Vulnerability Summary for the Week of August 28, 2023

Released
Sep 06, 2023
Document ID
SB23-249

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
earcms -- ear_appAn issue found in Earcms Ear App v.20181124 allows a remote cyber threat actor to execute arbitrary code via the uload/index-uplog.php.2023-08-299.8CVE-2020-18912
MISC
MISC
tripspark -- veo_transportation_novuseduTripSpark VEO Transportation-2.2.x-XP_BB-20201123-184084 NovusEDU-2.2.x-XP_BB-20201123-184084 allows unsafe data inputs in POST body parameters from end users without sanitizing using server-side logic. It was possible to inject custom SQL commands into the "Student Busing Information" search queries.2023-08-299.8CVE-2021-3262
MISC
MISC
MISC
motorola_mobility -- mbts_site_controller_firmwareMotorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.2023-08-299.8CVE-2023-23770
MISC
ibm -- guardium_cloud_key_managerIBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote cyber threat actor to execute arbitrary code on the system, caused by an angular template injection flaw. By sending specially crafted request, a cyber threat actor could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 248119.2023-08-289.8CVE-2023-26270
MISC
MISC
schweitzer_engineering_laboratories -- sel-5037_sel_grid_configuratorAn Execution with Unnecessary Privileges vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to run system commands with the highest-level privilege on the system. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.2023-08-319.8CVE-2023-31175
MISC
MISC
broadcom -- brocade_sannavBrocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a allows remote unauthenticated users to bypass web authentication and authorization.2023-08-319.8CVE-2023-31424
MISC
wordpress -- wordpressThe Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.7.7. This is due to insufficient verification on the user being supplied during a Stripe checkout through the plugin. This allows unauthenticated cyber threat actors to log in as users who have orders, who are typically customers.2023-08-319.8CVE-2023-3162
MISC
MISC
MISC
chitor-cms -- chitor-cmsChitor-CMS before v1.1.2 was discovered to contain multiple SQL injection vulnerabilities.2023-08-309.8CVE-2023-31714
MISC
MISC
MISC
MISC
e-excellence -- u-office_forcee-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote cyber threat actor without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-08-259.8CVE-2023-32757
MISC
vmware -- aria_operations_for_networksAria Operations for Networks contains an Authentication Bypass vulnerability due to a lack of unique cryptographic key generation. A malicious actor with network access to Aria Operations for Networks could bypass SSH authentication to gain access to the Aria Operations for Networks CLI.2023-08-299.8CVE-2023-34039
MISC
MISC
zoho_corp -- manageengine_admanager_plusZoho ManageEngine ADManager Plus through 7186 is vulnerable to 2FA bypass.2023-08-289.8CVE-2023-35785
MISC
MISC
relic_project -- relicInteger Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows cyber threat actors to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function.2023-09-019.8CVE-2023-36326
MISC
MISC
relic_project -- relicInteger Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows cyber threat actors to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function.2023-09-019.8CVE-2023-36327
MISC
MISC
libtom -- libtommathInteger Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows cyber threat actors to execute arbitrary code and cause a denial of service (DoS).2023-09-019.8CVE-2023-36328
MISC
FEDORA
spotcam_co._ltd. -- spotcam_fhd_2SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. A remote unauthenticated cyber threat actor can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.2023-08-289.8CVE-2023-38024
MISC
spotcam_co._ltd. -- spotcam_fhd_2SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. A remote unauthenticated cyber threat actor can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt service.2023-08-289.8CVE-2023-38025
MISC
spotcam_co._ltd. -- spotcam_fhd_2SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. A remote cyber threat actor can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt service.2023-08-289.8CVE-2023-38026
MISC
spotcam_co._ltd. -- spotcam_fhd_2SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. A remote unauthenticated cyber threat actor can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt service.2023-08-289.8CVE-2023-38027
MISC
saho -- adm-100/adm-100fpSaho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. A unauthenticate remote cyber threat actor authenticated can upload and execute arbitrary files to perform arbitrary system commands or disrupt service.2023-08-289.8CVE-2023-38029
MISC
ectouch -- ectouchECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php.2023-08-289.8CVE-2023-39560
MISC
langchain -- langchainAn issue in LanChain-ai Langchain v.0.0.245 allows a remote cyber threat actor to execute arbitrary code via the evaluate function in the numexpr library.2023-09-019.8CVE-2023-39631
MISC
MISC
prestashop -- theme_voltyTheme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single.2023-08-289.8CVE-2023-39650
MISC
MISC
prestashop -- theme_voltytheme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run().2023-08-289.8CVE-2023-39652
MISC
MISC
icewarp -- mail_serverIceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows cyber threat actors to include or execute files from the local file system of the targeted server.2023-08-259.8CVE-2023-39699
MISC
MISC
MISC
oracle -- weblogic-frameworkweblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.2023-08-259.8CVE-2023-40571
MISC
MISC
find-exec -- find-execfind-exec is a utility to discover available shell commands. Versions prior to 1.0.3 did not properly escape user input and are vulnerable to Command Injection via a cyber threat actor-controlled parameter. As a result, cyber threat actors may run malicious shell commands in the context of the running process. This issue has been addressed in version 1.0.3. users are advised to upgrade. Users unable to upgrade should ensure that all input passed to find-exec comes from a trusted source.2023-08-309.8CVE-2023-40582
MISC
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can execute a specially crafted query that they can then use to serialize untrusted data. The cyber threat actor can use the query to execute arbitrary code.2023-08-309.8CVE-2023-40595
MISC
phpjabbers -- food_delivery_scriptPHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php.2023-08-289.8CVE-2023-40748
MISC
MISC
phpjabbers -- food_delivery_scriptPHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php.2023-08-289.8CVE-2023-40749
MISC
MISC
phpjabbers -- callback_widgetUser enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40756
MISC
MISC
phpjabbers -- food_delivery_scriptUser enumeration is found in PHPJabbers Food Delivery Script v3.1. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40757
MISC
MISC
phpjabbers -- document_creatorUser enumeration is found in PHPJabbers Document Creator v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40758
MISC
MISC
phpjabbers -- restaurant_booking_scriptUser enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40759
MISC
MISC
phpjabbers -- hotel_booking_systemUser enumeration is found in PHP Jabbers Hotel Booking System v4.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40760
MISC
MISC
phpjabbers -- yacht_listing_scriptUser enumeration is found in PHPJabbers Yacht Listing Script v2.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40761
MISC
MISC
phpjabbers -- fundraising_scriptUser enumeration is found in PHPJabbers Fundraising Script v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40762
MISC
MISC
phpjabbers -- taxi_booking_scriptUser enumeration is found in PHPJabbers Taxi Booking Script v2.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40763
MISC
MISC
phpjabbers -- jabbers_car_rental_scriptUser enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40764
MISC
MISC
phpjabbers -- event_booking_calendarUser enumeration is found in PHPJabbers Event Booking Calendar v4.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40765
MISC
MISC
phpjabbers -- ticket_support_scriptUser enumeration is found in in PHPJabbers Ticket Support Script v3.2. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40766
MISC
MISC
phpjabbers -- make_an_offer_widgetUser enumeration is found in in PHPJabbers Make an Offer Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow a cyber threat actor to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-289.8CVE-2023-40767
MISC
MISC
bladex -- springbladeIn SpringBlade V3.6.0 when executing SQL query, the parameters submitted by the user are not wrapped in quotation marks, which leads to SQL injection.2023-08-299.8CVE-2023-40787
MISC
MISC
tenda -- ac23_firmwareTenda AC23 V16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.2023-08-259.8CVE-2023-40799
MISC
tenda -- ac6_firmwareTenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADD50' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADD50" function to execute commands.2023-08-309.8CVE-2023-40837
MISC
tenda -- ac6_firmwareTenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_3A1D0' contains a command execution vulnerability.2023-08-309.8CVE-2023-40838
MISC
tenda -- ac6_firmwareTenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998.2023-08-289.8CVE-2023-40846
MISC
zbar_project -- zbarA heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, a cyber threat actor can digitally input the malicious QR code or prepare it to be physically scanned by the vulnerable scanner.2023-08-299.8CVE-2023-40889
MISC
zbar_project -- zbarA stack-based buffer overflow vulnerability exists in the lookup_sequence function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, a cyber threat actor can digitally input the malicious QR code or prepare it to be physically scanned by the vulnerable scanner.2023-08-299.8CVE-2023-40890
MISC
patton_electronics -- smartnode_sn200_firmwareSmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection.2023-08-289.8CVE-2023-41109
MISC
MISC
frrouting -- frrouting_frrAn issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.2023-08-299.8CVE-2023-41361
MISC
tenda -- ac9Tenda AC7 V1.0 V15.03.06.44 and Tenda AC9 V3.0 V15.03.06.42_multi were discovered to contain a stack overflow via parameter ssid at url /goform/fast_setting_wifi_set.2023-08-309.8CVE-2023-41552
MISC
tenda -- ac9Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetStaticRouteCfg.2023-08-309.8CVE-2023-41553
MISC
tenda -- ac9Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter wpapsk_crypto at url /goform/WifiExtraSet.2023-08-309.8CVE-2023-41554
MISC
tenda -- ac7Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter security_5g at url /goform/WifiBasicSet.2023-08-309.8CVE-2023-41555
MISC
tenda -- ac9Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter list at url /goform/SetIpMacBind.2023-08-309.8CVE-2023-41556
MISC
tenda -- ac7Tenda AC7 V1.0 V15.03.06.44 and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter entrys and mitInterface at url /goform/addressNat.2023-08-309.8CVE-2023-41557
MISC
tenda -- ac7Tenda AC7 V1.0 V15.03.06.44 was discovered to contain a stack overflow via parameter timeZone at url /goform/SetSysTimeCfg.2023-08-309.8CVE-2023-41558
MISC
tenda -- ac9Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter page at url /goform/NatStaticSetting.2023-08-309.8CVE-2023-41559
MISC
tenda -- ac9Tenda AC9 V3.0 V15.03.06.42_multi was discovered to contain a stack overflow via parameter firewallEn at url /goform/SetFirewallCfg.2023-08-309.8CVE-2023-41560
MISC
tenda -- ac9Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter startIp and endIp at url /goform/SetPptpServerCfg.2023-08-309.8CVE-2023-41561
MISC
tenda -- ac9Tenda AC7 V1.0 V15.03.06.44, Tenda AC9 V3.0 V15.03.06.42_multi, and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter time at url /goform/PowerSaveSet.2023-08-309.8CVE-2023-41562
MISC
tenda -- ac9Tenda AC9 V3.0 V15.03.06.42_multi and Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 were discovered to contain a stack overflow via parameter mac at url /goform/GetParentControlInfo.2023-08-309.8CVE-2023-41563
MISC
grupposcai -- realgimmA SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows cyber threat actors to access the database and execute arbitrary commands via a crafted SQL query.2023-08-319.8CVE-2023-41636
MISC
grupposcai -- realgimmAn arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to execute arbitrary code via uploading a crafted HTML file.2023-08-319.8CVE-2023-41637
MISC
dlink -- dar-8000-10A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-259.8CVE-2023-4542
MISC
MISC
MISC
ibos -- ibosA vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-259.8CVE-2023-4543
MISC
MISC
MISC
ibos_oa -- ibos_oaA vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-269.8CVE-2023-4545
MISC
MISC
MISC
spa-cart -- ecommerce_cmsA vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.2023-08-269.8CVE-2023-4548
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_systemA vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-238154 is the identifier assigned to this vulnerability.2023-08-279.8CVE-2023-4556
MISC
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability classified as critical has been found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_purchase_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238158 is the identifier assigned to this vulnerability.2023-08-279.8CVE-2023-4557
MISC
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability classified as critical was found in SourceCodester Inventory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file staff_data.php. The manipulation of the argument columns[0][data] leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238159.2023-08-279.8CVE-2023-4558
MISC
MISC
MISC
bettershop-- laiketuiA vulnerability, which was classified as critical, has been found in Bettershop LaikeTui. Affected by this issue is some unknown functionality of the file index.php?module=api&action=user&m=upload of the component POST Request Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-238160.2023-08-279.8CVE-2023-4559
MISC
MISC
wordpress -- wordpressThe Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated cyber threat actors to upload arbitrary files on the affected site's server which may make remote code execution possible.2023-08-309.8CVE-2023-4596
MISC
MISC
MISC
usememos -- memosImproper Access Control in GitHub repository usememos/memos prior to 0.13.2.2023-09-019.8CVE-2023-4696
MISC
MISC
infosoftbd -- clcknshopA vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-019.8CVE-2023-4708
MISC
MISC
MISC
google -- chromeInappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote cyber threat actor to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)2023-08-259.6CVE-2019-13690
MISC
MISC
saho -- adm-100/adm-100fpSaho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote cyber threat actor can exploit this vulnerability to bypass authentication to read system information and operate user's data but can’t control system or disrupt service.2023-08-289.1CVE-2023-38028
MISC
frrouting -- frrouting_frrAn issue was discovered in FRRouting FRR through 9.0. There is an out-of-bounds read in bgp_attr_aigp_valid in bgpd/bgp_attr.c because there is no check for the availability of two bytes during AIGP validation.2023-08-299.1CVE-2023-41359
MISC
frrouting -- frrouting_frrAn issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.2023-08-299.1CVE-2023-41360
MISC
qemu -- qemuAn issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local cyber threat actors to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).2023-08-288.8CVE-2020-24165
MISC
MISC
ibm -- security_guardiumIBM Security Guardium 11.4 could allow a remote authenticated cyber threat actor to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 240901.2023-08-278.8CVE-2022-43907
MISC
MISC
google -- chromeInsufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote cyber threat actor to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)2023-08-258.8CVE-2022-4452
MISC
MISC
dassault_systèmes -- simulia_3dorchestrateAn OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. A specially crafted HTTP request can lead to arbitrary command execution.2023-08-288.8CVE-2023-1997
MISC
wordpress -- wordpressThe Quick Post Duplicator for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated cyber threat actors with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-08-318.8CVE-2023-2229
MISC
MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. A remote cyber threat actor could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 244368.2023-08-288.8CVE-2023-22877
MISC
MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an cyber threat actor to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 245400.2023-08-288.8CVE-2023-23473
MISC
MISC
motorola_mobility -- mbts_site_controller_firmwareMotorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated cyber threat actor to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.2023-08-298.8CVE-2023-23772
MISC
motorola_mobility -- ebts_base_radio_firmwareMotorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated cyber threat actor to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.2023-08-298.8CVE-2023-23773
MISC
zte -- mf286r_firmwareThere is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated cyber threat actor could use the vulnerability to execute arbitrary commands.2023-08-258.8CVE-2023-25649
MISC
