCVE-2023-39344
MISC
MISC
linux -- kernelLinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.2023-08-04not yet calculatedCVE-2023-39346
MISC
MISC
MISC
MISC
fujitsu_limited -- fujitsu_software_infrastructure_managerFujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.2023-08-04not yet calculatedCVE-2023-39379
MISC
MISC
apache -- airflowExecution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0.2023-08-05not yet calculatedCVE-2023-39508
MISC
MISC
MISC
phpgurukul -- online_security_guards_hiring_systemPHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.2023-08-04not yet calculatedCVE-2023-39551
MISC
phpgurukul -- online_security_guards_hiring_systemPHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).2023-08-04not yet calculatedCVE-2023-39552
MISC
golang -- goText nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.2023-08-02not yet calculatedCVE-2023-3978
MISC
MISC
MISC
gitlab -- gitlab_enterpriseAn issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.2023-08-04not yet calculatedCVE-2023-4002
MISC
gitlab -- gitlab_community/enterpriseAn issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.2023-08-03not yet calculatedCVE-2023-4008
MISC
linux -- kernelUnder some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.2023-08-02not yet calculatedCVE-2023-4016
MISC
mozilla -- firefox/firefox_esrOffscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4045
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrIn some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4046
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrA bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4047
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrRace conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4049
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrIn some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4050
MISC
MISC
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrWhen opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4054
MISC
MISC
MISC
MISC
mozilla -- firefox/firefox_esrWhen the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.2023-08-01not yet calculatedCVE-2023-4055
MISC
MISC
MISC
MISC
MISC
MISC
phpjabbers_ltd. -- availability_booking_calendarA vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4110
MISC
MISC
MISC
phpjabbers_ltd. -- bus_reservation_systemA vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4111
MISC
MISC
MISC
MISC
cute_http_file_server -- cute_http_file_serverA vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4118
MISC
MISC
MISC
academy_lms -- academy_lmsA vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4119
MISC
MISC
MISC
beijing_baichuo -- smart_s85f_management_platformA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4120
MISC
MISC
MISC
beijing_baichuo -- smart_s85f_management_platformA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-03not yet calculatedCVE-2023-4121
MISC
MISC
MISC
answerdev-- answerdev/answerMissing Authorization in GitHub repository answerdev/answer prior to v1.1.1.2023-08-03not yet calculatedCVE-2023-4124
MISC
MISC
answerdev -- answerdev/answerWeak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.2023-08-03not yet calculatedCVE-2023-4125
MISC
MISC
answerdev -- answerdev/answerInsufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.2023-08-03not yet calculatedCVE-2023-4126
MISC
MISC
answerdev -- answerdev/answerRace Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.2023-08-03not yet calculatedCVE-2023-4127
MISC
MISC
linux -- kernelA use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.2023-08-03not yet calculatedCVE-2023-4132
MISC
MISC
linux -- kernelA use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.2023-08-03not yet calculatedCVE-2023-4133
MISC
MISC
qemu -- qemuA heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.2023-08-04not yet calculatedCVE-2023-4135
MISC
MISC
MISC
craftercms -- craftercmsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.2023-08-03not yet calculatedCVE-2023-4136
MISC
rdiffweb -- rdiffwebAllocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.2023-08-03not yet calculatedCVE-2023-4138
MISC
MISC
pimcore -- pimcore/customer-data-frameworkCross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.2023-08-03not yet calculatedCVE-2023-4145
MISC
MISC
omeka -- omeka/omeka-sImproper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-04not yet calculatedCVE-2023-4157
MISC
MISC
omeka -- omeka/omeka-sCross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-04not yet calculatedCVE-2023-4158
MISC
MISC
omeka-- omeka/omeka-sUnrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-04not yet calculatedCVE-2023-4159
MISC
MISC
tongda -- oaA vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-05not yet calculatedCVE-2023-4165
MISC
MISC
MISC
tongda -- oaA vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-05not yet calculatedCVE-2023-4166
MISC
MISC
MISC
emby_llc -- media_browser_emby_serverA vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183.2023-08-05not yet calculatedCVE-2023-4167
MISC
MISC
MISC
templatecookie -- adlistingA vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-05not yet calculatedCVE-2023-4168
MISC
MISC
ruijie -- rg-ew1200gA vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-05not yet calculatedCVE-2023-4169
MISC
MISC
MISC
dedebiz -- dedebizA vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-05not yet calculatedCVE-2023-4170
MISC
MISC
MISC
chengdu -- flash_flood_disaster_monitoring_and_warning_systemA vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.2023-08-05not yet calculatedCVE-2023-4171
MISC
MISC
MISC
chengdu -- flash_flood_disaster_monitoring_and_warning_systemA vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.2023-08-05not yet calculatedCVE-2023-4172
MISC
MISC
MISC
instantsoft -- instantsoft/icms2Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-05not yet calculatedCVE-2023-4187
MISC
MISC
instantsoft -- instantsoft/icms2SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-05not yet calculatedCVE-2023-4188
MISC
MISC
instantsoft -- instantsoft/icms2Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-05not yet calculatedCVE-2023-4189
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.