CISA Bulletins - Vulnerability Summary for the Week of April 3, 2023

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
mingsoft -- mcmsSQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter.2023-04-049.8CVE-2020-20913
MISC
publiccms -- publiccmsSQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter.2023-04-049.8CVE-2020-20914
MISC
publiccms -- publiccmsSQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl.2023-04-049.8CVE-2020-20915
MISC
generex -- cs141_firmwareGenerex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.2023-03-319.8CVE-2022-47190
CONFIRM
CONFIRM
CONFIRM
fernus -- learning_management_systemsUnrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03.2023-04-049.8CVE-2023-1728
MISC
phpmyfaq -- phpmyfaqWeak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-319.8CVE-2023-1753
MISC
CONFIRM
akbim -- panonImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2.2023-04-039.8CVE-2023-1765
MISC
sourcecodester -- grade_point_average_\(gpa\)_calculatorA vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671.2023-03-319.8CVE-2023-1770
MISC
MISC
MISC
rockoa -- rockoaA vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.2023-03-319.8CVE-2023-1773
MISC
MISC
MISC
jeecg -- jeecg_bootA vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.2023-03-319.8CVE-2023-1784
MISC
MISC
MISC
sourcecodester -- earnings_and_expense_tracker_appA vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.2023-03-319.8CVE-2023-1785
MISC
MISC
MISC
firefly-iii -- firefly_iiiImproper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.2023-04-019.8CVE-2023-1789
MISC
CONFIRM
sourcecodester -- simple_task_allocation_systemA vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743.2023-04-029.8CVE-2023-1791
MISC
MISC
MISC
sourcecodester -- simple_mobile_comparison_websiteA vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744.2023-04-029.8CVE-2023-1792
MISC
MISC
MISC
sourcecodester -- police_crime_record_management_systemA vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.2023-04-029.8CVE-2023-1793
MISC
MISC
MISC
otcms -- otcmsA vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability.2023-04-029.8CVE-2023-1797
MISC
MISC
MISC
go-fastdfs_project -- go-fastdfsA vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768.2023-04-029.8CVE-2023-1800
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.2023-04-049.8CVE-2023-1826
MISC
MISC
htmlunit_project -- htmlunitVersions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage.2023-04-039.8CVE-2023-26119
MISC
MISC
MISC
dlink -- go-rt-ac750_firmwareD-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.2023-04-019.8CVE-2023-26822
MISC
MISC
gladinet -- centrestackAn authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.2023-03-319.8CVE-2023-26829
MISC
myprestamodules -- frequently_asked_questions_pageSQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.2023-03-319.8CVE-2023-26858
MISC
MISC
ibm -- aspera_cargo/aspera_connectIBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.2023-04-029.8CVE-2023-27284
MISC
MISC
ibm -- aspera_cargo/aspera_connectIBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616.2023-04-029.8CVE-2023-27286
MISC
MISC
jenkins -- role-based_authorization_strategyJenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled.2023-04-029.8CVE-2023-28668
MISC
jenkins -- convert_to_pipelineJenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin.2023-04-029.8CVE-2023-28677
MISC
202-ecommerce -- paypalPrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.2023-03-319.8CVE-2023-28843
MISC
MISC
artifex -- ghostscriptIn Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.2023-03-319.8CVE-2023-28879
MISC
MISC
MISC
MLIST
DEBIAN
generex -- cs141_firmwareGenerex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.2023-03-319.1CVE-2022-47189
CONFIRM
CONFIRM
CONFIRM
openapi-generator -- openapi_generatoropenapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.2023-03-319.1CVE-2023-27162
MISC
MISC
MISC
MISC
deltaww -- dx-2100l1-cn_firmwareThe web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user "root." If the attacker has credentials for the web service, then the device could be fully compromised.2023-03-319CVE-2023-0432
MISC
phpmywind -- phpmywindSQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.2023-04-048.8CVE-2020-21060
MISC
admesh_project -- admeshAn improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.2023-04-038.8CVE-2022-38072
MISC
MISC
hcltech -- hcl_compassHCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request.2023-04-028.8CVE-2022-42447
MISC
generex -- cs141_firmwareGenerex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.2023-03-318.8CVE-2022-47191
CONFIRM
CONFIRM
CONFIRM
generex -- cs141_firmwareGenerex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified "users.json" to the web server of the device, allowing him to replace the administrator password.2023-03-318.8CVE-2022-47192
CONFIRM
CONFIRM
CONFIRM
bestwebsoft -- user_roleThe User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role.2023-04-038.8CVE-2023-0820
MISC
ibos -- ibosA vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635.2023-03-318.8CVE-2023-1747
MISC
MISC
MISC
phpmyfaq -- phpmyfaqImproper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-318.8CVE-2023-1762
MISC
CONFIRM
jenkins -- octoperf_load_testingA cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.2023-04-028.8CVE-2023-28674
MISC
jenkins -- convert_to_pipelineA cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE).2023-04-028.8CVE-2023-28676
MISC
panasonic -- aiseg2_firmwarePanasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.2023-03-318.8CVE-2023-28726
MISC
panasonic -- aiseg2_firmwarePanasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.2023-03-318.8CVE-2023-28727
MISC
jenkins -- visual_studio_code_metricsJenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-04-028.2CVE-2023-28681
MISC
jenkins -- performance_publisherJenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-04-028.2CVE-2023-28682
MISC
jenkins -- phabricator_differentialJenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-04-028.2CVE-2023-28683
MISC
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2023-04-017.8CVE-2023-0189
MISC
gnu -- binutilsHeap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.2023-04-037.8CVE-2023-1579
MISC
linux -- kernelhci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.2023-03-317.8CVE-2023-28464
MISC
MISC
MISC
x-man_project -- x-manX-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.2023-03-317.5CVE-2022-46021
MISC
MISC
generex -- cs141_firmwareThere is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.2023-03-317.5CVE-2022-47188
CONFIRM
CONFIRM
CONFIRM
facebook -- zstandardA vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.2023-03-317.5CVE-2022-4899
MISC
akuvox -- e11_firmwareAkuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages.2023-03-317.5CVE-2023-0343
MISC
akuvox -- e11_firmwareAkuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.2023-03-317.5CVE-2023-0344
MISC
devolutions -- devolutions_gatewayUncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable.2023-04-027.5CVE-2023-1580
MISC
sourcecodester -- grade_point_average_\(gpa\)_calculatorA vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability.2023-03-317.5CVE-2023-1769
MISC
MISC
MISC
sourcecodester -- simple_task_allocation_systemA vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.2023-04-017.5CVE-2023-1790
MISC
MISC
MISC
cesnet -- libyanglibyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c.2023-04-037.5CVE-2023-26916
MISC
dlink -- dir-882_firmwareAn information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.2023-03-317.5CVE-2023-26925
MISC
MISC
tenda -- ac6_firmwareTenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.2023-04-047.5CVE-2023-26976
MISC
ruoyi -- ruoyiAn arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server.2023-04-027.5CVE-2023-27025
MISC
MISC
appwrite -- appwriteAppwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.2023-03-317.5CVE-2023-27159
MISC
MISC
MISC
MISC
MISC
jenkins -- crap4jJenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-04-027.5CVE-2023-28680
MISC
ruby-lang -- uriA ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.2023-03-317.5CVE-2023-28755
MISC
MISC
CONFIRM
MISC
ruby-lang -- timeA ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.2023-03-317.5CVE-2023-28756
MISC
CONFIRM
MISC
MISC
vtex -- apps-graphqlThe VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. ([email protected] is unaffected by this issue.)2023-03-317.5CVE-2023-28877
MISC
sophos -- web_applianceA post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.2023-04-047.2CVE-2022-4934
CONFIRM
wpeasycart -- wp_easycartThe Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks.2023-04-037.2CVE-2023-1124
MISC
gladinet -- centrestackAn unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.2023-03-317.2CVE-2023-26830
MISC
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.2023-04-017.1CVE-2023-0183
MISC
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering.2023-04-017.1CVE-2023-0186
MISC
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.2023-04-017.1CVE-2023-0191
MISC
nvidia -- data_center_gpu_managerNVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.2023-04-017.1CVE-2023-0208
MISC

Back to top



Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
monospace -- directusAn issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.2023-04-046.5CVE-2020-19850
MISC
devolutions -- remote_desktop_managerPermission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision.2023-04-026.5CVE-2023-1202
MISC
inisev -- redirectionThe Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack.2023-04-036.5CVE-2023-1330
MISC
devolutions -- remote_desktop_managerInformation disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text.2023-04-026.5CVE-2023-1574
MISC
devolutions -- devolutions_serverPermission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision.2023-04-026.5CVE-2023-1603
MISC
mattermost -- mattermost_serverWhen running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.2023-03-316.5CVE-2023-1775
MISC
rbaskets -- request_basketsrequest-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.2023-03-316.5CVE-2023-27163