apache -- airflow_sqoop_providerApache Airflow Sqoop Provider, versions before 4.0.0, is affected by a vulnerability that allows a cyber threat actor to pass parameters with the connections, which makes it possible to implement RCE attacks via ‘sqoop import --connect’, obtain airflow server permissions, etc. The cyber threat actor needs to be logged in and have authorization (permissions) to create/edit connections. It is recommended to upgrade to a version that is not affected. This issue was reported independently by happyhacking-k, And Xie Jianming and LiuHui of Caiji Sec Team also reported it.2023-08-288.8CVE-2023-27604
MISC
MISC
dell -- powerscale_onefsDell PowerScale OneFS, versions 8.2.2.x-9.5.0.x, contains an improper privilege management vulnerability. A remote cyber threat actor with low privileges could potentially exploit this vulnerability, leading to escalation of privileges.2023-08-298.8CVE-2023-32457
MISC
schweitzer_engineering_laboratories -- sel-5037_sel_grid_configuratorA Missing Authentication for Critical Function vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to run arbitrary commands on managed devices by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.2023-08-318.8CVE-2023-34392
MISC
MISC
wordpress -- wordpressThe WP Project Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.6.4 due to insufficient restriction on the 'save_users_map_name' function. This makes it possible for authenticated cyber threat actors, with minimal permissions such as a subscriber, to modify their user role by supplying the 'usernames' parameter.2023-08-318.8CVE-2023-3636
MISC
MISC
MISC
wordpress -- wordpressThe WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to SQL Injection via the pageId parameter in versions up to, and including, 1.2.89 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for subscribers or higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-08-318.8CVE-2023-3677
MISC
MISC
MISC
infoblox -- niosInfoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.2023-08-258.8CVE-2023-37249
CONFIRM
MISC
ansible-semaphore -- ansible_semaphoreAn issue in ansible semaphore v.2.8.90 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the extra variable's parameter.2023-08-288.8CVE-2023-39059
MISC
MISC
apache -- airflow_spark_providerDeserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users. To view the warning in the docs, please visit https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html2023-08-288.8CVE-2023-40195
MISC
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. A cyber threat actor can abuse this reference and subsequently install malicious code to achieve privilege escalation on the Windows machine.2023-08-308.8CVE-2023-40596
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk.2023-08-308.8CVE-2023-40597
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can create an external lookup that calls a legacy internal function. The cyber threat actor can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code on the Splunk platform Instance.2023-08-308.8CVE-2023-40598
MISC
phpjabbers -- car_rental_scriptIn PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote cyber threat actors to take over accounts.2023-08-288.8CVE-2023-40754
MISC
MISC
tenda -- ac23In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.2023-08-258.8CVE-2023-40797
MISC
tenda -- ac23In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.2023-08-258.8CVE-2023-40798
MISC
tenda -- ac23The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.2023-08-258.8CVE-2023-40800
MISC
tenda -- ac23The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn2023-08-258.8CVE-2023-40801
MISC
virustotal -- yaraBuffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote cyber threat actor to execute arbtirary code via the yr_execute_cod function in the exe.c component.2023-08-288.8CVE-2023-40857
MISC
grupposcai -- realgimmAn arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to execute arbitrary code via uploading a crafted file.2023-08-318.8CVE-2023-41638
MISC
MISC
grupposcai -- realgimmAn improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows cyber threat actors to obtain sensitive technical information via a crafted SQL query.2023-08-318.8CVE-2023-41640
MISC
google -- chromeUse after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote cyber threat actor to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-298.8CVE-2023-4572
MISC
MISC
MISC
usememos -- memosImproper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.2023-09-018.8CVE-2023-4697
MISC
MISC
splunk -- it_service_intelligenceIn Splunk IT Service Intelligence (ITSI) versions below 4.13.3 or 4.15.3, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.2023-08-308.6CVE-2023-4571
MISC
motorola_mobility-- mbts_base_radio_firmwareMotorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.2023-08-298.4CVE-2023-23771
MISC
motorola_mobility -- ebts_site_controller_firmwareMotorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows a cyber threat actor with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.2023-08-298.4CVE-2023-23774
MISC
schweitzer_engineering_laboratories -- sel-5037_sel_grid_configuratorUse of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.2023-08-318.4CVE-2023-31173
MISC
MISC
mattermost -- mattermostMattermost fails to restrict which parameters' values it takes from the request during signup allowing a cyber threat actor to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.2023-08-258.2CVE-2023-4478
MISC
sliver -- sliverSliver from v1.5.x to v1.5.39 has an improper cryptographic implementation, which allows cyber threat actors to execute a man-in-the-middle attack via intercepted and crafted responses.2023-08-288.1CVE-2023-34758
MISC
MISC
MISC
MISC
google -- chromeInappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote cyber threat actor to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)2023-08-257.8CVE-2019-13689
MISC
MISC
stormshield -- ssl_vpn_clientStormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.2023-08-257.8CVE-2021-27932
MISC
MISC
esoteric_software -- yamlbeansAn issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.2023-08-257.8CVE-2023-24621
MISC
MISC
MISC
archive_project -- archiveAn issue in Archive v3.3.7 allows cyber threat actors to spoof zip filenames which can lead to inconsistent filename parsing.2023-08-307.8CVE-2023-39137
MISC
MISC
MISC
MISC
peakstep -- zipfoundationAn issue in ZIPFoundation v0.9.16 allows cyber threat actors to execute a path traversal via extracting a crafted zip file.2023-08-307.8CVE-2023-39138
MISC
MISC
MISC
MISC
archive_project -- archiveAn issue in Archive v3.3.7 allows cyber threat actors to execute a path traversal via extracting a crafted zip file.2023-08-307.8CVE-2023-39139
MISC
MISC
MISC
notepad-plus-plus -- notepad-plus-plusNotepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-257.8CVE-2023-40031
MISC
gitpython -- gitpythonGitPython is a python library used to interact with Git repositories. When resolving a program, Python/Windows look for the current working directory, and after that the PATH environment. GitPython defaults to use the `git` command, if a user runs GitPython from a repo has a `git.exe` or `git` executable, that program will be run instead of the one in the user's `PATH`. This is more of a problem on how Python interacts with Windows systems, Linux and any other OS aren't affected by this. But probably people using GitPython usually run it from the CWD of a repo. A cyber threat actor can trick a user to download a repository with a malicious `git` executable, if the user runs/imports GitPython from that directory, it allows the cyber threat actor to run any arbitrary commands. There is no fix currently available for windows users, however there are a few mitigations. 1: Default to an absolute path for the git program on Windows, like `C:\\Program Files\\Git\\cmd\\git.EXE` (default git path installation). 2: Require users to set the `GIT_PYTHON_GIT_EXECUTABLE` environment variable on Windows systems. 3: Make this problem prominent in the documentation and advise users to never run GitPython from an untrusted repo, or set the `GIT_PYTHON_GIT_EXECUTABLE` env var to an absolute path. 4: Resolve the executable manually by only looking into the `PATH` environment variable.2023-08-287.8CVE-2023-40590
MISC
MISC
phicomm -- k2Phicomm k2 v22.6.529.216 is vulnerable to command injection.2023-08-257.8CVE-2023-40796
MISC
pagekit -- pagekitAn issue in Pagekit pagekit v.1.0.18 alows a remote cyber threat actor to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php2023-08-287.8CVE-2023-41005
MISC
acronis -- multiple_productsLocal privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278, Acronis Agent (Windows) before build 31637, Acronis Cyber Protect 15 (Windows) before build 35979.2023-08-317.8CVE-2023-41743
MISC
MISC
acronis -- multiple_products_for_macosLocal privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Agent (macOS) before build 30600, Acronis Cyber Protect 15 (macOS) before build 35979.2023-08-317.8CVE-2023-41744
MISC
zope -- restrictedpythonRestrictedPython is a restricted execution environment for Python to run untrusted code. Python's "format" functionality allows someone controlling the format string to "read" all objects accessible through recursive attribute lookup and subscription from objects he can access. This can lead to critical information disclosure. With `RestrictedPython`, the format functionality is available via the `format` and `format_map` methods of `str` (and `unicode`) (accessed either via the class or its instances) and via `string.Formatter`. All known versions of `RestrictedPython` are vulnerable. This issue has been addressed in commit `4134aedcff1` which has been included in the 5.4 and 6.2 releases. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-307.7CVE-2023-41039
MISC
MISC
ibm -- security_guardiumIBM Security Guardium 11.3 and 11.4 could disclose sensitive information to a cyber threat actor due to improper restriction of excessive authentication attempts. IBM X-Force ID: 240895.2023-08-287.5CVE-2022-43904
MISC
MISC
hitachi -- hirdb_server_with_additional_functionInsufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, before 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.2023-08-297.5CVE-2023-1995
MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Systems 11.7 could expose information about the host system and environment configuration. IBM X-Force ID: 246332.2023-08-287.5CVE-2023-24959
MISC
MISC
stormshield -- stormshield_network_securityASQ in Stormshield Network Security (SNS) 4.3.15 before 4.3.16 and 4.6.x before 4.6.3 allows a crash when analyzing a crafted SIP packet.2023-08-287.5CVE-2023-26095
MISC
ibm -- guardium_cloud_key_managerIBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) uses an inadequate account lockout setting that could allow a remote cyber threat actor to brute force account credentials. IBM X-Force ID: 248126.2023-08-287.5CVE-2023-26271
MISC
MISC
e-excellence -- u-office_forcee-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote cyber threat actor can exploit this vulnerability to read arbitrary system files but can’t control system or disrupt service.2023-08-257.5CVE-2023-32756
MISC
ibm -- security_verify_information_queueIBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote cyber threat actor to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 256015.2023-08-317.5CVE-2023-33835
MISC
MISC
techview -- la-5570_wireless_gatewayAn issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows cyber threat actors to gain sensitive information via /config/system.conf.2023-08-257.5CVE-2023-34723
MISC
MISC
broadcom -- brocade_fabric_operating_systemThe firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any earlier version of Fabric OS.2023-08-317.5CVE-2023-3489
MISC
skale_network -- sgxwalletBuffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows a cyber threat actor to cause a denial of service via the trustedBlsSignMessage function.2023-08-257.5CVE-2023-36198
MISC
skale_network -- sgxwalletAn issue in skalenetwork sgxwallet v.1.9.0 and below allows a cyber threat actor to cause a denial of service via the trustedGenerateEcdsaKey component.2023-08-257.5CVE-2023-36199
MISC
arista_networks -- eosOn affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.2023-08-297.5CVE-2023-3646
MISC
samsung -- exynos_9810An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Improper handling of PPP length parameter inconsistency can cause an infinite loop.2023-08-287.5CVE-2023-36481
MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-08-267.5CVE-2023-36741
MISC
saho -- adm-100/adm-100fpSaho’s attendance devices ADM100 and ADM-100FP have a vulnerability of missing authentication for critical functions. An unauthenticated remote cyber threat actor can execute system commands in partial website URLs to read sensitive device information without permissions.2023-08-287.5CVE-2023-38030
MISC
libreswan -- libreswanAn issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.2023-08-257.5CVE-2023-38710
MISC
MISC
libreswan -- libreswanAn issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.2023-08-257.5CVE-2023-38711
MISC
MISC
libreswan -- libreswanAn issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.2023-08-257.5CVE-2023-38712
MISC
MISC
ibm -- storage_copy_data_managementIBM Storage Copy Data Management 2.2.0.0 through 2.2.19.0 uses weaker than expected cryptographic algorithms that could allow a cyber threat actor to decrypt highly sensitive information. IBM X-Force ID: 262268.2023-08-277.5CVE-2023-38730
MISC
MISC
frrouting -- frrouting_frrFRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote cyber threat actorto cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).2023-08-297.5CVE-2023-38802
MISC
MISC
qdrant -- qdrant* Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote cyber threat actorcause a denial of service via the chucnked_vectors.rs component.2023-08-297.5CVE-2023-38975
MISC
MISC
mitel -- mivoice_connectA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated cyber threat actor to conduct an account enumeration attack due to improper configuration. A successful exploit could allow a cyber threat actor to access system information.2023-08-257.5CVE-2023-39289
MISC
MISC
aomedia -- aomediaAOMedia v3.0.0 to v3.5.0 was discovered to contain an invalid read memory access via the component assign_frame_buffer_p in av1/common/av1_common_int.h.2023-08-297.5CVE-2023-39616
MISC
mathjax -- mathjaxMathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern.2023-08-297.5CVE-2023-39663
MISC
libp2p -- libp2plibp2p is a networking stack and library modularized out of The IPFS Project and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e., the cyber threat actor could bring down nodes over a period of time (how long depends on the node resources i.e., a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.2023-08-257.5CVE-2023-40583
MISC
MISC
MISC
MISC
metal3 -- ironic-imageironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t ...`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.2023-08-257.5CVE-2023-40585
MISC
MISC
coraza -- corazaOWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from cyber threat actors. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.2023-08-257.5CVE-2023-40586
MISC
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a denial of service through a crash or hang of the Splunk daemon.2023-08-307.5CVE-2023-40593
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, a cyber threat actor can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.2023-08-307.5CVE-2023-40594
MISC
synck_graphica -- mailform_pro_cgiRegular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated cyber threat actor to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.2023-08-257.5CVE-2023-40599
MISC
MISC
dataease -- dataeaseSQL injection vulnerability in DataEase v.1.18.9 allows a remote cyber threat actor to obtain sensitive information via a crafted string outside of the blacklist function.2023-09-017.5CVE-2023-40771
MISC
pf4j -- pf4jAn issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the zippluginPath parameter.2023-08-287.5CVE-2023-40826
MISC
pf4j -- pf4jAn issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter.2023-08-287.5CVE-2023-40827
MISC
MISC
MISC
pf4j -- pf4jAn issue in pf4j pf4j v.3.9.0 and before allows a remote cyber threat actor to obtain sensitive information and execute arbitrary code via the expandIfZip method in the extract function.2023-08-287.5CVE-2023-40828
MISC
MISC
MISC
tenda -- ax3Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via the ssid parameter.2023-08-257.5CVE-2023-40915
MISC
timg -- timgBuffer Overflow vulnerability in hzeller timg v.1.5.2 and before allows a remote cyber threat actorto cause a denial of service via the 0x61200000045c address.2023-09-017.5CVE-2023-40968
MISC
jira -- o-ran_software_communityBuffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote cyber threat actor to cause a denial of service via a crafted packet.2023-08-287.5CVE-2023-40997
MISC
jira -- o-ran_software_communityBuffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote cyber threat actor to cause a denial of service via the packet size component.2023-08-287.5CVE-2023-40998
MISC
array_networks -- arrayos_agArray AG OS before 9.4.0.499 allows denial of service: remote cyber threat actors can cause system service processes to crash through abnormal HTTP operations.2023-08-257.5CVE-2023-41121
MISC
MISC
adguard_dns -- adguard_dnsAdGuard DNS before 2.2 allows remote cyber threat actors to cause a denial of service via malformed UDP packets.2023-08-257.5CVE-2023-41173
MISC
frrouting -- frrouting_frrAn issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.2023-08-297.5CVE-2023-41358
MISC
nokia -- service_router_linuxNokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes.2023-08-297.5CVE-2023-41376
MISC
MISC
MISC
phpjabbers -- business_directory_scriptphpjabbers Business Directory Script 3.2 is vulnerable to SQL Injection via the column parameter.2023-08-307.5CVE-2023-41539
MISC
juniper_network_inc -- junos_os
 
