C
CISA
Guest
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Back to top
[/TD]
[TD]
[TD]
[TD][TD]
[/TD]
Continue reading...
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
zyxel -- nas326_firmware | The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request. | 2023-06-19 | 9.8 | CVE-2023-27992 MISC |
marksoft -- marksoft | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605. | 2023-06-19 | 9.8 | CVE-2023-2907 MISC |
wordpress -- wordpress | The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-24 | 9.8 | CVE-2023-3197 MISC MISC |
simple_customer_relationship_management -- simple_customer_relationship_management | Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter. | 2023-06-16 | 9.8 | CVE-2023-34548 MISC |
jeecg_boot -- jeecg_boot | jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface. | 2023-06-16 | 9.8 | CVE-2023-34659 MISC |
tp-link -- archer_ax10_firmware | TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4. | 2023-06-16 | 9.8 | CVE-2023-34832 MISC MISC MISC MISC |
progress -- moveit_transfer | In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. These are fixed versions of the DLL drop-in: 2020.1.10 (12.1.10), 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3). | 2023-06-16 | 9.8 | CVE-2023-35708 MISC MISC MISC |
wordpress -- wordpress | The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated attackers to the plugin to change the '_cmsc_public_key' in the plugin config, providing access to the plugin's remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation. This can only be exploited if the plugin has not been configured yet, however, if combined with another arbitrary plugin installation and activation vulnerability, the impact can be severe. | 2023-06-20 | 8.1 | CVE-2023-3325 MISC MISC MISC |
microsoft -- sql_server | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32027 MISC |
microsoft -- sql_server | Microsoft OLE DB Remote Code Execution Vulnerability | 2023-06-16 | 7.8 | CVE-2023-32028 MISC |
linux -- kernel | An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation. | 2023-06-16 | 7.8 | CVE-2023-35788 MISC MISC MISC MLIST |
juniper_networks -- junos_os/junos_os_evolved | An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround. This issue affects: Juniper Networks Junos OS 15.1R1 and later versions prior to 20.4R3-S8; 21.1 version 21.1R1 and later versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5; 21.4 versions prior to 21.4R3-S4; 22.1 versions prior to 22.1R3-S4; 22.2 versions prior to 22.2R3-S2; 22.3 versions prior to 22.2R3-S2; 22.4 versions prior to 22.4R2-S1, 22.4R3; 23.1 versions prior to 23.1R1-S1, 23.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S8-EVO; 21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO; 21.3 versions prior to 21.3R3-S5-EVO; 21.4 versions prior to 21.4R3-S4-EVO; 22.1 versions prior to 22.1R3-S4-EVO; 22.2 versions prior to 22.2R3-S2-EVO; 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO; 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO; 23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO. | 2023-06-21 | 7.5 | CVE-2023-0026 CONFIRM MISC |
isc -- bind_9 | Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2828 MISC MISC MISC MISC |
isc -- bind_9 | A named instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (synth-from-dnssec) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2829 MISC |
isc -- bind_9 | If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. | 2023-06-21 | 7.5 | CVE-2023-2911 MISC MISC MISC MISC |
microsoft -- yarp | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | 2023-06-23 | 7.5 | CVE-2023-33141 MISC |
jfinal_cms -- jfinal_cms | jfinal CMS 5.1.0 has an arbitrary file read vulnerability. | 2023-06-16 | 7.5 | CVE-2023-34645 MISC |
wordpress -- wordpress | The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in user input that will execute on the admin dashboard. | 2023-06-22 | 7.2 | CVE-2019-25152 MISC MISC MISC MISC |
wordpress -- wordpress | The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2. | 2023-06-24 | 7.2 | CVE-2023-3388 MISC MISC MISC |
Back to top
Medium Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
mattermost -- mattermost | Mattermost fails to verify if the requestor is a sysadmin or not, before allowing install requests to the Apps allowing a regular user send install requests to the Apps. | 2023-06-16 | 6.5 | CVE-2023-2784 MISC |
fortinet -- fortios | A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter. | 2023-06-16 | 6.5 | CVE-2023-33306 MISC |
fortinet -- fortios | A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter. | 2023-06-16 | 6.5 | CVE-2023-33307 MISC MISC |
jeecg_boot -- jeecg_boot | jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface. | 2023-06-16 | 6.5 | CVE-2023-34660 MISC |
wordpress -- wordpress | The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-24 | 6.4 | CVE-2023-3387 MISC MISC MISC |
everestthemes -- arya_multipurpose | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose theme td> [TD] 2023-06-16 |
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3294
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3320
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32369
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
react-storefront -- react-storefront
[/TD][TD]
Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.