MISC
MISC
MISC
MISC
nextcloud -- richdocumentsNextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the WOPI configuration is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.2023-03-316.5CVE-2023-28645
MISC
MISC
MISC
jenkins -- octoperf_load_testingJenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2023-04-026.5CVE-2023-28672
MISC
jenkins -- remote-jobs-viewJenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.2023-04-026.5CVE-2023-28684
MISC
nextcloud -- nextcloud_serverNextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-03-316.5CVE-2023-28844
MISC
MISC
linux -- kernelA use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea2023-04-036.3CVE-2023-1611
MISC
MISC
FEDORA
FEDORA
editor.md -- editor.mdCross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter.2023-04-046.1CVE-2020-19697
MISC
editor.md -- editor.mdCross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter.2023-04-046.1CVE-2020-19698
MISC
kiftd_project -- kiftdCross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page.2023-04-046.1CVE-2020-19699
MISC
MISC
kitecms -- kitecmsCross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter.2023-04-046.1CVE-2020-20521
MISC
kitecms -- kitecmsCross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter.2023-04-046.1CVE-2020-20522
MISC
progress -- ipswitch_ws_ftp_serverReflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.2023-04-036.1CVE-2022-27665
MISC
MISC
ykmbilisim -- ykm_crmImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.2023-03-316.1CVE-2023-1060
MISC
solidres -- solidresThe Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-04-036.1CVE-2023-1377
MISC
akbim -- panonImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2.2023-04-036.1CVE-2023-1766
MISC
sourcecodester -- grade_point_average_\(gpa\)_calculatorA vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672.2023-03-316.1CVE-2023-1771
MISC
MISC
MISC
sourcecodester -- police_crime_record_management_systemA vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input "><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability.2023-04-026.1CVE-2023-1794
MISC
MISC
MISC
sourcecodester -- gadget_works_online_ordering_systemA vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(666)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747.2023-04-026.1CVE-2023-1795
MISC
MISC
MISC
samba -- sambaThe Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.2023-04-035.9CVE-2023-0922
MISC
CONFIRM
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.2023-04-015.5CVE-2023-0187
MISC
nvidia -- virtual_gpuNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.2023-04-015.5CVE-2023-0188
MISC
sophos -- web_applianceA reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA.2023-04-045.4CVE-2020-36692
CONFIRM
hcltechsw -- hcl_launchHCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections.2023-04-025.4CVE-2022-42452
MISC
wordpress -- wordpressThe Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-04-035.4CVE-2023-0399
MISC
proliz_obs -- proliz_obs
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01.2023-04-075.4CVE-2023-1726
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-315.4CVE-2023-1755
CONFIRM
MISC
phpmyfaq -- phpmyfaqCode Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-315.4CVE-2023-1761
MISC
CONFIRM
mattermost -- mattermost_serverWhen processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel.2023-03-315.4CVE-2023-1774
MISC
mattermost -- mattermost_serverBoards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.2023-03-315.4CVE-2023-1776
MISC
sourcecodester -- employee_payslip_generator_systemA vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748.2023-04-025.4CVE-2023-1796
MISC
MISC
MISC
eyoucms -- eyoucmsA vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability.2023-04-025.4CVE-2023-1798
MISC
MISC
MISC
eyoucms -- eyoucmsA vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751.2023-04-025.4CVE-2023-1799
MISC
MISC
MISC
ibm -- websphere_application_serverIBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416.2023-04-025.4CVE-2023-26283
MISC
MISC
jenkins -- jacocoJenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the 'Record JaCoCo coverage report' post-build action.2023-04-025.4CVE-2023-28669
MISC
jenkins -- pipeline_aggregator_viewJenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.2023-04-025.4CVE-2023-28670
MISC
jenkins -- cppcheckJenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents.2023-04-025.4CVE-2023-28678
MISC
jenkins -- mashup_portletsJenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission.2023-04-025.4CVE-2023-28679
MISC
abb -- flow-x\/m_firmwareExposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.2023-03-315.3CVE-2023-1258
MISC
mattermost -- mattermost_serverMattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.2023-03-315.3CVE-2023-1777
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-314.8CVE-2023-1759
MISC
CONFIRM
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-314.8CVE-2023-1760
MISC
CONFIRM
datagear -- datagearA vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.2023-03-314.8CVE-2023-1772
MISC
MISC
MISC
dupeoff_project -- dupeoffAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions.2023-04-034.8CVE-2023-26529
MISC
phpmyfaq -- phpmyfaqImproper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-03-314.7CVE-2023-1754
MISC
CONFIRM
samba -- sambaA flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.2023-04-034.3CVE-2023-0225
MISC
CONFIRM
jenkins -- octoperf_load_testingA cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2023-04-024.3CVE-2023-28671
MISC
jenkins -- octoperf_load_testingA missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2023-04-024.3CVE-2023-28673
MISC
jenkins -- octoperf_load_testingA missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials.2023-04-024.3CVE-2023-28675
MISC

Back to top



Low Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
nextcloud -- talkNextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.2023-03-313.5CVE-2023-28845
MISC
MISC

Back to top



Severity Not Yet Assigned​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpressA vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability.2023-04-05not yet calculatedCVE-2013-10022
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.2023-04-08not yet calculatedCVE-2013-10023
MISC
MISC
MISC
MISC
wordpress -- wordpressA vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2013-10024
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability.2023-04-08not yet calculatedCVE-2013-10025
MISC
MISC
MISC
phpminiadmin -- phpminiadminA vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability.2023-04-06not yet calculatedCVE-2014-125094
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152.2023-04-08not yet calculatedCVE-2015-10098
MISC
MISC
MISC
MISC
ubuntu -- linux_kernelIt was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack.2023-04-07not yet calculatedCVE-2020-11935
UBUNTU
UBUNTU
mm-wiki -- mm-wikiCross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.2023-04-04not yet calculatedCVE-2020-19277
MISC
mm-wiki -- mm-wikiCross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.2023-04-04not yet calculatedCVE-2020-19278
MISC
MISC
b3log_wide -- b3log_wideDirectory Traversal vulnerability found in B3log Wide allows an attacker to escalate privileges via symbolic links.2023-04-04not yet calculatedCVE-2020-19279
MISC
netgate -- pfsense/pfsense_suricataDirectory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php.2023-04-06not yet calculatedCVE-2020-19678
MISC
MISC
MISC
nginx -- njsBuffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.2023-04-04not yet calculatedCVE-2020-19692
MISC
espruino -- espruinoAn issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.2023-04-04not yet calculatedCVE-2020-19693
MISC
nginx -- njsBuffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function.2023-04-04not yet calculatedCVE-2020-19695
MISC
netgate ---- pfsense/acmeCross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php.2023-04-04not yet calculatedCVE-2020-21487
MISC
MISC
fluent -- fluentdAn issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password.2023-04-04not yet calculatedCVE-2020-21514
MISC
zentao -- zentaoCross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter2023-04-04not yet calculatedCVE-2020-22533
MISC
espruino -- espruinoBuffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c.2023-04-04not yet calculatedCVE-2020-23257
MISC
MISC
jsish -- jsishAn issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.2023-04-04not yet calculatedCVE-2020-23258
MISC
MISC
jsish -- jsishAn issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.2023-04-04not yet calculatedCVE-2020-23259
MISC
MISC
jsish -- jsishAn issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.2023-04-04not yet calculatedCVE-2020-23260
MISC
MISC
zblogphp -- zblogphpCross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model.2023-04-04not yet calculatedCVE-2020-23327
MISC
zend -- frameworkAn issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function.2023-04-04not yet calculatedCVE-2020-29312
MISC
MISC
MISC
tailor_management_system -- tailor_management_systemSQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page.2023-04-06not yet calculatedCVE-2020-36071
MISC
tailor_management_system -- tailor_management_systemSQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter.2023-04-06not yet calculatedCVE-2020-36072
MISC
tailor_management_system -- tailor_management_systemSQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page.2023-04-06not yet calculatedCVE-2020-36073
MISC
tailor_management_system -- tailor_management_systemSQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.2023-04-06not yet calculatedCVE-2020-36074
MISC
etcd -- etcd-ioAuthentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function.2023-04-04not yet calculatedCVE-2021-28235
MISC
MISC
MISC
MISC
kitecms -- kitecmsPermissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type.2023-04-04not yet calculatedCVE-2021-31707
MISC
kitecms -- kitecmsFile Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function.2023-04-04not yet calculatedCVE-2021-3267
MISC