An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based cyber threat actor to cause a Denial of Service (DoS). When certain specific crafted BGP UPDATE messages are received over an established BGP session, one BGP session may be torn down with an UPDATE message error, or the issue may propagate beyond the local system which will remain non-impacted but may affect one or more remote systems. This issue is exploitable remotely as the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continuous receipt of the crafted BGP UPDATE messages will create a sustained Denial of Service (DoS) condition for impacted devices. This issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations. This issue requires a remote cyber threat actor to have at least one established BGP session.2023-09-017.5CVE-2023-4481
MISC
MISC
MISC
MISC
yugabyte -- yugabytedbThe controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. This can be seen by noting that it extends Controller rather than AuthenticatedController and includes no further checks. This issue affects YugabyteDB Anywhere: from 2.0.0 through 2.17.32023-08-307.5CVE-2023-4640
MISC
usememos -- memosImproper Input Validation in GitHub repository usememos/memos prior to 0.13.2.2023-09-017.5CVE-2023-4698
MISC
MISC
schweitzer_engineering_laboratories -- sel-5030_acselerator_quicksetAn Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.2023-08-317.4CVE-2023-31172
MISC
MISC
vmware -- aria_operations_for_networksAria Operations for Networks contains an arbitrary file write vulnerability. An authenticated malicious actor with administrative access to VMware Aria Operations for Networks can write files to arbitrary locations resulting in remote code execution.2023-08-297.2CVE-2023-20890
MISC
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects.2023-09-017.2CVE-2023-3915
MISC
MISC
perfree -- perfreeblogAn issue in Perfree PerfreeBlog v.3.1.2 allows a remote cyber threat actor to execute arbitrary code via crafted plugin listed in admin/plugin/access/list.2023-08-287.2CVE-2023-40825
MISC
mybb -- mybbMyBB before 1.8.36 allows Code Injection by users with certain high privileges. Templates in Admin CP intentionally use eval, and there was some validation of the input to eval, but type juggling interfered with this when using PCRE within PHP.2023-08-297.2CVE-2023-41362
MISC
CONFIRM
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
techview -- la-5570_wireless_gatewayAn issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical cyber threat actors to gain escalated privileges via the UART interface.2023-08-286.8CVE-2023-34724
MISC
MISC
techview -- la-5570_wireless_gatewayAn issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical cyber threat actors to gain escalated privileges via a telnet connection.2023-08-286.8CVE-2023-34725
MISC
MISC
github -- enterprise_serverAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this vulnerability, a cyber threat actor would need write access to the repository. This vulnerability was reported via the GitHub Bug Bounty Program https://bounty.github.com/ .2023-08-306.5CVE-2023-23765
MISC
MISC
MISC
MISC
arista_networks -- eosOn affected platforms running Arista EOS with VXLAN configured, malformed or truncated packets received over a VXLAN tunnel and forwarded in hardware can cause egress ports to be unable to forward packets. The device will continue to be susceptible to the issue until remediation is in place.2023-08-296.5CVE-2023-24548
MISC
wireshark -- wiresharkDue to a failure in validating the length provided by a cyber threat actor-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial-of-service attack.2023-08-256.5CVE-2023-2906
MISC
MISC
schweitzer_engineering_laboratories -- sel-5030_acselerator_quicksetAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.2023-08-316.5CVE-2023-31168
MISC
MISC
schweitzer_engineering_laboratories -- sel-5030_acselerator_quicksetAn Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.2023-08-316.5CVE-2023-31170
MISC
MISC
schweitzer_engineering_laboratories -- sel-5030_acselerator_quicksetAn Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.2023-08-316.5CVE-2023-31171
MISC
MISC
schweitzer_engineering_laboratories -- sel-5037_sel_grid_configuratorA Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.2023-08-316.5CVE-2023-31174
MISC
MISC
broadcom -- brocade_sannavBrocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. A privileged user could retrieve these credentials with knowledge and access to these log files. SNMP credentials could be seen in SANnav SupportSave if the capture is performed after an SNMP configuration failure causes an SNMP communication log dump.2023-08-316.5CVE-2023-31925
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.2023-09-016.5CVE-2023-3205
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.2023-09-016.5CVE-2023-3210
MISC
MISC
tenable -- nessusAn arbitrary file write vulnerability exists where an authenticated, remote cyber threat actor with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial-of-service condition.2023-08-296.5CVE-2023-3252
MISC
zulip -- zulip_serverZulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.2023-08-256.5CVE-2023-32678
MISC
MISC
m-files -- classic_webPath Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server2023-08-256.5CVE-2023-3406
MISC
wordpress -- wordpressThe Upload Media By URL WordPress plugin before 1.0.8 does not have CSRF check when uploading files, which could allow cyber threat actors to make logged in admins upload files (including HTML containing JS code for users with the unfiltered_html capability) on their behalf.2023-08-306.5CVE-2023-3720
MISC
keylime -- keylimeA flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow a cyber threat actor to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.2023-08-256.5CVE-2023-38201
MISC
MISC
MISC
MISC
xmlsoft -- libxml2Xmlsoft Libxml2 v2.11.0 was discovered to contain a global buffer overflow via the xmlSAX2StartElement() function at /libxml2/SAX2.c. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted XML file.2023-08-296.5CVE-2023-39615
MISC
wordpress -- wordpressThe GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow cyber threat actors to make logged in admins update and deactivate the plugin's license via CSRF attacks2023-08-306.5CVE-2023-4013
MISC
neutrinolabs -- xrdpxrdp is an open-source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-306.5CVE-2023-40184
MISC
MISC
MISC
openfga -- openfgaOpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.2023-08-256.5CVE-2023-40579
MISC
MISC
stellar -- freighterFreighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.2023-08-256.5CVE-2023-40580
MISC
MISC
MISC
libming -- libmingBuffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote cyber threat actor to cause a denial of service via a crafted .swf file to the makeswf function.2023-08-286.5CVE-2023-40781
MISC
tenda -- ac23The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn2023-08-256.5CVE-2023-40802
MISC
gitpython -- gitpythonGitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows a cyber threat actor to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.2023-08-306.5CVE-2023-41040
MISC
MISC
grupposcai -- realgimmA XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows cyber threat actors to read any file in the filesystem via supplying a crafted XML file.2023-08-316.5CVE-2023-41635
MISC
byzoro -- smart_s85f_management_platformA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.2023-08-266.5CVE-2023-4546
MISC
MISC
MISC
omeka -- omeka_sImproper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4.2023-08-286.5CVE-2023-4560
MISC
MISC
wordpress -- wordpress
 