[/TD][TD]
2023-06-16
[/TD][TD]
6.1
[/TD][TD]CVE-2023-3294
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
[/TD][TD]
2023-06-20
[/TD][TD]
6.1
[/TD][TD]CVE-2023-3320
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD][TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
[/TD][TD]
2023-06-23
[/TD][TD]
6
[/TD][TD]CVE-2023-32369
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin td> [TD]
[TD]
[TD]CVE-2023-26013
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
5.4
[/TD][TD]CVE-2023-26013
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33438
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34845
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wolterskluwer -- teammate+
[/TD][TD]
A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.
[/TD][TD]
2023-06-16
[/TD][TD]
5.4
[/TD][TD]CVE-2023-33438
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
bludit -- bludit
[/TD][TD]
Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content. This vulnerability allows attackers to execute arbitrary web scripts or HTML via uploading a crafted SVG file.
[/TD][TD]
2023-06-16
[/TD][TD]
5.4
[/TD][TD]CVE-2023-34845
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in JoomSky JS Job Manager plugin td> [TD]
[TD]
[TD]CVE-2023-25963
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-25963
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in psicosi448 wp2syslog plugin td> [TD]
[TD]
[TD]CVE-2023-25974
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-25974
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ko Takagi Simple Slug Translate plugin td> [TD]
[TD]
[TD]CVE-2023-26515
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-26515
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPIndeed Debug Assistant plugin td> [TD]
[TD]
[TD]CVE-2023-26527
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-26527
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin td> [TD]
[TD]
[TD]CVE-2023-26537
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-26537
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Suess asMember plugin td> [TD]
[TD]
[TD]CVE-2023-26541
MISC[/TD]
[/TD]2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-26541
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3293
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2783
MISC[/TD]
[/TR]
[/TD][TD]
suitecrm -- suitecrm
[/TD][TD]
Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.
[/TD][TD]
2023-06-16
[/TD][TD]
4.8
[/TD][TD]CVE-2023-3293
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
mattermost -- mattermost
[/TD][TD]
Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.
[/TD][TD]
2023-06-16
[/TD][TD]
4.3
[/TD][TD]CVE-2023-2783
MISC[/TD]
[/TR]
[TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD][/TD]
[/TD]
[TD][TD]
[TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
Back to top
[/TD]
[TD]
[TD]
[TD]
[/TD]
[/TD]Low Vulnerabilities
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Back to top
Severity Not Yet Assigned
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
nanopb -- nanopb | Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string. | 2023-06-17 | not yet calculated | CVE-2014-125106 MISC MISC MISC |
mozilla -- firefox | A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70. | 2023-06-19 | not yet calculated | CVE-2019-25136 MISC MISC |
ebcms -- ebcms | File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. | 2023-06-20 | not yet calculated | CVE-2020-20067 MISC |
dwsurvey -- dwsurvey | Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. | 2023-06-20 | not yet calculated | CVE-2020-20070 MISC |
kilo -- kilo | Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. | 2023-06-20 | not yet calculated | CVE-2020-20335 MISC |
wuzhicms -- wuzhicms | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. | 2023-06-20 | not yet calculated | CVE-2020-20413 MISC |
opencart -- opencart | SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. | 2023-06-20 | not yet calculated | CVE-2020-20491 MISC |
yzcms -- yzcms | Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. | 2023-06-20 | not yet calculated | CVE-2020-20502 MISC MISC |
joyplus-cms -- joyplus-cms | SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. | 2023-06-20 | not yet calculated | CVE-2020-20636 MISC |
nodcms -- nodcms | Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter. | 2023-06-20 | not yet calculated | CVE-2020-20697 MISC |
vim -- vim | Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. | 2023-06-20 | not yet calculated | CVE-2020-20703 MISC |
pluckcms -- pluckcms | File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. | 2023-06-20 | not yet calculated | CVE-2020-20718 MISC |
taocms -- taocms | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. | 2023-06-20 | not yet calculated | CVE-2020-20725 MISC |
gilacms -- gilacms | Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. | 2023-06-20 | not yet calculated | CVE-2020-20726 MISC |
ljcms -- ljcms | File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. | 2023-06-20 | not yet calculated | CVE-2020-20735 MISC |
pluckcms -- pluckcms | An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. | 2023-06-20 | not yet calculated | CVE-2020-20918 MISC |
pluckcms -- pluckcms | File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. | 2023-06-20 | not yet calculated | CVE-2020-20919 MISC |
pluckcms -- pluckcms | File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. | 2023-06-20 | not yet calculated | CVE-2020-20969 MISC |
zrlog -- zrlog | Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. | 2023-06-20 | not yet calculated | CVE-2020-21052 MISC |
typora -- typora | Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. | 2023-06-20 | not yet calculated | CVE-2020-21058 MISC |
liufee_cms -- liufee_cms | File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. | 2023-06-20 | not yet calculated | CVE-2020-21174 MISC |
yiicms -- yiicms | Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function. | 2023-06-20 | not yet calculated | CVE-2020-21246 MISC |
hongcms -- hongcms | Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. | 2023-06-20 | not yet calculated | CVE-2020-21252 MISC |
easysoft -- zentaopms | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. | 2023-06-20 | not yet calculated | CVE-2020-21268 MISC |
wuzhicms -- wuzhicms | An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. | 2023-06-20 | not yet calculated | CVE-2020-21325 MISC |
greencms -- greencms | Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. | 2023-06-20 | not yet calculated | CVE-2020-21366 MISC |
phpmywind -- phpmywind | SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. | 2023-06-20 | not yet calculated | CVE-2020-21400 MISC |
nucleuscms -- nucleuscms | File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. | 2023-06-20 | not yet calculated | CVE-2020-21474 MISC |
alluxio -- alluxio | Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. | 2023-06-20 | not yet calculated | CVE-2020-21485 MISC |
phpok -- phpok | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. | 2023-06-20 | not yet calculated | CVE-2020-21486 MISC |
feehicms -- feehicms | File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. | 2023-06-20 | not yet calculated | CVE-2020-21489 MISC |
apple -- macos | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | 2023-06-23 | not yet calculated | CVE-2022-22630 MISC MISC MISC |