osticket -- osticketSession Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.2023-04-05not yet calculatedCVE-2022-31888
MISC
MISC
MISC
osticket -- osticketCross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae.2023-04-05not yet calculatedCVE-2022-31889
MISC
MISC
osticket -- osticketSQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function.2023-04-05not yet calculatedCVE-2022-31890
MISC
MISC
mediatek -- multiple_productsIn rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390.2023-04-06not yet calculatedCVE-2022-32599
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private.2023-04-05not yet calculatedCVE-2022-3375
MISC
CONFIRM
MISC
ibm -- sterling_order_managementIBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320.2023-04-07not yet calculatedCVE-2022-33959
MISC
MISC
ibm -- sterling_order_managementIBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698.2023-04-07not yet calculatedCVE-2022-34333
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP.2023-04-05not yet calculatedCVE-2022-3513
MISC
MISC
CONFIRM
frrouting_frr-bgpd -- frrouting_frr-bgpdA reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.2023-04-03not yet calculatedCVE-2022-36440
MISC
MISC
bluepage_cms -- bluepage_cmsBluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload.2023-04-03not yet calculatedCVE-2022-38922
MISC
MISC
MISC
bluepage_cms -- bluepage_cmsBluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload.2023-04-03not yet calculatedCVE-2022-38923
MISC
MISC
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin.2023-04-03not yet calculatedCVE-2022-3960
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions.2023-04-04not yet calculatedCVE-2022-41633
MISC
supermicro -- x11ssl-cf_hwSupermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions.2023-04-07not yet calculatedCVE-2022-43309
MISC
MISC
MISC
cisco_talos_intelligence_group -- ichitaro_word_processor_2022A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability.2023-04-05not yet calculatedCVE-2022-43664
MISC
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream.2023-04-03not yet calculatedCVE-2022-43769
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds.2023-04-03not yet calculatedCVE-2022-43771
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs.2023-04-03not yet calculatedCVE-2022-43772
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled.2023-04-03not yet calculatedCVE-2022-43773
MISC
ibm -- tririga_application_platformIBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036.2023-04-07not yet calculatedCVE-2022-43914
MISC
MISC
ibm -- toolbox_for_javaThe IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675.2023-04-07not yet calculatedCVE-2022-43928
MISC
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager.2023-04-03not yet calculatedCVE-2022-43938
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.2023-04-03not yet calculatedCVE-2022-43939
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service.2023-04-03not yet calculatedCVE-2022-43940
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference.2023-04-03not yet calculatedCVE-2022-43941
MISC
cisco_talos_intelligence_group -- ichitaro_word_processor_2022A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2023-04-05not yet calculatedCVE-2022-45115
MISC
MISC
arm_developer -- mali_gpu_kernel_driverAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0.2023-04-06not yet calculatedCVE-2022-46781
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.2023-04-06not yet calculatedCVE-2022-46793
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name.2023-04-03not yet calculatedCVE-2022-4769
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt).2023-04-03not yet calculatedCVE-2022-4770
MISC
hitachi -- vantara_pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables.2023-04-03not yet calculatedCVE-2022-4771
MISC
redgate -- sql_monitorA Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.2023-04-04not yet calculatedCVE-2022-47870
MISC
acuant -- acufill_sdkAn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI's get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges).2023-04-04not yet calculatedCVE-2022-48221
MISC
MISC
acuant -- acufill_sdk
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).2023-04-04not yet calculatedCVE-2022-48222
MISC
MISC
acuant -- acufill_sdkAn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory.2023-04-04not yet calculatedCVE-2022-48223
MISC
MISC
acuant -- acufill_sdkAn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges).2023-04-04not yet calculatedCVE-2022-48224
MISC
MISC
acuant -- acufill_sdkAn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location.2023-04-04not yet calculatedCVE-2022-48225
MISC
MISC
acuant -- acufill_sdkAn issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.2023-04-04not yet calculatedCVE-2022-48226
MISC
MISC
acuant -- assureid_sentinelAn issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.2023-04-04not yet calculatedCVE-2022-48227
MISC
MISC
acuant -- assureid_sentinelAn issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362.2023-04-04not yet calculatedCVE-2022-48228
MISC
MISC
jetbrains -- phpstormIn JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file2023-04-04not yet calculatedCVE-2022-48435
MISC
wordpress -- wordpressThe WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action).2023-04-05not yet calculatedCVE-2022-4935
MISC
MISC
wordpress -- wordpressThe WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2022-4936
MISC
MISC
wordpress -- wordpressThe WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.2023-04-05not yet calculatedCVE-2022-4937
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected.2023-04-05not yet calculatedCVE-2022-4938
MISC
MISC
wordpress -- wordpressTHe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator.2023-04-05not yet calculatedCVE-2022-4939
MISC
MISC
wordpress -- wordpressThe WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more.2023-04-05not yet calculatedCVE-2022-4940
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site's administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2022-4941
MISC
MISC
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.2023-04-01not yet calculatedCVE-2023-0180
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.2023-04-01not yet calculatedCVE-2023-0181
MISC
nvidia -- vgpu
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.2023-04-01not yet calculatedCVE-2023-0182
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.2023-04-01not yet calculatedCVE-2023-0185
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.2023-04-01not yet calculatedCVE-2023-0192
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.2023-04-01not yet calculatedCVE-2023-0194
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver2023-04-01not yet calculatedCVE-2023-0195
MISC
nvidia -- vgpuNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.2023-04-01not yet calculatedCVE-2023-0197
MISC
nvidia -- vgpuNVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.2023-04-01not yet calculatedCVE-2023-0198
MISC
uvdesk -- uvdeskUvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers.2023-04-04not yet calculatedCVE-2023-0265
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only.2023-04-05not yet calculatedCVE-2023-0319
MISC
CONFIRM
MISC
uvdesk -- uvdeskUvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket.2023-04-04not yet calculatedCVE-2023-0325
MISC
MISC
helpy -- helpyHelpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket.2023-04-04not yet calculatedCVE-2023-0357
MISC
MISC
m-files -- serverUser-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption.2023-04-05not yet calculatedCVE-2023-0382
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users.2023-04-05not yet calculatedCVE-2023-0450
MISC
MISC
CONFIRM
vitalpbx -- vitalpbxVitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. This is possible because the application is vulnerable to CSRF.2023-04-04not yet calculatedCVE-2023-0480
MISC
MISC
vitalpbx -- vitalpbxVitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. This is possible because the application is vulnerable to XSS.2023-04-04not yet calculatedCVE-2023-0486
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances.2023-04-05not yet calculatedCVE-2023-0523
MISC
CONFIRM
MISC
abb -- my_control_systemInsecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13.2023-04-06not yet calculatedCVE-2023-0580
MISC
samba -- ad_dcThe fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.2023-04-03not yet calculatedCVE-2023-0614
MISC
CONFIRM
cloudflare -- warpDue to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.2023-04-06not yet calculatedCVE-2023-0652
MISC
MISC
MISC
ulearn -- ulearnUlearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image.2023-04-05not yet calculatedCVE-2023-0670
MISC
orangescrum -- orangescrumOrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html.2023-04-04not yet calculatedCVE-2023-0738
MISC
MISC
lynx_technik_ag -- yellobrikYellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.2023-04-06not yet calculatedCVE-2023-0750
MISC
markdown-pdf -- markdown-pdfmarkdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user.2023-04-04not yet calculatedCVE-2023-0835
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342.2023-04-05not yet calculatedCVE-2023-0838
CONFIRM
MISC
MISC
xml2js-- xml2jsxml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the proto property to be edited.2023-04-05not yet calculatedCVE-2023-0842
MISC
MISC
bhima -- bhimaBhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user.2023-04-05not yet calculatedCVE-2023-0944
MISC
MISC
bhima -- bhimaBhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.2023-04-05not yet calculatedCVE-2023-0959
MISC
MISC
bhima -- bhimaBhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform.2023-04-05not yet calculatedCVE-2023-0967
MISC
MISC
trellix -- agent_for_windowsA vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions.2023-04-03not yet calculatedCVE-2023-0975
MISC
trellix -- agentA heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable.2023-04-03not yet calculatedCVE-2023-0977
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic.2023-04-05not yet calculatedCVE-2023-1071
CONFIRM
MISC