The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-09-026.4CVE-2023-4718
MISC
MISC
MISC
linux -- kernelA use-after-free flaw was found in mm/mempolicy.c in the memory management subsystem in the Linux Kernel. This issue is caused by a race between mbind() and VMA-locked page fault and may allow a local cyber threat actor to crash the system or lead to a kernel information leak.2023-08-296.3CVE-2023-4611
MISC
MISC
MISC
doc2k -- re-chatA vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file js_on_radio-emergency.de_/re_chat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named bd17d497ddd3bab4ef9c6831c747c37cc016c570. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-238155.2023-08-286.1CVE-2016-15035
MISC
MISC
MISC
humaxdigital -- hgb10r-02_brgcabCross Site Scripting (XSS) vulnerability in wlscanresults.html in Humax HGB10R-02 BRGCAB version 1.0.03, allows local cyber threat actors to execute arbitrary code.2023-08-286.1CVE-2020-27366
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premio Chaty plugin <= 3.0.9 versions2023-08-306.1CVE-2023-25019
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ian Sadovy WordPress Tables plugin <= 1.3.9 versions.2023-08-306.1CVE-2023-25453
MISC
mordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.2023-08-306.1CVE-2023-25466
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions.2023-08-306.1CVE-2023-25471
MISC
wordpress -- wordpressThe MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-306.1CVE-2023-3136
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPDeveloper Essential Addons for Elementor Pro plugin <= 5.4.8 versions.2023-08-296.1CVE-2023-32241
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions.2023-08-256.1CVE-2023-32518
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions.2023-08-306.1CVE-2023-32597
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.8.1 versions.2023-08-306.1CVE-2023-32740
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in VeronaLabs WP SMS plugin <= 6.1.4 versions.2023-08-306.1CVE-2023-32742
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Composite Products plugin <= 8.7.5 versions.2023-08-306.1CVE-2023-32801
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 1.9.0 versions.2023-08-306.1CVE-2023-32802
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Returns and Warranty Requests plugin <= 2.1.6 versions.2023-08-306.1CVE-2023-33317
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mohammad I. Okfie WP-Hijri plugin <= 1.5.1 versions.2023-08-306.1CVE-2023-33320
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.1 versions.2023-08-306.1CVE-2023-33325
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in weDevs WP ERP plugin <= 1.12.3 versions.2023-08-306.1CVE-2023-34008
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rakib Hasan Dynamic QR Code Generator plugin <= 0.0.5 versions.2023-08-306.1CVE-2023-34022
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.2023-08-306.1CVE-2023-34023
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pascal Casier bbPress Toolkit plugin <= 1.0.12 versions.2023-08-306.1CVE-2023-34032
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in BBS e-Theme BBS e-Popup plugin <= 2.4.5 versions.2023-08-306.1CVE-2023-34174
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.2023-08-306.1CVE-2023-34175
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chilexpress Chilexpress woo oficial plugin <= 1.2.9 versions.2023-08-306.1CVE-2023-34176
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in KAPlugins Google Fonts For WordPress plugin <= 3.0.0 versions.2023-08-306.1CVE-2023-34180
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Bhavik Patel Woocommerce Order address Print plugin <= 3.2 versions.2023-08-306.1CVE-2023-34184
MISC
html2pdf -- html2pdfCross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote cyber threat actor to execute arbitrary code via a crafted script to the forms.php.2023-08-286.1CVE-2023-39062
MISC
MISC
MISC
web-audimex -- audimexeeAudimexEE v15.0 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the Show Kai Data component.2023-08-296.1CVE-2023-39558
MISC
MISC
icewarp -- icewarpIceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.2023-08-256.1CVE-2023-39600
MISC
MISC
bdcom -- p3310d-2acA cross-site scripting (XSS) vulnerability in the device web interface (Log Query page) of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter.2023-08-296.1CVE-2023-39678
MISC
icewarp -- mail_serverIceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.2023-08-256.1CVE-2023-39700
MISC
MISC
MISC
sourcecodester -- free_and_open_source_inventory_management_systemA stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add New parameter under the New Buy section.2023-08-286.1CVE-2023-39708
MISC
MISC
MISC
sourcecodester -- free_and_open_source_inventory_management_systemMultiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Member section.2023-08-286.1CVE-2023-39709
MISC
MISC
MISC
sourcecodester -- free_and_open_source_inventory_management_systemMultiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add New Member section.2023-09-016.1CVE-2023-39714
MISC
MISC
MISC
wordpress -- wordpressThe PostX WordPress plugin before 3.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-08-306.1CVE-2023-3992
MISC
jupyter -- jupyter_serverjupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-286.1CVE-2023-39968
MISC
MISC
jupyter -- jupyter_serverjupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.2023-08-286.1CVE-2023-40170
MISC
MISC
splunk -- enterprise/cloud_platformIn Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, a cyber threat actor can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web endpoint. Exploitation of this vulnerability can lead to the execution of arbitrary commands on the Splunk platform instance.2023-08-306.1CVE-2023-40592
MISC
phpjabbers -- yacht_listing_scriptThere is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0.2023-08-286.1CVE-2023-40750
MISC
MISC
phpjabbers -- fundraising_scriptPHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php.2023-08-286.1CVE-2023-40751
MISC
MISC
phpjabbers -- make_an_offer_widgetThere is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0.2023-08-286.1CVE-2023-40752
MISC
MISC
phpjabbers -- callback_widgetsThere is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.2023-08-286.1CVE-2023-40755
MISC
MISC
decentraland -- single_sign_on_client@dcl/single-sign-on-client is an open source npm library which deals with single sign on authentication flows. Improper input validation in the `init` function allows arbitrary javascript to be executed using the `javascript:` prefix. This vulnerability has been patched on version `0.1.0`. Users are advised to upgrade. Users unable to upgrade should limit untrusted user input to the `init` function.2023-09-016.1CVE-2023-41049
MISC
MISC
apache -- tomcatURL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.2023-08-256.1CVE-2023-41080
MISC
usermin -- userminA Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote cyber threat actors to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.2023-08-306.1CVE-2023-41163
MISC
MISC
phpjabbers -- business_directory_scriptphpjabbers Business Directory Script 3.2 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.2023-08-306.1CVE-2023-41537
MISC
phpjabbers -- php_forum_scriptphpjabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.2023-08-306.1CVE-2023-41538
MISC
grupposcai -- realgimmMultiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow cyber threat actors to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.2023-08-316.1CVE-2023-41642
MISC
wordpress -- wordpressThe Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the wcemails_edit parameter in versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-08-316.1CVE-2023-4315
MISC
MISC
wordpress -- wordpressThe Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-08-316.1CVE-2023-4471
MISC
MISC
MISC
wordpress -- wordpressThe FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the 'save' function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated cyber threat actors to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.2023-08-256.1CVE-2023-4520
MISC
MISC
MISC
neomind -- fusion_platformA vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-256.1CVE-2023-4534
MISC
MISC
MISC
spa-cart -- ecommerce_cmsA vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.2023-08-266.1CVE-2023-4547
MISC
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file suppliar_data.php. The manipulation of the argument name/company leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238153 was assigned to this vulnerability.2023-08-276.1CVE-2023-4555
MISC
MISC
MISC
instantsoft -- instantsoft/icms2Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1.2023-08-316.1CVE-2023-4655
MISC
MISC
infosoftbd -- clcknshopA vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been declared as problematic. This vulnerability affects unknown code of the file /collection/all. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. VDB-238570 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-016.1CVE-2023-4707
MISC
MISC
MISC
schweitzer_engineering_laboratories -- sel-5030_acselerator_quicksetAn Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow a cyber threat actor to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5030 acSELerator QuickSet Software: through 7.1.3.0.2023-08-315.7CVE-2023-31169
MISC
MISC
cloudflare -- warpDue to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app.2023-08-295.5CVE-2023-0238
MISC
MISC
esoteric_software -- yamlbeansAn issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.2023-08-255.5CVE-2023-24620
MISC
MISC
MISC
broadcom -- brocade_sannavPossible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Notes: To access the logs, the local cyber threat actormust have access to an already collected Brocade SANnav "supportsave" outputs.2023-08-315.5CVE-2023-31423
MISC
schweitzer_engineering_laboratories -- sel-5033_acselerator_real-time_automation_controllerInsecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. See Instruction Manual Appendix A [Cybersecurity] tag dated 20230522 for more details. This issue affects SEL-5033 AcSELerator RTAC Software: before 1.35.151.21000.2023-08-315.5CVE-2023-34391
MISC
MISC
mitel -- mivoice_connectA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated cyber threat actorwith elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow a cyber threat actor to access network information and to generate excessive network traffic.2023-08-255.5CVE-2023-39287
MISC
MISC
mitel -- mivoice_connectA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated cyber threat actor with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow a cyber threat actor to access network information and to generate excessive network traffic.2023-08-255.5CVE-2023-39288
MISC
MISC
gpac -- gpacGPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. This vulnerability allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted file.2023-08-285.5CVE-2023-39562
MISC
MISC
notepad-plus-plus -- notepad-plus-plusNotepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-255.5CVE-2023-40036
MISC
notepad-plus-plus -- notepad-plus-plusNotepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-255.5CVE-2023-40164
MISC
notepad-plus-plus -- notepad-plus-plusNotepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-255.5CVE-2023-40166
MISC
catdoc -- catdocCatdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c.2023-09-015.5CVE-2023-41633
MISC
MISC
linux -- kernelA memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. This issue may allow a local cyber threat actorto cause a double deactivation of catchall elements, which results in a memory leak.2023-08-285.5CVE-2023-4569
MISC
MISC
MISC
gpac -- gpacDivide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV.2023-08-315.5CVE-2023-4678
MISC
MISC
gpac -- gpacNULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.2023-08-315.5CVE-2023-4681
MISC
MISC
gpac -- gpacHeap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV.2023-08-315.5CVE-2023-4682
MISC
MISC
gpac -- gpacNULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV.2023-08-315.5CVE-2023-4683
MISC
MISC
gpac -- gpacFloating Point Comparison with Incorrect Operator in GitHub repository gpac/gpac prior to 2.3-DEV.2023-09-015.5CVE-2023-4720
MISC
MISC
gpac -- gpacOut-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV.2023-09-015.5CVE-2023-4721
MISC
MISC
gpac -- gpacInteger Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.3-DEV.2023-09-015.5CVE-2023-4722
MISC
MISC
ibm -- security_guardiumIBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 240905.2023-08-275.4CVE-2022-43909
MISC
MISC
wordpress -- wordpressThe BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-315.4CVE-2023-2171
MISC
MISC
wordpress -- wordpressThe WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'admin_page_display' function. This makes it possible for unauthenticated cyber threat actors to delete or change plugin settings, import demo data, modify or delete Directory Kit related posts and terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Partial patches were made avilable in versions 1.2.0 and 1.2.1 but the issue was not fully patched until 1.2.22023-08-315.4CVE-2023-2279
MISC
MISC
MISC
wordpress -- wordpressThe CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-315.4CVE-2023-2354
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.2023-08-255.4CVE-2023-25981
MISC
ibm -- security_guardiumIBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252291.2023-08-275.4CVE-2023-30435
MISC
MISC
ibm -- security_guardiumIBM Security Guardium 11.3, 11.4, and 11.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 252292.2023-08-275.4CVE-2023-30436
MISC
MISC
wordpress -- wordpressAuth. (subscriber+) Stored Cross-Site Scripting') vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.2023-08-255.4CVE-2023-32576
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.45 versions.2023-08-305.4CVE-2023-32746
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Pre-Orders plugin <= 2.0.0 versions.2023-08-305.4CVE-2023-32793
MISC
ibm -- security_guardiumIBM Security Guardium 11.4 is vulnerable to SQL injection. A remote cyber threat actor could send specially crafted SQL statements, which could allow the cyber threat actor to view, add, modify or delete information in the back-end database. IBM X-Force ID: 257614.2023-08-275.4CVE-2023-33852
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Box Office plugin <= 1.1.50 versions.2023-08-305.4CVE-2023-34004
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Berthelot / MPEmbed WP Matterport Shortcode plugin <= 2.1.4 versions.2023-08-305.4CVE-2023-35094
MISC
uatech -- badasoCross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function.2023-08-285.4CVE-2023-38969
MISC
MISC
uatech -- badasoCross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the Name of member parameter in the add new member function.2023-08-305.4CVE-2023-38970
MISC
MISC
uatech -- badasoCross Site Scripting vulnerabiltiy in Badaso v.0.0.1 thru v.2.9.7 allows a remote cyber threat actor to execute arbitrary code via a crafted payload to the rack number parameter in the add new rack function.2023-08-295.4CVE-2023-38971
MISC
MISC
uatech -- badasoA stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.2023-08-255.4CVE-2023-38973
MISC
uatech -- badasoA stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.2023-08-255.4CVE-2023-38974
MISC
sourcecodester -- free_and_open_source_inventory_management_systemA stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.2023-08-255.4CVE-2023-39707
MISC
MISC
MISC
wordpress -- wordpressThe Simple Blog Card WordPress plugin before 1.31 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-08-305.4CVE-2023-4035
MISC
prometheus -- alertmanagerAlertmanager handles alerts sent by client applications such as the Prometheus server. A cyber threat actor with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.2023-08-255.4CVE-2023-40577
MISC
phpjabbers -- ticket_support_scriptThere is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2.2023-08-285.4CVE-2023-40753
MISC
MISC
usermin -- userminA Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote cyber threat actors to inject arbitrary web script or HTML via options for the host value while editing the host options.2023-08-295.4CVE-2023-41153
MISC
MISC
wordpress -- wordpressThe Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-305.4CVE-2023-4597
MISC
MISC
MISC
wordpress -- wordpressThe Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated cyber threat actors with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-305.4CVE-2023-4599
MISC
MISC
MISC
instantsoft -- instantsoft/icms2Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1.2023-08-315.4CVE-2023-4649
MISC
MISC
instantsoft -- instantsoft/icms2Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1.2023-08-315.4CVE-2023-4651
MISC
MISC
instantsoft -- instantsoft/icms2Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-315.4CVE-2023-4652
MISC
MISC
mediawiki -- mediawikiA vulnerability was found in glb Meetup Tag Extension 0.1 on MediaWiki. It has been rated as problematic. This issue affects some unknown processing of the component Link Attribute Handler. The manipulation leads to use of web link to untrusted target with window.opener access. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 850c726d6bbfe0bf270801fbb92a30babea4155c. It is recommended to upgrade the affected component. The identifier VDB-238157 was assigned to this vulnerability.2023-08-285.3CVE-2018-25089
MISC
MISC
MISC
MISC
wordpress -- wordpressThe User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible for cyber threat actors to access restricted content in certain situations.2023-08-305.3CVE-2022-1601
MISC
stormshield -- ssl_vpn_clientAn issue was discovered in Stormshield SSL VPN Client before 3.2.0. If multiple address books are used, a cyber threat actor may be able to access the other encrypted address book.2023-08-285.3CVE-2022-46783
MISC
MISC
esri -- arcgis_serverArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized cyber threat actor may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.2023-08-255.3CVE-2023-25848
MISC
ibm -- guardium_cloud_key_managerIBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote cyber threat actor to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 248133.2023-08-285.3CVE-2023-26272
MISC
MISC