semver -- semver | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | 2023-06-21 | not yet calculated | CVE-2022-25883 MISC MISC MISC MISC MISC MISC |
riello ups -- netman-204 | There is a CSRF vulnerability on Netman-204 version 02.05. An attacker could manage to change administrator passwords through a Cross Site Request Forgery due to the lack of proper validation on the CRSF token. This vulnerability could allow a remote attacker to access the administrator panel, being able to modify different parameters that are critical for industrial operations. | 2023-06-21 | not yet calculated | CVE-2022-3372 MISC |
apple -- ios_and_ipados | This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2022-42792 MISC |
apple -- macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key | 2023-06-23 | not yet calculated | CVE-2022-42807 MISC |
apple -- macos | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | 2023-06-23 | not yet calculated | CVE-2022-42834 MISC MISC MISC |
apple -- macos | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system | 2023-06-23 | not yet calculated | CVE-2022-42860 MISC MISC MISC |
temenos_cwx -- temenos_cwx | An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. | 2023-06-21 | not yet calculated | CVE-2022-45287 MISC MISC MISC |
apple -- ios_and_ipados | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences | 2023-06-23 | not yet calculated | CVE-2022-46715 MISC |
apple -- macos | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information | 2023-06-23 | not yet calculated | CVE-2022-46718 MISC MISC MISC MISC |
wordpress -- wordpress | Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin td> [TD] 2023-06-19 |
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Unauth. SQL Injection (SQLi) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin td> [TD]
[TD]
[TD]CVE-2022-47586
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-47586
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (subscriber+) SQL Injection (SQLi) vulnerability in RapidLoad RapidLoad Power-Up for Autoptimize plugin td> [TD]
[TD]
[TD]CVE-2022-47593
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-47593
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Unauth. SQL Injection (SQLi) vulnerability in InspireUI MStore API plugin td> [TD]
[TD]
[TD]CVE-2022-47614
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-47614
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48486
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48487
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48488
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48489
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48490
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48491
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48492
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48493
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48494
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48495
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48496
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48497
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48498
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48499
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48500
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48501
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2022-48506
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0368
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0489
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0969
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0970
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0971
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-0972
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1721
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1722
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1724
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1783
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1862
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-1999
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-20892
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-20893
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-20894
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-20895
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-20896
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2221
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-23343
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-23344
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-23516
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-23539
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2359
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-23679
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48486
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48487
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48488
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48489
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48490
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48491
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD][TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48492
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48493
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48494
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48495
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48496
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48497
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48498
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48499
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- emui
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48500
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48501
MISC[/TD]
[/TR]
[TR]
[TD]
dominion_voting_systems -- imagecast_precinct/imagecast_evolution
[/TD][TD]
A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios. This issue was observed for use of the following versions of Democracy Suite: 5.2, 5.4-NM, 5.5, 5.5-A, 5.5-B, 5.5-C, 5.5-D, 5.7-A, 5.10, 5.10A, 5.15. NOTE: the Democracy Suite 5.17 EAC Certificate of Conformance mentions "Improved pseudo random number algorithm," which may be relevant.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2022-48506
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0368
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0489
MISC[/TD]
[/TR]
[TR]
[TD]
silicon_labs -- z/ip_gateway
[/TD][TD]
A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0969
MISC[/TD]
[/TR]
[TR]
[TD]
silicon_labs -- z/ip_gateway
[/TD][TD]
Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0970
MISC[/TD]
[/TR]
[TR]
[TD]
silicon_labs -- z/ip_gateway
[/TD][TD]
A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0971
MISC[/TD]
[/TR]
[TR]
[TD]
silicon_labs -- z/ip_gateway
[/TD][TD]
Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-0972
MISC[/TD]
[/TR]
[TR]
[TD]
yoga_class_registration_system -- yoga_class_registration_system
[/TD][TD]
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
[/TD][TD]
2023-06-24
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1721
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
yoga_class_registration_system -- yoga_class_registration_system
[/TD][TD]
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators.