gitlab -- gitlabAn information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration.2023-04-05not yet calculatedCVE-2023-1098
MISC
CONFIRM
MISC
gitlab -- gitlabImproper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR.2023-04-05not yet calculatedCVE-2023-1167
CONFIRM
MISC
cloudflare -- warpAn unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems.2023-04-05not yet calculatedCVE-2023-1412
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim's epic in an unrelated group.2023-04-05not yet calculatedCVE-2023-1417
MISC
CONFIRM
MISC
genetec – security_centerSQL Injection in the Hardware Inventory report of Security Center 5.11.2.2023-04-05not yet calculatedCVE-2023-1522
MISC
linux -- kernelA race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service.2023-04-05not yet calculatedCVE-2023-1582
MISC
sophos -- web_applianceA pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.2023-04-04not yet calculatedCVE-2023-1671
CONFIRM
gitlab -- gitlabAn issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine.2023-04-05not yet calculatedCVE-2023-1708
CONFIRM
MISC
MISC
gitlab -- gitlabA sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue.2023-04-05not yet calculatedCVE-2023-1710
MISC
MISC
CONFIRM
gitlab -- gitlabA denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.2023-04-05not yet calculatedCVE-2023-1733
MISC
MISC
CONFIRM
nexx -- multiple_productsThe listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer.2023-04-04not yet calculatedCVE-2023-1748
MISC
nexx -- multiple_productsThe listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute.2023-04-04not yet calculatedCVE-2023-1749
MISC
nexx -- multiple_productsThe listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information.2023-04-04not yet calculatedCVE-2023-1750
MISC
nexx -- multiple_productsThe listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId.2023-04-04not yet calculatedCVE-2023-1751
MISC
nexx -- multiple_productsThe listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address.2023-04-04not yet calculatedCVE-2023-1752
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1756
CONFIRM
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1757
MISC
CONFIRM
phpmyfaq -- phpmyfaqFailure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1758
MISC
CONFIRM
tribe29 -- checkmkInappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations.2023-04-04not yet calculatedCVE-2023-1768
MISC
hashicorp -- multiple_productsHashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3.2023-04-05not yet calculatedCVE-2023-1782
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description.2023-04-05not yet calculatedCVE-2023-1787
MISC
CONFIRM
firefly-iii -- firefly-iiiInsufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6.2023-04-05not yet calculatedCVE-2023-1788
CONFIRM
MISC
the_tcpdump_group -- tcpdumpThe SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet.2023-04-07not yet calculatedCVE-2023-1801
MISC
MISC
docker -- docker_desktopIn Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected.2023-04-06not yet calculatedCVE-2023-1802
MISC
MISC
google -- chromeHeap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-04-04not yet calculatedCVE-2023-1810
MISC
MISC
MISC
google -- chromeUse after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-04-04not yet calculatedCVE-2023-1811
MISC
MISC
MISC
google -- chromeOut of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1812
MISC
MISC
MISC
google -- chromeInappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1813
MISC
MISC
MISC
google -- chromeInsufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1814
MISC
MISC
MISC
google -- chromeUse after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1815
MISC
MISC
MISC
google -- chromeIncorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1816
MISC
MISC
MISC
google -- chromeInsufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1817
MISC
MISC
MISC
google -- chromeUse after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1818
MISC
MISC
MISC
google -- chromeOut of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1819
MISC
MISC
MISC
google -- chromeHeap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-04-04not yet calculatedCVE-2023-1820
MISC
MISC
MISC
google -- chromeInappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)2023-04-04not yet calculatedCVE-2023-1821
MISC
MISC
MISC
google -- chromeIncorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)2023-04-04not yet calculatedCVE-2023-1822
MISC
MISC
MISC
google -- chromeInappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)2023-04-04not yet calculatedCVE-2023-1823
MISC
MISC
MISC
sourcecodester -- centralized_covid_vaccination_records_systemA vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability.2023-04-04not yet calculatedCVE-2023-1827
MISC
MISC
MISC
linux -- kernelA use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem.2023-04-05not yet calculatedCVE-2023-1838
MISC
wordpress -- wordpressThe Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-04-04not yet calculatedCVE-2023-1840
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1845
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1846
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987.2023-04-05not yet calculatedCVE-2023-1847
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988.2023-04-05not yet calculatedCVE-2023-1848
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1849
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1850
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991.2023-04-05not yet calculatedCVE-2023-1851
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992.2023-04-05not yet calculatedCVE-2023-1852
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1853
MISC
MISC
MISC
sourcecodester -- online_payroll_systemA vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1854
MISC
MISC
MISC
linux -- kernelA use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.2023-04-05not yet calculatedCVE-2023-1855
MISC
sourcecodester -- air_cargo_management_systemA vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995.2023-04-05not yet calculatedCVE-2023-1856
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.2023-04-05not yet calculatedCVE-2023-1857
MISC
MISC
MISC
sourcecodester -- earnings_and_expense_tracker_appA vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability.2023-04-05not yet calculatedCVE-2023-1858
MISC
MISC
keysight -- ixia_hawkeyeA vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste"><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue.2023-04-05not yet calculatedCVE-2023-1860
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin.2023-04-05not yet calculatedCVE-2023-1865
MISC
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2023-1866
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2023-1867
MISC
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin's cache.2023-04-05not yet calculatedCVE-2023-1868
MISC
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-04-05not yet calculatedCVE-2023-1869
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2023-1870
MISC
MISC
MISC
wordpress -- wordpressThe YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin's quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-05not yet calculatedCVE-2023-1871
MISC
MISC
MISC
microweber -- microweberDeserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3.2023-04-05not yet calculatedCVE-2023-1876
CONFIRM
MISC
microweber -- microweberCommand Injection in GitHub repository microweber/microweber prior to 1.3.3.2023-04-05not yet calculatedCVE-2023-1877
CONFIRM
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1878
CONFIRM
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1879
CONFIRM
MISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1880
CONFIRM
MISC
microweber -- microweberCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3.2023-04-05not yet calculatedCVE-2023-1881
CONFIRM
MISC
phpmyfaq -- phpmyfaq
Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1882
MISC
CONFIRM
phpmyfaq -- phpmyfaqImproper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1883
MISC
CONFIRM
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1884
MISC
CONFIRM
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1885
MISC
CONFIRM
phpmyfaq -- phpmyfaqAuthentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1886
CONFIRM
MISC
phpmyfaq -- phpmyfaqBusiness Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12.2023-04-05not yet calculatedCVE-2023-1887
MISC
CONFIRM
sourcecodester -- simple_mobile_comparison_websiteA vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability.2023-04-06not yet calculatedCVE-2023-1908
MISC
MISC
MISC
phpgugurukul -- bp_monitoring_management_systemA vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1909
MISC
MISC
MISC
wordpress -- wordpressThe Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin's settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings.2023-04-06not yet calculatedCVE-2023-1912
MISC
MISC
wordpress -- wordpressThe Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.2023-04-06not yet calculatedCVE-2023-1913
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1918
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1919
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1920
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1921
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1922
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1923
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1924
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1925
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1926
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-04-06not yet calculatedCVE-2023-1927
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation.2023-04-06not yet calculatedCVE-2023-1928
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache.2023-04-06not yet calculatedCVE-2023-1929
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches.2023-04-06not yet calculatedCVE-2023-1930
MISC
MISC
wordpress -- wordpressThe WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion.2023-04-06not yet calculatedCVE-2023-1931
MISC
MISC
my-blog -- my-blogA vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264.2023-04-07not yet calculatedCVE-2023-1937