ibm -- security_guardiumIBM Security Guardium 11.3, 11.4, and 11.5 could allow an unauthorized user to enumerate usernames by sending a specially crafted HTTP request. IBM X-Force ID: 252293.2023-08-275.3CVE-2023-30437
MISC
MISC
e-excellence -- u-office_forcee-Excellence U-Office Force generates an error message in website service. An unauthenticated remote cyber threat actorcan obtain partial sensitive system information from error message by sending a crafted command.2023-08-255.3CVE-2023-32755
MISC
ibm -- security_verify_information_queueIBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote cyber threat actor to obtain sensitive information that could aid in further attacks against the system. IBM X-force ID: 256014.2023-08-315.3CVE-2023-33834
MISC
MISC
m-files -- classic_webOut-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.2023-08-255.3CVE-2023-3425
MISC
spinnaker -- spinnakerSpinnaker is an open source, multi-cloud continuous delivery platform. Log output when updating GitHub status is improperly set to FULL always. It's recommended to apply the patch and rotate the GitHub token used for github status notifications. Given that this would output github tokens to a log system, the risk is slightly higher than a "low" since token exposure could grant elevated access to repositories outside of control. If using READ restricted tokens, the exposure is such that the token itself could be used to access resources otherwise restricted from reads. This only affects users of GitHub Status Notifications. This issue has been addressed in pull request 1316. Users are advised to upgrade. Users unable to upgrade should disable GH Status Notifications, Filter their logs for Echo log data and use read-only tokens that are limited in scope.2023-08-285.3CVE-2023-39348
MISC
MISC
goauthentik -- authentikgoauthentik is an open-source Identity Provider. In affected versions using a recovery flow with an identification stage a cyber threat actor is able to determine if a username exists. Only setups configured with a recovery flow are impacted by this. Anyone with a user account on a system with the recovery flow described above is susceptible to having their username/email revealed as existing. A cyber threat actor can easily enumerate and check users' existence using the recovery flow, as a clear message is shown when a user doesn't exist. Depending on configuration this can either be done by username, email, or both. This issue has been addressed in versions 2023.5.6 and 2023.6.2. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-295.3CVE-2023-39522
MISC
MISC
web-audimex -- audimexeeAudimexEE 15.0 was discovered to contain a full path disclosure vulnerability.2023-08-295.3CVE-2023-39559
MISC
MISC
silverware_games -- silverware_gamesSilverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the "Enter the code" form if the email is associated with a member of the site. Since version 1.3.6, the "Enter the code" form is always returned, showing the message "If the entered email is associated with an account, a code will be sent now". This change prevents potential violators from determining if our site has a user with the specified email.2023-08-255.3CVE-2023-40179
MISC
python -- pythonAn issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)2023-08-255.3CVE-2023-40217
CONFIRM
MISC
datasette -- datasetteDatasette is an open-source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha - 1.0a0, 1.0a1, 1.0a2 or 1.0a3 - in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables - but not their contents - to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.2023-08-255.3CVE-2023-40570
MISC
MISC
pyramid -- pyramidPyramid is an open-source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.2023-08-255.3CVE-2023-40587
MISC
MISC
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit2023-08-305.3CVE-2023-4522
MISC
MISC
wordpress -- wordpressThe Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated cyber threat actors with administrator-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2023-08-314.9CVE-2023-2188
MISC
MISC
MISC
tenable -- nessusA pass-back vulnerability exists where an authenticated, remote cyber threat actor with administrator privileges could uncover stored SMTP credentials within the Nessus application. This issue affects Nessus: before 10.6.0.2023-08-294.9CVE-2023-3251
MISC
wordpress -- wordpressThe ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. This is due to the passphrase and iv being hardcoded in the 'pm_encrypt_decrypt_pass' function and used across all sites running the plugin. This makes it possible for authenticated cyber threat actors, with administrator-level permissions or above to decrypt and view users' passwords. If combined with another vulnerability, this can potentially grant lower-privileged users access to users' passwords.2023-08-314.9CVE-2023-3404
MISC
MISC
MISC
mitel -- mivoice_connectA vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated cyber threat actor with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an cyber threat actor to view system information.2023-08-254.9CVE-2023-39290
MISC
MISC
mitel -- mivoice_connectA vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated cyber threat actor with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow a cyber threat actor to view system information.2023-08-254.9CVE-2023-39291
MISC
MISC
chamilo_lms -- chamilo_lmsSQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged cyber threat actor to obtain sensitive information via the import sessions functions.2023-09-014.9CVE-2023-39582
MISC
stormshield -- stormshield_network_securityAn issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim's browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.2023-08-254.8CVE-2020-11711
MISC
MISC
MISC
wordpress -- wordpressThe Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-08-304.8CVE-2023-1982
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.2023-08-254.8CVE-2023-24394
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.2023-08-304.8CVE-2023-24397
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davidsword Mobile Call Now & Map Buttons plugin <= 1.5.0 versions.2023-08-304.8CVE-2023-24401
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin <= 1.7.6 versions.2023-09-014.8CVE-2023-24412
MISC
bluditcms -- bluditcmsCross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows cyber threat actors to execute arbitrary code via the Categories Friendly URL.2023-09-014.8CVE-2023-24675
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin <= 2.3.0 versions.2023-09-014.8CVE-2023-25042
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.2023-09-014.8CVE-2023-25044
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP htaccess Control plugin <= 3.5.1 versions.2023-08-304.8CVE-2023-25462
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Notifyvisitors NotifyVisitors plugin <= 1.0 versions.2023-08-304.8CVE-2023-27426
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MrDemonWolf Livestream Notice plugin <= 1.2.0 versions.2023-08-304.8CVE-2023-27621
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XootiX Side Cart Woocommerce (Ajax) plugin <= 2.2 versions.2023-08-304.8CVE-2023-28415
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.3 versions.2023-08-304.8CVE-2023-28692
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Radical Web Design GDPR Cookie Consent Notice Box plugin <= 1.1.6 versions.2023-08-304.8CVE-2023-32294
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.2023-08-254.8CVE-2023-32577
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.2023-08-254.8CVE-2023-32584
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.2023-08-254.8CVE-2023-32591
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in HasTheme WishSuite – Wishlist for WooCommerce plugin <= 1.3.4 versions.2023-08-304.8CVE-2023-32962
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gsmith Cookie Monster plugin <= 1.51 versions.2023-08-304.8CVE-2023-33208
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nuajik plugin <= 0.1.0 versions.2023-08-304.8CVE-2023-33210
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joaquín Ruiz Easy Admin Menu plugin <= 1.3 versions.2023-08-304.8CVE-2023-33929
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Miled WordPress Social Login plugin <= 3.0.4 versions.2023-08-304.8CVE-2023-34172
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Semikashev Yandex Metrica Counter plugin <= 1.4.3 versions.2023-08-304.8CVE-2023-34173
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Valiano Unite Gallery Lite plugin <= 1.7.61 versions.2023-08-304.8CVE-2023-34183
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Tien Call Now Icon Animate plugin <= 0.1.0 versions.2023-08-304.8CVE-2023-34187
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Didier Sampaolo SpamReferrerBlock plugin <= 2.22 versions.2023-08-304.8CVE-2023-34372
MISC
wordpress -- wordpressThe FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-08-304.8CVE-2023-3501
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abhay Yadav Breadcrumb simple plugin <= 1.3 versions.2023-08-304.8CVE-2023-35092
MISC
zenario_cms -- zenario_cmsA stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu navigation text field.2023-08-284.8CVE-2023-39578
MISC
MISC
wordpress -- wordpressThe Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability.2023-08-304.8CVE-2023-4109
MISC
webiny -- webiny@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads.2023-08-254.8CVE-2023-41167
MISC
MISC
wordpress -- wordpressThe WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-08-314.8CVE-2023-4160
MISC
MISC
MISC
wordpress -- wordpressThe Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated cyber threat actors (admin or higher) to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-08-314.8CVE-2023-4500
MISC
MISC
omeka -- omeka_sCross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4.2023-08-284.8CVE-2023-4561
MISC
MISC
instantsoft -- instantsoft/icms2Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-314.8CVE-2023-4653
MISC
MISC
skylark -- skylarkImproper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows a cyber threat actor to lead a user to access an arbitrary website via another application installed on the user's device.2023-08-254.7CVE-2023-40530
MISC
MISC
MISC
instantsoft -- instantsoft/icms2Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-314.7CVE-2023-4650
MISC
MISC
brocade -- fabric_operating_systemA segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. This could allow an authenticated privileged user local user to crash a Brocade Fabric OS switch using the cli “passwdcfg --set -expire -minDiff“.2023-08-314.4CVE-2023-4162
MISC
broadcom -- fabric_operating_systemIn Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers command.2023-08-314.4CVE-2023-4163
MISC
wordpress -- wordpressThe Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. This allows authenticated cyber threat actors, with subscriber-level capabilities or above to obtain sensitive information about arbitrary form submissions, including the submitter's first name.2023-08-314.3CVE-2023-0689
MISC
MISC
MISC
wordpress -- wordpressThe BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, and badgeos_update_ranks_req_steps_ajax_handler functions. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to overwrite arbitrary post titles.2023-08-314.3CVE-2023-2172
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeos_delete_step_ajax_handler, badgeos_delete_award_step_ajax_handler, badgeos_delete_deduct_step_ajax_handler, and badgeos_delete_rank_req_step_ajax_handler functions. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to delete arbitrary posts.2023-08-314.3CVE-2023-2173
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to delete the plugin's log entries.2023-08-314.3CVE-2023-2174
MISC
MISC
wordpress -- wordpressThe CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. This is due to missing or incorrect nonce validation on the chp_abd_action function. This makes it possible for unauthenticated cyber threat actors to update or reset plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-08-314.3CVE-2023-2352
MISC
MISC
MISC
MISC
wordpress -- wordpressThe CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and including, 3.9.4. This makes it possible for subscriber-level cyber threat actors to change or reset plugin settings. CVE-2023-36509 appears to be a duplicate of this issue.2023-08-314.3CVE-2023-2353
MISC
MISC
MISC
MISC
tenable -- nessusAn improper authorization vulnerability exists where an authenticated, low privileged remote cyber threat actor could view a list of all the users available in the application.2023-08-294.3CVE-2023-3253
MISC
wordpress -- wordpressThe Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow cyber threat actors to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitization and escaping2023-08-304.3CVE-2023-3356
MISC
wordpress -- wordpressThe WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated cyber threat actors to make changes to invoices via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-08-314.3CVE-2023-3764
MISC
MISC
MISC
wordpress -- wordpressThe Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated cyber threat actors, with subscriber-level permissions and above, to create and delete countdowns as well as manipulate other plugin settings.2023-08-314.3CVE-2023-3999
MISC
MISC
wordpress -- wordpressThe Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated cyber threat actors to create and delete countdowns, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-08-314.3CVE-2023-4000
MISC
MISC
wordpress -- wordpressThe All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger.2023-08-304.3CVE-2023-4023
MISC
wordpress -- wordpressThe Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary post title and their content such as draft, private and password protected ones2023-08-304.3CVE-2023-4036
MISC
cerebrate-project -- cerebrateIn Cerebrate 1.14, a vulnerability in UserSettingsController allows authenticated users to change user settings of other users.2023-08-294.3CVE-2023-41363
MISC
wordpress -- wordpressThe User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow cyber threat actors to make logged in admins update and deactivate the plugin's license via CSRF attacks2023-08-304.3CVE-2023-4150
MISC
wordpress -- wordpressThe WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated cyber threat actors to create invoice fields provided they can trick an admin into performing an action such as clicking on a link.2023-08-314.3CVE-2023-4161
MISC
MISC
MISC
wordpress -- wordpressThe POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow cyber threat actors to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.2023-08-304.3CVE-2023-4209
MISC
wordpress -- wordpressThe WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including, 1.2.89. This makes it possible for subscribers to view arbitrary invoices provided they can guess the order id and invoice id.2023-08-314.3CVE-2023-4245
MISC
MISC
MISC
beijing_baichuo -- smart_s85f_management_platformA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-264.3CVE-2023-4544
MISC
MISC
MISC
wordpress -- wordpressThe AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwp_activate_addons_page_plugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated cyber threat actors, with subscriber-level access and above, to activate arbitrary plugins.2023-08-304.3CVE-2023-4600
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
gitlab -- gitlabAn information disclosure issue in GitLab EE affecting all versions from 16.2 prior to 16.2.5, and 16.3 prior to 16.3.1 allowed other Group Owners to see the Public Key for a Google Cloud Logging audit event streaming destination, if configured. Owners can now only write the key, not read it.2023-09-013.8CVE-2023-3950
MISC
MISC
cloudflare -- warpDue to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that a cyber threat actor built a malicious application and managed to install it on a victim's device, the cyber threat actor would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the cyber threat actor's app.2023-08-293.7CVE-2023-0654
MISC
MISC
instantsoft -- instantsoft/icms2Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1.2023-08-313.5CVE-2023-4654
MISC
MISC
ibm -- security_verify_information_queueIBM Security Verify Information Queue 10.0.4 and 10.0.5 stores sensitive information in plain clear text which can be read by a local user. IBM X-Force ID: 256013.2023-08-313.3CVE-2023-33833
MISC
MISC
graylog2 -- graylog2_serverGraylog is a free and open log management platform. In a multi-node Graylog cluster, after a user has explicitly logged out, a user session may still be used for API requests until it has reached its original expiry time. Each node maintains an in-memory cache of user sessions. Upon a cache-miss, the session is loaded from the database. After that, the node operates solely on the cached session. Modifications to sessions will update the cached version as well as the session persisted in the database. However, each node maintains their isolated version of the session. When the user logs out, the session is removed from the node-local cache and deleted from the database. The other nodes will however still use the cached session. These nodes will only fail to accept the session id if they intent to update the session in the database. They will then notice that the session is gone. This is true for most API requests originating from user interaction with the Graylog UI because these will lead to an update of the session's "last access" timestamp. If the session update is however prevented by setting the `X-Graylog-No-Session-Extension:true` header in the request, the node will consider the (cached) session valid until the session is expired according to its timeout setting. No session identifiers are leaked. After a user has logged out, the UI shows the login screen again, which gives the user the impression that their session is not valid anymore. However, if the session becomes compromised later, it can still be used to perform API requests against the Graylog cluster. The time frame for this is limited to the configured session lifetime, starting from the time when the user logged out. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade.2023-08-303.1CVE-2023-41041
MISC
MISC
bookstackapp -- bookstackServer-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08.2023-08-302.4CVE-2023-4624
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
mybb -- mybb
 