[/TD][TD]
2023-06-24
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1722
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ladybirdweb -- faveo_helpdesk_for_linux
[/TD][TD]
Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.
[/TD][TD]
2023-06-24
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1724
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
orangescrum -- orangescrum_for_linux
[/TD][TD]
OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. This is possible because the application does not properly validate the HTML content to be converted to PDF.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1783
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
cloudflare -- warp_client_for_windows
[/TD][TD]
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1862
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
chromium -- libwebp
[/TD][TD]
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-1999
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vcenter_server
[/TD][TD]
The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-20892
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vcenter_server
[/TD][TD]
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-20893
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vcenter_server
[/TD][TD]
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-20894
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vcenter_server
[/TD][TD]
The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-20895
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vcenter_server
[/TD][TD]
The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-20896
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2221
MISC[/TD]
[/TR]
[TR]
[TD]
hcl_software -- bigfix_osd_bare_metal_server
[/TD][TD]
A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23343
MISC[/TD]
[/TR]
[TR]
[TD]
hcl_software -- bigfix_webui_insights
[/TD][TD]
A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23344
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23516
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23539
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2359
MISC[/TD]
[/TR]
[TR]
[TD]
js_help_desk -- js_help_desk
[/TD][TD]
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23679
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin td> [TD]
[TD]
[TD]CVE-2023-23795
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23795
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Qumos MojoPlug Slide Panel plugin td> [TD]
[TD]
[TD]CVE-2023-23807
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23807
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Neil Gee Smoothscroller plugin td> [TD]
[TD]
[TD]CVE-2023-23811
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-23811
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2399
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2400
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2401
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-24261
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2492
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25003
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25187
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2527
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2533
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25435
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25499
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25500
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25515
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25518
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25520
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25733
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25736
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25747
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25936
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25937
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-25938
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2600
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2611
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26115
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26427
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26428
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26429
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26431
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26432
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26433
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26434
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26435
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-26436
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2399
MISC[/TD]
[/TR]
[TR]
[TD]
devolutions -- server
[/TD]
[TD]
Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2400
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2401
MISC[/TD]
[/TR]
[TR]
[TD]
gl.inet -- gl-e750_mudi
[/TD][TD]
A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-24261
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2492
MISC[/TD]
[/TR]
[TR]
[TD]
autodesk -- autocad/maya
[/TD][TD]
A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities. Exploitation of this vulnerability may lead to code execution.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25003
MISC[/TD]
[/TR]
[TR]
[TD]
nokia -- airscale_asika_single_ran_devices
[/TD][TD]
An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. Nokia Single RAN commissioning procedures do not change (factory-time installed) default SSH public/private key values that are specific to a network operator. As a result, the CSP internal BTS network SSH server (disabled by default) continues to apply the default SSH public/private key values. These keys don't give access to BTS, because service user authentication is username/password-based on top of SSH. Nokia factory installed default SSH keys are meant to be changed from operator-specific values during the BTS deployment commissioning phase. However, before the 21B release, BTS commissioning manuals did not provide instructions to change default SSH keys (to BTS operator-specific values). This leads to a possibility for malicious operations staff (inside a CSP network) to attempt MITM exploitation of BTS service user access, during the moments that SSH is enabled for Nokia service personnel to perform troubleshooting activities.
[/TD][TD]
2023-06-16
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25187
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2527
MISC[/TD]
[/TR]
[TR]
[TD]
papercut -- ng/mf
[/TD][TD]
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code. This could be exploited if the target is an admin with a current login session. Exploiting this would typically involve the possibility of deceiving an admin into clicking a specially crafted malicious link, potentially leading to unauthorized changes.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2533
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
libtiff -- libtiff
[/TD][TD]
libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25435
MISC[/TD]
[/TR]
[TR]
[TD]
vaadin -- vaadin
[/TD][TD]
When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25499
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
vaadin -- vaadin
[/TD][TD]
Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25500
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nvidia -- jetson_agx_xavier_series/jetson_xavier_nx
[/TD][TD]
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25515
MISC[/TD]
[/TR]
[TR]
[TD]
nvidia -- jetson_agx_xavier_series/jetson_xavier_nx
[/TD][TD]
NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and loss of integrity.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25518
MISC[/TD]
[/TR]
[TR]
[TD]
nvidia -- multiple_products
[/TD][TD]
NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25520
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
The return value from
[/TD]gfx::SourceSurfaceSkia::Map() wasn't being verified which could have potentially lead to a null pointer dereference. This vulnerability affects Firefox < 110.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25733
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
An invalid downcast from
[/TD]nsHTMLDocument to nsIContent could have lead to undefined behavior. This vulnerability affects Firefox < 110.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25736
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox_for_android
[/TD]
[TD]
A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android < 110.1.0.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25747
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25936
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25937
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-25938
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2600
MISC[/TD]
[/TR]
[TR]
[TD]
advantech -- r-seenet
[/TD][TD]
Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2611
MISC[/TD]
[/TR]
[TR]
[TD]
sync -- word-wrap
[/TD][TD]
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26115
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26427
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared with other users. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26428
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop all control characters that are not whitespace character during the export. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26429
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing deny-list functionality and trigger requests to restricted network infrastructure to gain insight about topology and running services. We now respect possible IPV4-mapped IPv6 addresses when checking if contained in a deny-list. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26431
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server response to reasonable length/size. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26432
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server response to reasonable length/size. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26433
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server response to reasonable length/size. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26434
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limited to specific file-types, like images. We have improved existing content filters and validators to avoid including any local resources. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26435
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
open-xchange_ software_gmbh -- ox_app_suite
[/TD][TD]
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processing the request. A check has been introduced to restrict processing of legal and expected classes for this API. We now log a warning in case there are attempts to inject illegal classes. No publicly available exploits are known.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26436
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in OneWebsite WP Repost plugin td> [TD]
[TD]
[TD]CVE-2023-26534
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26534
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Chirkov Advanced Text Widget plugin td> [TD]
[TD]
[TD]CVE-2023-26539
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-26539
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2654
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2684
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27083
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2719
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27243
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27396
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2654
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2684
MISC[/TD]
[/TR]
[TR]
[TD]
pluckcms -- pluckcms
[/TD][TD]
An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27083
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the
[/TD]id parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2719
MISC[/TD]
[/TR]
[TR]
[TD]
makves -- dcap
[/TD][TD]
An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27243
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
omron_corporation -- multiple_products
[/TD]
[TD]
FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products. Multiple OMRON products that implement FINS protocol contain following security issues -- (1)Plaintext communication, and (2)No authentication required. When FINS messages are intercepted, the contents may be retrieved. When arbitrary FINS messages are injected, any commands may be executed on, or the system information may be retrieved from, the affected device. Affected products and versions are as follows: SYSMAC CS-series CPU Units, all versions, SYSMAC CJ-series CPU Units, all versions, SYSMAC CP-series CPU Units, all versions, SYSMAC NJ-series CPU Units, all versions, SYSMAC NX1P-series CPU Units, all versions, SYSMAC NX102-series CPU Units, all versions, and SYSMAC NX7 Database Connection CPU Units (Ver.1.16 or later)
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27396
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Shazzad Hossain Khan W4 Post List plugin td> [TD]
[TD]
[TD]CVE-2023-27413
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27413
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Popup Box Team Popup box plugin td> [TD]
[TD]
[TD]CVE-2023-27414
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27414
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2742
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2742
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin td> [TD]
[TD]
[TD]CVE-2023-27427
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27427
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Automattic - Jetpack CRM team Jetpack CRM plugin td> [TD]
[TD]
[TD]CVE-2023-27429
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27429
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WpSimpleTools Manage Upload Limit plugin td> [TD]
[TD]
[TD]CVE-2023-27432
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27432
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gl_SPICE New Adman plugin td> [TD]
[TD]
[TD]CVE-2023-27439
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27439
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Grant Kimball Simple Vimeo Shortcode plugin td> [TD]
[TD]
[TD]CVE-2023-27443
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27443
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin td> [TD]
[TD]
[TD]CVE-2023-27450
MISC[/TD]
[/TD]2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27450