MISC
MISC
MISC
sourcecodester -- simple_and_beautiful_shopping_cart_systemA vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316.2023-04-07not yet calculatedCVE-2023-1940
MISC
MISC
MISC
sourcecodester -- simple_and_beautiful_shopping_cart_systemA vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1941
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.2023-04-07not yet calculatedCVE-2023-1942
MISC
MISC
MISC
sourcecodester -- survey_application_systemA vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1946
MISC
MISC
taocms -- taocmsA vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability.2023-04-07not yet calculatedCVE-2023-1947
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_systemA vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335.2023-04-08not yet calculatedCVE-2023-1948
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_systemA vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336.2023-04-08not yet calculatedCVE-2023-1949
MISC
MISC
MISC
phpgurukul -- bp_monitoring_management_systemA vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1950
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1951
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.2023-04-08not yet calculatedCVE-2023-1952
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.2023-04-08not yet calculatedCVE-2023-1953
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1954
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1955
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.2023-04-08not yet calculatedCVE-2023-1956
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.2023-04-08not yet calculatedCVE-2023-1957
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1958
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.2023-04-08not yet calculatedCVE-2023-1959
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.2023-04-08not yet calculatedCVE-2023-1960
MISC
MISC
MISC
sourcecodester -- online_computer_and_laptop_storeA vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.2023-04-08not yet calculatedCVE-2023-1961
MISC
MISC
MISC
cisco -- identity_services_engineMultiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-04-05not yet calculatedCVE-2023-20021
CISCO
cisco -- identity_services_engineMultiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-04-05not yet calculatedCVE-2023-20022
CISCO
cisco -- identity_services_engineMultiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-04-05not yet calculatedCVE-2023-20023
CISCO
cisco -- identity_services_engineA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials.2023-04-05not yet calculatedCVE-2023-20030
CISCO
cisco -- packet_data_network_gatewayA vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS).2023-04-05not yet calculatedCVE-2023-20051
CISCO
cisco -- prime_infrastructure_softwareA vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.2023-04-05not yet calculatedCVE-2023-20068
CISCO
cisco -- small_business_routersA vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.2023-04-05not yet calculatedCVE-2023-20073
CISCO
cisco -- unified_contact_center_expressA vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface.2023-04-05not yet calculatedCVE-2023-20096
CISCO
cisco -- secure_network_analyticsA vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user.2023-04-05not yet calculatedCVE-2023-20102
CISCO
cisco -- secure_network_analyticsA vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device.2023-04-05not yet calculatedCVE-2023-20103
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20117
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20121
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20122
CISCO
cisco -- duo_two-factor_authenticationA vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device.2023-04-05not yet calculatedCVE-2023-20123
CISCO
cisco -- small_business_routersA vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability.2023-04-05not yet calculatedCVE-2023-20124
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20127
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20128
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20129
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20130
CISCO
cisco -- multiple_productsMultiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20131
CISCO
cisco -- webex_meetingsMultiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20132
CISCO
cisco -- webex_meetingsMultiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory.2023-04-05not yet calculatedCVE-2023-20134
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20137
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20138
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20139
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20140
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20141
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20142
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20143
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20144
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20145
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20146
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20147
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20148
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20149
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20150
CISCO
cisco -- small_business_routersMultiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities.2023-04-05not yet calculatedCVE-2023-20151
CISCO
cisco -- identity_services_engineMultiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-04-05not yet calculatedCVE-2023-20152
CISCO
cisco -- identity_services_engineMultiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.2023-04-05not yet calculatedCVE-2023-20153
CISCO
amd -- multiple_productsInsufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.2023-04-02not yet calculatedCVE-2023-20558
MISC
amd -- multiple_productsInsufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.2023-04-02not yet calculatedCVE-2023-20559
MISC
mediatek -- keyinstallIn keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135.2023-04-06not yet calculatedCVE-2023-20652
MISC
mediatek -- keyinstallIn keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.2023-04-06not yet calculatedCVE-2023-20653
MISC
mediatek -- keyinstallIn keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148.2023-04-06not yet calculatedCVE-2023-20654
MISC
mediatek -- mmsdkIn mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.2023-04-06not yet calculatedCVE-2023-20655
MISC
mediatek -- geniezoneIn geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494.2023-04-06not yet calculatedCVE-2023-20656
MISC
mediatek -- mteeIn mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485.2023-04-06not yet calculatedCVE-2023-20657
MISC
mediatek -- ispIn isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.2023-04-06not yet calculatedCVE-2023-20658
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413.2023-04-06not yet calculatedCVE-2023-20659
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383.2023-04-06not yet calculatedCVE-2023-20660
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782.2023-04-06not yet calculatedCVE-2023-20661
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765.2023-04-06not yet calculatedCVE-2023-20662
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741.2023-04-06not yet calculatedCVE-2023-20663
MISC
mediatek -- gzIn gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952.2023-04-06not yet calculatedCVE-2023-20664
MISC
mediatek -- rilIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.2023-04-06not yet calculatedCVE-2023-20665
MISC
mediatek -- display_drmIn display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173.2023-04-06not yet calculatedCVE-2023-20666
MISC
mediatek -- audioIn audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710.2023-04-06not yet calculatedCVE-2023-20670
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552.2023-04-06not yet calculatedCVE-2023-20674
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569.2023-04-06not yet calculatedCVE-2023-20675
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518.2023-04-06not yet calculatedCVE-2023-20676
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.2023-04-06not yet calculatedCVE-2023-20677
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453.2023-04-06not yet calculatedCVE-2023-20679
MISC
mediatek -- adspIn adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.2023-04-06not yet calculatedCVE-2023-20680
MISC
mediatek -- adspIn adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.2023-04-06not yet calculatedCVE-2023-20681
MISC
mediatek -- wlanIn wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605.2023-04-06not yet calculatedCVE-2023-20682
MISC
mediatek -- vdecIn vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.2023-04-06not yet calculatedCVE-2023-20684
MISC
mediatek -- vdecIn vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.2023-04-06not yet calculatedCVE-2023-20685
MISC
mediatek -- display_drmIn display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826.2023-04-06not yet calculatedCVE-2023-20686
MISC
mediatek -- display_drmIn display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.2023-04-06not yet calculatedCVE-2023-20687
MISC
mediatek -- powerIn power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821.2023-04-06not yet calculatedCVE-2023-20688
MISC
cisco_talos_intelligence_group -- ichitaro_word_processor_2022An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability.2023-04-05not yet calculatedCVE-2023-22291
MISC
MISC
cisco_talos_intelligence_group -- ichitaro_word_processor_2022A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document.2023-04-05not yet calculatedCVE-2023-22660
MISC
MISC
sourcecodester -- simple_guestbook_management_systemSourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.2023-04-06not yet calculatedCVE-2023-22985
MISC
MISC
sato – cl4nx_plus_printerAn authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.2023-03-31not yet calculatedCVE-2023-23594
MISC
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions.2023-04-04not yet calculatedCVE-2023-23685