Installer RCE on settings file write in MyBB before 1.8.22.2023-09-01not yet calculatedCVE-2020-22612
MISC
mongodb_inc -- mongodb_c_driver
 
Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0).2023-08-29not yet calculatedCVE-2021-32050
MISC
MISC
MISC
MISC
MISC
fortinet -- multiple_products
 
An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x may allow a network adjacent and unauthenticated cyber threat actorto man-in-the-middle the communication between the listed products and some external peers.2023-09-01not yet calculatedCVE-2022-22305
MISC
motorola_mobility -- motorola_smartphones
 
I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a call on the device, then the device's modem may reset and cause the phone call to not succeed. This may block the user from dialing emergency services. This patch resolves the device's modem reset issue.2023-09-01not yet calculatedCVE-2022-3407
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.2023-09-01not yet calculatedCVE-2022-4343
MISC
MISC
navblue_s.a.s. -- n-ops_&_crew
 
NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).2023-09-01not yet calculatedCVE-2022-44349
MISC
MISC
acronis -- cyber_protect_home_office_for_windows
 
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.2023-08-31not yet calculatedCVE-2022-45451
MISC
MISC
elsys -- ers_1.5_sound
 
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser.2023-09-01not yet calculatedCVE-2022-46527
MISC
MISC
acronis -- cyber_protect_home_office_for_windows
 
Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.2023-08-31not yet calculatedCVE-2022-46868
MISC
acronis -- cyber_protect_home_office_for_windows
 
Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278.2023-08-31not yet calculatedCVE-2022-46869
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation, it was possible to edit labels description by an unauthorized user.2023-09-01not yet calculatedCVE-2023-0120
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project.2023-09-01not yet calculatedCVE-2023-1279
MISC
MISC
canonical_ltd. -- snapd_for_linux
 
Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console.2023-09-01not yet calculatedCVE-2023-1523
MISC
MISC
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace-level banned user can access the API.2023-09-01not yet calculatedCVE-2023-1555
MISC
MISC
cisco -- cisco_emergency_responder
 
A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote cyber threat actor to elevate privileges to root on an affected device. This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. A cyber threat actor could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the cyber threat actor to elevate privileges to root. To exploit this vulnerability, the cyber threat actor must have valid platform administrator credentials on an affected device.2023-08-30not yet calculatedCVE-2023-20266
MISC
vmware -- vmware_tools
 
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.2023-08-31not yet calculatedCVE-2023-20900
MISC
MISC
github -- enterprise_server
 
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.10.0 and was fixed in versions 3.9.4, 3.8.9, 3.7.16 and 3.6.18. This vulnerability was reported via the GitHub Bug Bounty program.2023-09-01not yet calculatedCVE-2023-23763
MISC
MISC
MISC
MISC
bludit_cms -- bludit_cms
 
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local cyber threat actors to escalate privileges via the role:admin parameter.2023-09-01not yet calculatedCVE-2023-24674
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yotuwp Video Gallery plugin <= 1.3.12 versions.2023-09-01not yet calculatedCVE-2023-25477
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Duc Bui Quang WP Default Feature Image plugin <= 1.0.1.1 versions.2023-09-01not yet calculatedCVE-2023-25488
MISC
eclipse_mosquito -- eclipse_mosquito
 
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.2023-09-01not yet calculatedCVE-2023-28366
CONFIRM
MISC
MISC
CONFIRM
zscaler -- zia_admin_portal
 
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation. This issue affects Admin UI: from 6.2 before 6.2r.2023-08-31not yet calculatedCVE-2023-28801
MISC
schweitzer_engineering_laboratories -- sel-5036_acselerator_bay_screen_builder_software
 
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Schweitzer Engineering Laboratories SEL-5036 acSELerator Bay Screen Builder Software on Windows allows Relative Path Traversal. SEL acSELerator Bay Screen Builder software is distributed by SEL-5033 SEL acSELerator RTAC, SEL-5030 Quickset, and SEL Compass. CVE-2023-31167 and was patched in the acSELerator Bay Screen Builder release available on 20230602. Please contact SEL for additional details. This issue affects SEL-5036 acSELerator Bay Screen Builder Software: before 1.0.49152.778.2023-08-31not yet calculatedCVE-2023-31167
MISC
MISC
canonical_ltd -- accountservice
 
In Ubuntu's accountsservice, an unprivileged local cyber threat actor can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process.2023-09-01not yet calculatedCVE-2023-3297
MISC
MISC
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ShopConstruct plugin <= 1.1.2 versions.2023-09-01not yet calculatedCVE-2023-34011
MISC
smanga-- smanga
 
SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote cyber threat actors to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php.2023-09-01not yet calculatedCVE-2023-36076
MISC
nebulagraph -- nebulagraph_studio
 
Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote cyber threat actors to gain sensitive information.2023-09-01not yet calculatedCVE-2023-36088
MISC
MISC
MISC
icecms -- icecms
 
An issue was discovered in IceCMS version 2.0.1, allows cyber threat actors to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.2023-09-01not yet calculatedCVE-2023-36100
MISC
netgear -- r6400v2
 
Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated cyber threat actors to execute arbitrary code via crafted URL to httpd.2023-09-01not yet calculatedCVE-2023-36187
MISC
borgbackup -- borgbackup
 
borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed a cyber threat actor to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires a cyber threat actor to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the cyber threat actor, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally, to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.2023-08-30not yet calculatedCVE-2023-36811
MISC
MISC
MISC
 wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the fieldname parameter.2023-09-01not yet calculatedCVE-2023-37826
MISC
MISC
 wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter.2023-09-01not yet calculatedCVE-2023-37827
MISC
MISC
 wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the Tasktyp parameter.2023-09-01not yet calculatedCVE-2023-37828
MISC
MISC
 wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the notification.message parameter.2023-09-01not yet calculatedCVE-2023-37829
MISC
MISC
 wordpress -- wordpress
 
A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows cyber threat actors to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.2023-09-01not yet calculatedCVE-2023-37830
MISC
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Chop-Chop Coming Soon Chop Chop plugin <= 2.2.4 versions.2023-09-01not yet calculatedCVE-2023-37893
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange YourMembership Single Sign On – YM SSO Login plugin <= 1.1.3 versions.2023-09-01not yet calculatedCVE-2023-37986
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Artem Abramovich Art Decoration Shortcode plugin <= 1.5.6 versions.2023-09-01not yet calculatedCVE-2023-37994
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dharmesh Patel Post List With Featured Image plugin <= 1.2 versions.2023-09-01not yet calculatedCVE-2023-37997
MISC
openbgpd-- openbgpd
 
In OpenBGPD before 8.1, incorrect handling of BGP update data (length of path attributes) set by a potentially distant remote actor may cause the system to incorrectly reset a session. This is fixed in OpenBSD 7.3 errata 006.2023-08-29not yet calculatedCVE-2023-38283
MISC
MISC
CONFIRM
MISC
MISC
zip_swift -- zip_swift
 
An issue in Zip Swift v2.1.2 allows cyber threat actors to execute a path traversal attack via a crafted zip entry.2023-08-30not yet calculatedCVE-2023-39135
MISC
MISC
MISC
MISC
ziparchive -- ziparchive
 
An unhandled edge case in the component _sanitizedPath of ZipArchive v2.5.4 allows cyber threat actors to cause a Denial of Service (DoS) via a crafted zip file.2023-08-30not yet calculatedCVE-2023-39136
MISC
MISC
MISC
MISC
hewlett_packard_enterprise -- arubaos-switch
 
A vulnerability in the ArubaOS-Switch web management interface could allow an unauthenticated remote cyber threat actor to conduct a stored cross-site scripting (XSS) attack against a user of the interface provided certain configuration options are present. A successful exploit could allow an cyber threat actorto execute arbitrary script code in a victim's browser in the context of the affected interface.2023-08-29not yet calculatedCVE-2023-39266
MISC
hewlett_packard_enterprise -- arubaos-switch
 
An authenticated remote code execution vulnerability exists in the command line interface in ArubaOS-Switch. Successful exploitation results in a Denial-of-Service (DoS) condition in the switch.2023-08-29not yet calculatedCVE-2023-39267
MISC
hewlett_packard_enterprise -- arubaos-switch
 
A memory corruption vulnerability in ArubaOS-Switch could lead to unauthenticated remote code execution by receiving specially crafted packets. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.2023-08-29not yet calculatedCVE-2023-39268
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g., abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39350
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39351
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39352
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result, crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39353
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should a cyber threat actor be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39354
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39355
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-39356
MISC
MISC
MISC
MISC
hjson-java -- hjson-java
 
An issue in hjson-java up to v3.0.0 allows cyber threat actors to cause a Denial of Service (DoS) via supplying a crafted JSON string.2023-09-01not yet calculatedCVE-2023-39685
MISC
typora -- typora
 
A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows cyber threat actors to execute arbitrary code via uploading a crafted Markdown file.2023-09-01not yet calculatedCVE-2023-39703
MISC
sourcecodester -- free_and_open_source_inventory_management_system
 
Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows cyber threat actors to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and Company parameters under the Add Customer section.2023-09-01not yet calculatedCVE-2023-39710
MISC
MISC
MISC
zoho_corp -- manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus through 7202 allows admin users to download any file from the server machine via directory traversal.2023-08-31not yet calculatedCVE-2023-39912
MISC
MISC
moxa -- mxsecurity_series
 
There is a vulnerability in MXsecurity versions prior to 1.0.1 that can be exploited to bypass authentication. A remote cyber threat actor might access the system if the web service authenticator has insufficient random values.  2023-09-02not yet calculatedCVE-2023-39979
MISC
moxa -- mxsecurity_series
 
A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote cyber threat actors to alter SQL commands.2023-09-02not yet calculatedCVE-2023-39980
MISC
moxa -- mxsecurity_series
 
A vulnerability that allows for unauthorized access has been discovered in MXsecurity versions prior to v1.0.1. This vulnerability arises from inadequate authentication measures, potentially leading to the disclosure of device information by a remote cyber threat actor.2023-09-02not yet calculatedCVE-2023-39981
MISC
moxa -- mxsecurity_series
 
A vulnerability has been identified in MXsecurity versions prior to v1.0.1. The vulnerability may put the confidentiality and integrity of SSH communications at risk on the affected device. This vulnerability is attributed to a hard-coded SSH host key, which might facilitate man-in-the-middle attacks and enable the decryption of SSH traffic.2023-09-02not yet calculatedCVE-2023-39982
MISC
moxa -- mxsecurity_series
 
A vulnerability that poses a potential risk of polluting the MXsecurity sqlite database and the nsm-web UI has been identified in MXsecurity versions prior to v1.0.1. This vulnerability might allow an unauthenticated remote cyber threat actorto register or add devices via the nsm-web application.2023-09-02not yet calculatedCVE-2023-39983
MISC
gitlab -- gitlab 
 
An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation, it was possible to create model experiments in public projects.2023-09-01not yet calculatedCVE-2023-4018
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40181
MISC
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40186
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of the 3.x beta branch are subject to a Use-After-Free issue in the `avc420_ensure_buffer` and `avc444_ensure_buffer` functions. If the value of `piDstSize[x]` is 0, `ppYUVDstData[x]` will be freed. However, in this case `ppYUVDstData[x]` will not have been updated which leads to a Use-After-Free vulnerability. This issue has been addressed in version 3.0.0-beta3. Users of the 3.x beta releases are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-40187
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40188
MISC
MISC
lexmark -- multiple_products
 
Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies across product model family, but firmware level P246 (or higher) is required to remediate the vulnerability.2023-09-01not yet calculatedCVE-2023-40239
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-40567
MISC
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-40569
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `writePixelBGRX` function. This issue is likely down to incorrect calculations of the `nHeight` and `srcStep` variables. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40574
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_YUV444ToRGB_8u_P3AC4R_BGRX` function. This issue is likely down to insufficient data for the `pSrc` variable and results in crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40575
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `RleDecompress` function. This Out-Of-Bounds Read occurs because FreeRDP processes the `pbSrcBuffer` variable without checking if it contains data of sufficient length. Insufficient data in the `pbSrcBuffer` variable may cause errors or crashes. This issue has been addressed in version 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40576
MISC
MISC
freerdp -- freerdp
 
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-40589
MISC
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin function 'sub_ADF3C' contains a command execution vulnerability. In the "formSetIptv" function, obtaining the "list" and "vlanId" fields, unfiltered passing these two fields as parameters to the "sub_ADF3C" function to execute commands.2023-08-30not yet calculatedCVE-2023-40839
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "fromGetWirelessRepeat."2023-08-30not yet calculatedCVE-2023-40840
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "add_white_node,"2023-08-30not yet calculatedCVE-2023-40841
MISC
tenda -- ac6
 
Tengda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "R7WebsSecurityHandler."2023-08-30not yet calculatedCVE-2023-40842
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function "sub_73004."2023-08-30not yet calculatedCVE-2023-40843
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'formWifiBasicSet.'2023-08-30not yet calculatedCVE-2023-40844
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function 'sub_34FD0.' In the function, it reads user provided parameters and passes variables to the function without any length checks.2023-08-30not yet calculatedCVE-2023-40845
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check.2023-08-30not yet calculatedCVE-2023-40847
MISC
tenda -- ac6
 
Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via the function "sub_7D858."2023-08-30not yet calculatedCVE-2023-40848
MISC
senyan_library_management_systems -- slims_9_bulian
 
Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.2023-09-01not yet calculatedCVE-2023-40969
MISC
MISC
senyan_library_management_systems -- slims_9_bulian
 
Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php.2023-09-01not yet calculatedCVE-2023-40970
MISC
MISC
dwsurvey -- dwsurvey-oss
 
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote cyber threat actor to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file.2023-09-01not yet calculatedCVE-2023-40980
MISC
eclipse_foundation -- eclipse_leshan
 
Eclipse Leshan is a device management server and client Java implementation. In affected versions DDFFileParser` and `DefaultDDFFileValidator` (and so `ObjectLoader`) are vulnerable to `XXE Attacks`. A DDF file is a LWM2M format used to store LWM2M object description. Leshan users are impacted only if they parse untrusted DDF files (e.g., if they let external users provide their own model), in that case they MUST upgrade to fixed version. If you parse only trusted DDF file and validate only with trusted xml schema, upgrading is not mandatory. This issue has been fixed in versions 1.5.0 and 2.0.0-M13. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-31not yet calculatedCVE-2023-41034
MISC
MISC
MISC
MISC
MISC
openpgp.js -- openpgp.js
 
OpenPGP.js is a JavaScript implementation of the OpenPGP protocol. In affected versions OpenPGP Cleartext Signed Messages are cryptographically signed messages where the signed text is readable without special tools. These messages typically contain a "Hash: ..." header declaring the hash algorithm used to compute the signature digest. OpenPGP.js up to v5.9.0 ignored any data preceding the "Hash: ..." texts when verifying the signature. As a result, malicious parties could add arbitrary text to a third-party Cleartext Signed Message, to lead the victim to believe that the arbitrary text was signed. A user or application is vulnerable to said attack vector if it verifies the CleartextMessage by only checking the returned `verified` property, discarding the associated `data` information, and instead _visually trusting_ the contents of the original message. Since `verificationResult.data` would always contain the actual signed data, users and apps that check this information are not vulnerable. Similarly, given a CleartextMessage object, retrieving the data using `getText()` or the `text` field returns only the contents that are considered when verifying the signature. Finally, re-armoring a CleartextMessage object (using `armor()` will also result in a "sanitised" version, with the extraneous text being removed. This issue has been addressed in version 5.10.1 (current stable version) which will reject messages when calling `openpgp.readCleartextMessage()` and in version 4.10.11 (legacy version) which will will reject messages when calling `openpgp.cleartext.readArmored()`. Users are advised to upgrade. Users unable to upgrade should check the contents of `verificationResult.data` to see what data was actually signed, rather than visually trusting the contents of the armored message.2023-08-29not yet calculatedCVE-2023-41037
MISC
MISC
graylog2 -- graylog2_server
 
Graylog is a free and open log management platform. A partial path traversal vulnerability exists in Graylog's `Support Bundle` feature. The vulnerability is caused by incorrect user input validation in an HTTP API resource. Graylog's Support Bundle feature allows a cyber threat actor with valid Admin role credentials to download or delete files in sibling directories of the support bundle directory. The default `data_dir` in operating system packages (DEB, RPM) is set to `/var/lib/graylog-server`. The data directory for the Support Bundle feature is always `<data_dir>/support-bundle`. Due to the partial path traversal vulnerability, a cyber threat actor with valid Admin role credentials can read or delete files in directories that start with a `/var/lib/graylog-server/support-bundle` directory name. The vulnerability would allow the download or deletion of files in the following example directories: `/var/lib/graylog-server/support-bundle-test` and `/var/lib/graylog-server/support-bundlesdirectory`. For the Graylog Docker images, the `data_dir` is set to `/usr/share/graylog/data` by default. This vulnerability is fixed in Graylog version 5.1.3 and later. Users are advised to upgrade. Users unable to upgrade should block all HTTP requests to the following HTTP API endpoints by using a reverse proxy server in front of Graylog. `GET /api/system/debug/support/bundle/download/{filename}` and `DELETE /api/system/debug/support/bundle/{filename}`.2023-08-31not yet calculatedCVE-2023-41044
MISC
MISC
MISC
graylog2 -- graylog2_server
 
Graylog is a free and open log management platform. Graylog makes use of only one single source port for DNS queries. Graylog binds a single socket for outgoing DNS queries and while that socket is bound to a random port number it is never changed again. This goes against recommended practice since 2008, when Dan Kaminsky discovered how easy is to carry out DNS cache poisoning attacks. In order to prevent cache poisoning with spoofed DNS responses, it is necessary to maximise the uncertainty in the choice of a source port for a DNS query. Although unlikely in many setups, an external cyber threat actor could inject forged DNS responses into a Graylog's lookup table cache. In order to prevent this, it is at least recommendable to distribute the DNS queries through a pool of distinct sockets, each of them with a random source port and renew them periodically. This issue has been addressed in versions 5.0.9 and 5.1.3. Users are advised to upgrade. There are no known workarounds for this issue.2023-08-31not yet calculatedCVE-2023-41045
MISC
MISC
MISC
xwiki -- xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.2023-09-01not yet calculatedCVE-2023-41046
MISC
MISC
MISC
MISC
rust-vmm -- vm-memory
 
In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.2023-09-01not yet calculatedCVE-2023-41051
MISC
MISC
MISC
qlik -- qlik_sense_enterprise_for_windows
 
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote cyber threat actor to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.2023-08-29not yet calculatedCVE-2023-41265
MISC
MISC
qlik -- qlik_sense_enterprise_for_windows
 
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote cyber threat actor to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.2023-08-29not yet calculatedCVE-2023-41266
MISC
MISC
tine -- tine
 
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.2023-09-01not yet calculatedCVE-2023-41364
MISC
MISC
MISC
jira -- o-ran_software_community
 
O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing cyber threat actors to send forged routing tables to the device.2023-09-01not yet calculatedCVE-2023-41627
MISC
jira -- o-ran_software_community
 
An issue in O-RAN Software Community E2 G-Release allows cyber threat actors to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components.2023-09-01not yet calculatedCVE-2023-41628
MISC
jira -- o-ran_software_community
 
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local cyber threat actors to bypass file download/upload restrictions.2023-08-31not yet calculatedCVE-2023-41717
MISC
synology -- synology_router_manager
 
Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Directory Domain Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors.2023-08-31not yet calculatedCVE-2023-41738
MISC
synology -- synology_router_manager
 
Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors.2023-08-31not yet calculatedCVE-2023-41739
MISC
synology -- synology_router_manager
 
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote cyber threat actors to read specific files via unspecified vectors.2023-08-31not yet calculatedCVE-2023-41740
MISC
synology -- synology_router_manager
 
Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote cyber threat actors to obtain sensitive information via unspecified vectors.2023-08-31not yet calculatedCVE-2023-41741
MISC
acronis -- cyber_protect_15
 
Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.2023-08-31not yet calculatedCVE-2023-41742
MISC
acronis -- cyber_protect_15
 
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30991, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.2023-08-31not yet calculatedCVE-2023-41745
MISC
acronis -- cloud_manager_for_windows
 
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.2023-08-31not yet calculatedCVE-2023-41746
MISC
acronis -- acronis_cloud_manager_for_windows
 
Sensitive information disclosure due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.2023-08-31not yet calculatedCVE-2023-41747
MISC
acronis -- acronis_cloud_manager_for_windows
 
Remote command execution due to improper input validation. The following products are affected: Acronis Cloud Manager (Windows) before build 6.2.23089.203.2023-08-31not yet calculatedCVE-2023-41748
MISC
acronis -- acronis_agent_for_windows
 
Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 32047, Acronis Cyber Protect 15 (Windows) before build 35979.2023-08-31not yet calculatedCVE-2023-41749
MISC
acronis -- acronis_agent
 
Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 32047.2023-08-31not yet calculatedCVE-2023-41750
MISC
acronis -- acronis_agent_for_windows
 
Sensitive information disclosure due to improper token expiration validation. The following products are affected: Acronis Agent (Windows) before build 32047.2023-08-31not yet calculatedCVE-2023-41751
MISC
ptc -- codebeamer
 
If a cyber threat actor tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the cyber threat actor to inject arbitrary code to be executed in the browser on the target device.2023-08-29not yet calculatedCVE-2023-4296
MISC
MISC
digi_international -- digi_realport
 
Digi RealPort Protocol is vulnerable to a replay attack that may allow a cyber threat actor to bypass authentication to access connected equipment.2023-08-31not yet calculatedCVE-2023-4299
MISC
MISC
knx_association -- knx_protocol_connection_authorization
 
KNX devices that use KNX Connection Authorization and support Option 1 are, depending on the implementation, vulnerable to being locked and users being unable to reset them to gain access to the device. The BCU key feature on the devices can be used to create a password for the device, but this password can often not be reset without entering the current password. If the device is configured to interface with a network, a cyber threat actor with access to that network could interface with the KNX installation, purge all devices without additional security options enabled, and set a BCU key, locking the device. Even if a device is not connected to a network, a cyber threat actor with physical access to the device could also exploit this vulnerability in the same way.2023-08-29not yet calculatedCVE-2023-4346
MISC
gitlab -- gitlab_ce/ee
 
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A malicious Maintainer can, under specific circumstances, leak the sentry token by changing the configured URL in the Sentry error tracking settings page. This was as a result of an incomplete fix for CVE-2022-4365.2023-09-01not yet calculatedCVE-2023-4378
MISC
MISC
gitlab -- gitlab
 
An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.2023-09-01not yet calculatedCVE-2023-4647
MISC
acronis -- acronis_agent
 
Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35433.2023-08-31not yet calculatedCVE-2023-4688
MISC
pkp -- pkp/pkp-lib
 
Use of Predictable Algorithm in Random Number Generator in GitHub repository pkp/pkp-lib prior to 3.3.0-16.2023-09-01not yet calculatedCVE-2023-4695
MISC
MISC
instantsoft -- instantsoft/icms2
 
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-09-01not yet calculatedCVE-2023-4704
MISC
MISC
totvs -- rm
 
A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-238572. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4709
MISC
MISC
totvs -- rm
 
A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4710
MISC
MISC
d-link -- dar-8000-10
 
A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230819. Affected by this issue is some unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-238574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4711
MISC
MISC
MISC
xintian_smart_table_integrated_management_system -- xintian_smart_table_integrated_management_system
 
A vulnerability, which was classified as critical, was found in Xintian Smart Table Integrated Management System 5.6.9. This affects an unknown part of the file /SysManage/AddUpdateRole.aspx. The manipulation of the argument txtRoleName leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4712
MISC
MISC
MISC
ibos_oa -- ibos_oa
 
A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function addComment of the file ?r=weibo/comment/addcomment. The manipulation of the argument touid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4713
MISC
MISC
MISC
playtube -- playtube
 
A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. The identifier VDB-238577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-09-01not yet calculatedCVE-2023-4714
MISC
MISC
MISC
vim -- vim
 
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.2023-09-02not yet calculatedCVE-2023-4734
MISC
MISC
vim -- vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.2023-09-02not yet calculatedCVE-2023-4735
MISC
MISC
vim -- vim
 
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.2023-09-02not yet calculatedCVE-2023-4736
MISC
MISC
vim -- vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1848.2023-09-02not yet calculatedCVE-2023-4738
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.