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wow-Company Button Generator – easily Button Builder plugin td> [TD]
[TD]
[TD]CVE-2023-27452
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27452
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2751
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2751
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin td> [TD]
[TD]
[TD]CVE-2023-27612
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27612
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in AGILELOGIX Store Locator WordPress plugin td> [TD]
[TD]
[TD]CVE-2023-27618
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27618
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin td> [TD]
[TD]
[TD]CVE-2023-27629
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27629
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in mmrs151 Daily Prayer Time plugin td> [TD]
[TD]
[TD]CVE-2023-27631
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27631
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2779
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27908
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27930
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27940
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-27964
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28006
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28016
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28026
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28027
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28028
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28029
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28030
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28031
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28032
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28033
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28034
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28035
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28036
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28039
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28040
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28041
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28042
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28044
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2805
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28050
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28052
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28054
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28056
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28058
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28059
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28060
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28061
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28064
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28065
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28071
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28073
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28094
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2811
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2812
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2779
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
autodesk_installer
[/TD]
[TD]
A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27908
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27930
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27940
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- airpods_firmware_update
[/TD]
[TD]
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-27964
MISC[/TD]
[/TR]
[TR]
[TD]
hcl_software -- bigfix_osd_bare_metal_server
[/TD][TD]
The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28006
MISC[/TD]
[/TR]
[TR]
[TD]
hcl_software -- bigfix_osd_bare_metal_server
[/TD][TD]
Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28016
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28026
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28027
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28028
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28029
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28030
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28031
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28032
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28033
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28034
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28035
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28036
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28039
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28040
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28041
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28042
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28044
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2805
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28050
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28052
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28054
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28056
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28058
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28059
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28060
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28061
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28064
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- multiple_products
[/TD][TD]
Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28065
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- multiple_products
[/TD][TD]
Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28071
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28073
MISC[/TD]
[/TR]
[TR]
[TD]
pegasystems -- pega_platform
[/TD]
[TD]
Pega platform clients who are using versions 6.1 through 8.8.3 and have upgraded from a version prior to 8.x may be utilizing default credentials.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28094
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2811
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2812
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Aakif Kadiwala Tags Cloud Manager plugin td> [TD]
[TD]
[TD]CVE-2023-28166
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28166
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Chill Brilliance theme td> [TD]
[TD]
[TD]CVE-2023-28171
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28171
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in eLightUp eRocket plugin td> [TD]
[TD]
[TD]CVE-2023-28174
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28174
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28191
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28202
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28204
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28191
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28202
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28204
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Yudlee themes Mediciti Lite theme td> [TD]
[TD]
[TD]CVE-2023-28418
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28418