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions.2023-04-04not yet calculatedCVE-2023-23686
MISC
github -- enterprise_serverAn improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users' secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-04-07not yet calculatedCVE-2023-23761
MISC
MISC
MISC
MISC
MISC
github -- enterprise_serverAn incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program.2023-04-07not yet calculatedCVE-2023-23762
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions.2023-04-07not yet calculatedCVE-2023-23799
MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.2023-04-06not yet calculatedCVE-2023-23801
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions.2023-04-06not yet calculatedCVE-2023-23815
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions.2023-04-04not yet calculatedCVE-2023-23821
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions.2023-04-04not yet calculatedCVE-2023-23870
MISC
wordpress -- wordpressAuth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions.2023-04-04not yet calculatedCVE-2023-23878
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions.2023-04-07not yet calculatedCVE-2023-23885
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.2023-04-06not yet calculatedCVE-2023-23891
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.2023-04-06not yet calculatedCVE-2023-23898
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions.2023-04-06not yet calculatedCVE-2023-23971
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions.2023-04-06not yet calculatedCVE-2023-23972
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions.2023-04-04not yet calculatedCVE-2023-23977
MISC
wordpress -- wordpressUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions.2023-04-06not yet calculatedCVE-2023-23979
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions.2023-04-06not yet calculatedCVE-2023-23980
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions.2023-04-06not yet calculatedCVE-2023-23981
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions.2023-04-06not yet calculatedCVE-2023-23982
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions.2023-04-06not yet calculatedCVE-2023-23987
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions.2023-04-07not yet calculatedCVE-2023-23994
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions.2023-04-06not yet calculatedCVE-2023-23996
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions.2023-04-06not yet calculatedCVE-2023-23998
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions.2023-04-06not yet calculatedCVE-2023-24001
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions.2023-04-06not yet calculatedCVE-2023-24002
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions.2023-04-06not yet calculatedCVE-2023-24003
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions.2023-04-06not yet calculatedCVE-2023-24004
MISC
wordpress -- wordpressAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions.2023-04-06not yet calculatedCVE-2023-24006
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.2023-04-06not yet calculatedCVE-2023-24374
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions.2023-04-06not yet calculatedCVE-2023-24378
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.2023-04-06not yet calculatedCVE-2023-24383
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.2023-04-06not yet calculatedCVE-2023-24387
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.2023-04-06not yet calculatedCVE-2023-24396
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions.2023-04-07not yet calculatedCVE-2023-24398
MISC
wordpress -- wordpressAuth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions.2023-04-07not yet calculatedCVE-2023-24402
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions.2023-04-06not yet calculatedCVE-2023-24403
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.2023-04-06not yet calculatedCVE-2023-24411
MISC
go -- goHTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.2023-04-06not yet calculatedCVE-2023-24534
MISC
MISC
MISC
MISC
go -- goMultipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.2023-04-06not yet calculatedCVE-2023-24536
MISC
MISC
MISC
MISC
MISC
MISC
go -- goCalling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.2023-04-06not yet calculatedCVE-2023-24537
MISC
MISC
MISC
MISC
go -- goTemplates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.2023-04-06not yet calculatedCVE-2023-24538
MISC
MISC
MISC
MISC
gnu_screen -- gnu_screensocket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process.2023-04-08not yet calculatedCVE-2023-24626
CONFIRM
MISC
MISC
readium_js -- readium_jsAn arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file.2023-04-05not yet calculatedCVE-2023-24720
MISC
sas -- sasadminA stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3.2023-04-03not yet calculatedCVE-2023-24724
MISC
MISC
CONFIRM
jfinal_cms -- jfinal_cmsJfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list.2023-04-05not yet calculatedCVE-2023-24747
MISC
d_link -- dir878_dir_878_fw120b05D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-24797
MISC
MISC
d_link -- dir878_dir_878_fw120b05D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-24798
MISC
MISC
d_link -- dir878_dir_878_fw120b05
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-24799
MISC
MISC
d_link -- dir878_dir_878_fw120b05
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-24800
MISC
MISC
wordpress -- wordpressUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.2023-04-07not yet calculatedCVE-2023-25020
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions.2023-04-07not yet calculatedCVE-2023-25022
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions.2023-04-07not yet calculatedCVE-2023-25023
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions.2023-04-07not yet calculatedCVE-2023-25024
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions.2023-04-07not yet calculatedCVE-2023-25027
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions.2023-04-07not yet calculatedCVE-2023-25031
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.2023-04-07not yet calculatedCVE-2023-25041
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions.2023-04-07not yet calculatedCVE-2023-25046
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions.2023-04-07not yet calculatedCVE-2023-25049
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions.2023-04-07not yet calculatedCVE-2023-25059
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions.2023-04-07not yet calculatedCVE-2023-25061
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.2023-04-06not yet calculatedCVE-2023-25062
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25210
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25211
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25212
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25213
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25214
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25215
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25216
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25217
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25218
MISC
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25219
MISC
tenda -- ac5Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-25220
MISC
MISC
atlauncher -- atlauncherATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.2023-04-04not yet calculatedCVE-2023-25303
MISC
MISC
polymc_launcher -- polymc_launcherPolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory.2023-04-04not yet calculatedCVE-2023-25305
MISC
MISC
mybatis_plus -- mybaties_plusA SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer.2023-04-05not yet calculatedCVE-2023-25330
MISC
coredial -- sipxcomCoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the daemon user on a sipXcom server can overwrite a service file, and escalate their privileges to root.2023-04-04not yet calculatedCVE-2023-25355
MISC
coredial -- sipxcomCoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution.2023-04-04not yet calculatedCVE-2023-25356
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions.2023-04-07not yet calculatedCVE-2023-25442
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions.2023-04-07not yet calculatedCVE-2023-25464
MISC
dell -- trusted_device_agentDell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges.2023-04-06not yet calculatedCVE-2023-25542
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.2023-04-07not yet calculatedCVE-2023-25702
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions.2023-04-07not yet calculatedCVE-2023-25705
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions.2023-04-07not yet calculatedCVE-2023-25711
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions.2023-04-07not yet calculatedCVE-2023-25712
MISC
wordpress -- wordpressUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions.2023-04-07not yet calculatedCVE-2023-25713
MISC
wordpress -- wordpressAuth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions.2023-04-07not yet calculatedCVE-2023-25716
MISC
dell -- powerscale_onefsDell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees.2023-04-04not yet calculatedCVE-2023-25940
MISC
dell -- powerscale_onefsDell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee.2023-04-04not yet calculatedCVE-2023-25941
MISC
dell -- powerscale_onefsDell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service.2023-04-04not yet calculatedCVE-2023-25942
MISC
arm_developer -- mali_gpu_kernel_driverMemory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 - r32p0, Bifrost GPU Kernel Driver all versions from r0p0 - r42p0, Valhall GPU Kernel Driver all versions from r19p0 - r42p0, and Avalon GPU Kernel Driver all versions from r41p0 - r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.2023-04-06not yet calculatedCVE-2023-26083
MISC
MISC
CONFIRM
configobj -- configobjAll versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.)\). *Note: This is only exploitable in the case of a developer, putting the offending value in a server side configuration file.2023-04-03not yet calculatedCVE-2023-26112
MISC
MISC
apache -- james_server
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users.2023-04-03not yet calculatedCVE-2023-26269
MISC
powerdns -- recursorDenial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.2023-04-04not yet calculatedCVE-2023-26437
MISC
wordpress -- wordpressAuth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions.2023-04-05not yet calculatedCVE-2023-26536
MISC
tinytiff – tinytiffreaderBuffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file.2023-04-04not yet calculatedCVE-2023-26733
MISC
MISC
yiisoft -- yii_frameworkSQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows a remote attacker to execute arbitrary code via the runAction function.2023-04-04not yet calculatedCVE-2023-26750
MISC
monitorr -- monitorr
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint.2023-04-04not yet calculatedCVE-2023-26775
MISC
MISC
MISC
MISC
monitorr -- monitorrCross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.2023-04-04not yet calculatedCVE-2023-26776
MISC
MISC
MISC
MISC
MISC
uptime_kuma -- uptime_kumaCross Site Scripting vulnerability found in :eek:uislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint.2023-04-04not yet calculatedCVE-2023-26777
MISC
MISC
veritas -- netbackup_opscenterVeritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser.2023-04-05not yet calculatedCVE-2023-26789
MISC
MISC
codefever -- codefevercodefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php.2023-04-07not yet calculatedCVE-2023-26817
MISC
siteproxy -- siteproxysiteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js.2023-04-07not yet calculatedCVE-2023-26820
MISC
totolink -- a7100ruTOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules.2023-04-07not yet calculatedCVE-2023-26848
MISC
churchcrm -- churchcrmThe hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords.2023-04-04not yet calculatedCVE-2023-26855
MISC
sourcecodester -- dynamic_transaction_queuing_systemDynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.2023-04-05not yet calculatedCVE-2023-26856
MISC
sourcecodester -- dynamic_transaction_queuing_systemAn arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2023-04-05not yet calculatedCVE-2023-26857
MISC
greenpacket -- oh736GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover.2023-04-04not yet calculatedCVE-2023-26866
MISC
quectel -- ag550qcnOS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd.2023-04-04not yet calculatedCVE-2023-26921
MISC
infranview -- infranviewIrfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0.2023-04-04not yet calculatedCVE-2023-26974
MISC
totolink -- a7100ruTOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg.2023-04-07not yet calculatedCVE-2023-26978
MISC
swftools -- swftoolsSWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c.2023-04-04not yet calculatedCVE-2023-26991
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27012
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27013
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27014
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27015
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27016
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27017
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27018
MISC
tenda -- ac10
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27019
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27020
MISC
tenda -- ac10Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.2023-04-07not yet calculatedCVE-2023-27021
MISC
prestashop -- cdesignerPrestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().2023-04-07not yet calculatedCVE-2023-27033
MISC
MISC
ehuacui -- bbsCross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter.2023-04-04not yet calculatedCVE-2023-27089
MISC
MISC
xiaobingby -- teacmsAn unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s).2023-04-04not yet calculatedCVE-2023-27091
MISC
MISC
gdidees -- cmsGDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php.2023-04-07not yet calculatedCVE-2023-27180
MISC
MISC
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header x-envoy-original-path should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for jwt_authn checks if the jwt_authn filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted x-envoy-original-path header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue.2023-04-04not yet calculatedCVE-2023-27487
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when failure_mode_allow: true is configured for ext_authz filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with failure_mode_allow: true, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a ! character. This behavioral change can be temporarily reverted by setting runtime guard envoy.reloadable_features.service_sanitize_non_utf8_strings to false. As a workaround, one may set failure_mode_allow: false for ext_authz.2023-04-04not yet calculatedCVE-2023-27488
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9.2023-04-04not yet calculatedCVE-2023-27491
MISC
MISC
MISC
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter.2023-04-04not yet calculatedCVE-2023-27492
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties.2023-04-04not yet calculatedCVE-2023-27493
MISC
envoyproxy -- envoyEnvoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a state query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the state parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script).2023-04-04not yet calculatedCVE-2023-27496
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions.2023-04-07not yet calculatedCVE-2023-27620
MISC
edb-debugger -- edb-debuggerAn issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp.2023-04-04not yet calculatedCVE-2023-27734
MISC
wondershare_technology -- edrawmindAn issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file.2023-04-04not yet calculatedCVE-2023-27759
MISC
wondershare_technology -- filmoraAn issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe.2023-04-04not yet calculatedCVE-2023-27760
MISC
wondershare_technology -- uniconverterAn issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file.2023-04-04not yet calculatedCVE-2023-27761
MISC
wondershare_technology -- democreatorAn issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file.2023-04-04not yet calculatedCVE-2023-27762
MISC
wondershare_technology -- mobiletransAn issue found in Wondershare Technology Co., Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file.2023-04-04not yet calculatedCVE-2023-27763
MISC
wondershare_technology -- repairitAn issue found in Wondershare Technology Co., Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file.2023-04-04not yet calculatedCVE-2023-27764
MISC
wondershare_technology -- recoveritAn issue found in Wondershare Technology Co., Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file.2023-04-04not yet calculatedCVE-2023-27765
MISC
wondershare_technology -- anireelAn issue found in Wondershare Technology Co., Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file.2023-04-04not yet calculatedCVE-2023-27766
MISC
wondershare_technology -- dr.foneAn issue found in Wondershare Technology Co., Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file.2023-04-04not yet calculatedCVE-2023-27767
MISC
wondershare_technology -- pdfelementAn issue found in Wondershare Technology Co., Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file.2023-04-04not yet calculatedCVE-2023-27768
MISC
wondershare_technology -- pdf_readerAn issue found in Wondershare Technology Co., Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file.2023-04-04not yet calculatedCVE-2023-27769
MISC
wondershare_technology -- edraw-maxAn issue found in Wondershare Technology Co., Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file.2023-04-04not yet calculatedCVE-2023-27770
MISC
wondershare_technology -- creative_centerrAn issue found in Wondershare Technology Co., Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file.2023-04-04not yet calculatedCVE-2023-27771
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27801
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27802
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27803
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27804
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27805
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27806
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27807
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27808
MISC
phicomm -- h3c_magic_r100H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload.2023-04-07not yet calculatedCVE-2023-27810
MISC
ibm -- tritiga_application_platformIBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975.2023-04-07not yet calculatedCVE-2023-27876
MISC
MISC
dell -- diplay_managerDell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges.2023-04-06not yet calculatedCVE-2023-28046
MISC
dell -- power_managerDell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system.2023-04-07not yet calculatedCVE-2023-28051
MISC
dell -- streaming_data_platformDell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks.2023-04-05not yet calculatedCVE-2023-28069
MISC
zoho -- manageengineZoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API.2023-04-05not yet calculatedCVE-2023-28342
MISC
MISC
samsung -- multiple_productsAn issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.2023-04-04not yet calculatedCVE-2023-28613
MISC
MISC
MISC
openidc -- mod_auth_openidcmod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using OIDCStripCookies.2023-04-03not yet calculatedCVE-2023-28625
MISC
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to Forgotten password? event. However, it will not prevent unauthorized modification of any user emails.2023-04-05not yet calculatedCVE-2023-28632
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue.2023-04-05not yet calculatedCVE-2023-28633
MISC
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue.2023-04-05not yet calculatedCVE-2023-28634
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7.2023-04-05not yet calculatedCVE-2023-28636
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7.2023-04-05not yet calculatedCVE-2023-28639
MISC
CONFIRM
MISC
apache -- airflow_hive_providerImproper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider: before 6.0.0.2023-04-07not yet calculatedCVE-2023-28706
MISC
MISC
MISC
apache -- airflow_drill_providerImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. This issue affects Apache Airflow Drill Provider: before 2.3.2.2023-04-07not yet calculatedCVE-2023-28707
MISC
MISC
MISC
apache -- airflow_spark_providerImproper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider. This issue affects Apache Airflow Spark Provider: before 4.0.1.2023-04-07not yet calculatedCVE-2023-28710
MISC
MISC
MISC
wordpress -- wordpressUnauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.2023-04-07not yet calculatedCVE-2023-28781
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions.2023-04-07not yet calculatedCVE-2023-28789
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions.2023-04-07not yet calculatedCVE-2023-28792
MISC
nextcloud -- server/enterprise_serverNextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds.2023-04-03not yet calculatedCVE-2023-28834
MISC
MISC
MISC
MISC
wagtail -- wagtailWagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (ChooseParentView), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (InspectView) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.2023-04-03not yet calculatedCVE-2023-28836
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wagtail -- wagtailWagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail's handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files.2023-04-03not yet calculatedCVE-2023-28837
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, remove Assistance > Statistics and Tools > Reports read rights from every user.2023-04-05not yet calculatedCVE-2023-28838
MISC
MISC
MISC
moby -- mobyMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby, is commonly referred to as Docker. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the xt_u32 kernel module is available on all nodes of the Swarm cluster.2023-04-04not yet calculatedCVE-2023-28840
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby -- mobyMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, overlay networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the xt_u32 kernel module is available on all nodes of the Swarm cluster.2023-04-04not yet calculatedCVE-2023-28841
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby -- mobyMoby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as moby/moby is commonly referred to as Docker. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The overlay driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in host mode instead of ingress mode (allowing the use of an external load balancer), and removing the ingress network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.2023-04-04not yet calculatedCVE-2023-28842
MISC
MISC
MISC
MISC
MISC
nextcloud -- nextclouduser_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.2023-04-04not yet calculatedCVE-2023-28848
MISC
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory.2023-04-05not yet calculatedCVE-2023-28849
MISC
MISC
pimcore -- pimcorePimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually.2023-04-03not yet calculatedCVE-2023-28850
MISC
MISC
MISC
silverstripe -- silverstripeSilverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability.2023-04-03not yet calculatedCVE-2023-28851
MISC
MISC
glpi-project -- glpiGLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue.2023-04-05not yet calculatedCVE-2023-28852
MISC
MISC
MISC
mastodon -- mastodonMastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2.2023-04-04not yet calculatedCVE-2023-28853
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nophp -- nophpnophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as env_patchsample230330.php to env.php.2023-04-03not yet calculatedCVE-2023-28854
MISC
MISC
MISC
glpi-project -- glpiFields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue.2023-04-05not yet calculatedCVE-2023-28855
MISC
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions.2023-04-07not yet calculatedCVE-2023-28993
MISC
nextcloud -- desktop_clientThe Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.2023-04-04not yet calculatedCVE-2023-28997
MISC
MISC
MISC
nextcloud -- desktop_clientThe Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.2023-04-04not yet calculatedCVE-2023-28998
MISC
MISC
MISC
nextcloud -- desktop_clientNextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.2023-04-04not yet calculatedCVE-2023-28999
MISC
MISC
MISC
nextcloud -- desktop_clientThe Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.2023-04-04not yet calculatedCVE-2023-29000
MISC
MISC
MISC
sveltekit -- sveltekitSvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different Content-Type header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the is_form_content_type function call in the CSRF protection logic to include text/plain. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on PUT, PATCH and DELETE methods as well. This latter hardening is only needed to protect users who have put in some sort of ?_method= override feature themselves in their handle hook, so that the request that resolve sees could be PUT/PATCH/DELETE when the browser issues a POST request.2023-04-04not yet calculatedCVE-2023-29003
MISC
MISC
MISC
glpi-project -- glpiThe Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the ajax/dropdownContact.php file from the plugin.2023-04-05not yet calculatedCVE-2023-29006
MISC
MISC
sveltekit -- sveltekitThe SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a +server.js file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at kit/src/runtime/server/respond.js. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased Content-Type header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim's session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets SameSite=None on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn't set the SameSite attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set SameSite to a value other than None on authentication cookies especially if the upgrade cannot be done in a timely manner.2023-04-06not yet calculatedCVE-2023-29008
MISC
MISC
budibase -- budibaseBudibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed.2023-04-06not yet calculatedCVE-2023-29010
MISC
MISC
MISC
goobi_viewer -- goobi_viewerThe Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user's browser. The vulnerability has been fixed in version 23.03.2023-04-06not yet calculatedCVE-2023-29014
MISC
MISC
goobi_viewer -- goobi_viewerThe Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user's browser when displaying the comment. The vulnerability has been fixed in version 23.03.2023-04-06not yet calculatedCVE-2023-29015
MISC
MISC
goobi_viewer -- goobi_viewerThe Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile's nickname, resulting in the execution in the user's browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03.2023-04-06not yet calculatedCVE-2023-29016
MISC
MISC
vm2_sandbox -- vm2_sandboxvm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to Error.prepareStackTrace in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds.2023-04-06not yet calculatedCVE-2023-29017
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions.2023-04-07not yet calculatedCVE-2023-29094
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.2023-03-31not yet calculatedCVE-2023-29141
MISC
MISC
FEDORA
wordpress -- wordpressAuth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions.2023-04-07not yet calculatedCVE-2023-29170
MISC
wordpress -- wordpressUnauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions.2023-04-07not yet calculatedCVE-2023-29171
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions.2023-04-07not yet calculatedCVE-2023-29172
MISC
twitter -- twitter_recommendation_algorithmThe Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023.2023-04-03not yet calculatedCVE-2023-29218
MISC
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.2023-04-07not yet calculatedCVE-2023-29236
MISC
openbsd -- openbsdascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.2023-04-04not yet calculatedCVE-2023-29323
MISC
MISC
MISC
MISC
MISC
MISC
MISC
langchain -- langchainIn LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method.2023-04-05not yet calculatedCVE-2023-29374
MISC
MISC
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions.2023-04-07not yet calculatedCVE-2023-29388
MISC
toyota -- rav4_2021Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated" messages via CAN Injection, as exploited in the wild in (for example) July 2022.2023-04-05not yet calculatedCVE-2023-29389
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.2023-04-06not yet calculatedCVE-2023-29415
MISC
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais.2023-04-06not yet calculatedCVE-2023-29416
MISC
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read.2023-04-06not yet calculatedCVE-2023-29418
MISC
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read.2023-04-06not yet calculatedCVE-2023-29419
MISC
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block.2023-04-06not yet calculatedCVE-2023-29420
MISC
MISC
MISC
bzip3 -- bzip3An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block.2023-04-06not yet calculatedCVE-2023-29421
MISC
MISC
sagemath -- flintqsSageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS).2023-04-06not yet calculatedCVE-2023-29465
MISC
MISC
atos_unify -- openscape_4000_platformwebservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710.2023-04-06not yet calculatedCVE-2023-29473
MISC
MISC
atos_unify -- openscape_4000_platforminventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552.2023-04-06not yet calculatedCVE-2023-29474
MISC
MISC
atos_unify -- openscape_4000_platforminventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543.2023-04-06not yet calculatedCVE-2023-29475
MISC
MISC
bibliocraft -- bibliocraftBiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution.2023-04-07not yet calculatedCVE-2023-29478
MISC
redpanda -- redpandarpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches.2023-04-08not yet calculatedCVE-2023-30450
MISC
MISC
MISC
MISC
MISC

Back to top

Continue reading...