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Prism Tech Studios Modern Footnotes plugin td> [TD]
[TD]
[TD]CVE-2023-28423
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28423
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SMTP2GO – Email Made Easy plugin td> [TD]
[TD]
[TD]CVE-2023-28496
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28496
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in WP Job Portal WP Job Portal – A Complete Job Board plugin td> [TD]
[TD]
[TD]CVE-2023-28534
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28534
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Drew Phillips VigilanTor plugin td> [TD]
[TD]
[TD]CVE-2023-28695
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28695
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin td> [TD]
[TD]
[TD]CVE-2023-28750
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28750
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin td> [TD]
[TD]
[TD]CVE-2023-28751
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28751
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Grade Us, Inc. Review Stream plugin td> [TD]
[TD]
[TD]CVE-2023-28774
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28774
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin td> [TD]
[TD]
[TD]CVE-2023-28776
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28776
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Pagination plugin td> [TD]
[TD]
[TD]CVE-2023-28778
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28778
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin td> [TD]
[TD]
[TD]CVE-2023-28784
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28784
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28799
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28800
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-28956
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2899
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
zscaler -- client_connector
[/TD][TD]
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28799
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
zscaler -- client_connector
[/TD][TD]
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28800
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ibm -- spectrum_protect_backup-archive_client
[/TD][TD]
IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. IBM X-Force ID: 251767.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-28956
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2899
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin td> [TD]
[TD]
[TD]CVE-2023-29100
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29100
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29158
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29531
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29532
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29534
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29542
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29545
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29546
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29707
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29708
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29709
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29711
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29860
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2989
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2990
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-2991
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-29931
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3022
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-30258
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-30260
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-30347
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-30362
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
subnet_solutions -- powersystem_center
[/TD][TD]
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29158
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products_for_macos
[/TD]
[TD]
An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. This bug only affects Firefox and Thunderbird for macOS. Other operating systems are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29531
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products_for_windows
[/TD]
[TD]
A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server. The update file can be replaced after the signature check, before the use, because the write-lock requested by the service does not work on a SMB server. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29532
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox_for_android
[/TD]
[TD]
Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. These could have led to potential user confusion and spoofing attacks. This bug only affects Firefox and Focus for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29534
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products_for_windows
[/TD]
[TD]
A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. This could have led to accidental execution of malicious code. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29542
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products_for_windows
[/TD]
[TD]
Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user. This bug only affects Firefox and Thunderbird on Windows. Other versions of Firefox and Thunderbird are unaffected. This vulnerability affects Firefox < 112, Firefox ESR < 102.10, and Thunderbird < 102.10.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29545
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products_for_android
[/TD]
[TD]
When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox for Android < 112 and Focus for Android < 112.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29546
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
gbcom_lac -- web_control_center
[/TD][TD]
Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29707
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wavlink -- wn579x3
[/TD]
[TD]
An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29708
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wildix -- wsg24poe
[/TD][TD]
An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29709
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
interlink -- psg-5124
[/TD][TD]
An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29711
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
dtstack taier -- dtstack taier
[/TD][TD]
An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29860
MISC[/TD]
[/TR]
[TR]
[TD]
fortra -- globalscape_eft
[/TD]
[TD]
Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2989
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fortra -- globalscape_eft
[/TD]
[TD]
Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2990
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fortra -- globalscape_eft
[/TD]
[TD]
Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-2991
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
laravel-s -- laravel-s
[/TD][TD]
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-29931
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
A flaw was found in the IPv6 module of the Linux kernel. The arg.result was not used consistently in fib6_rule_lookup, sometimes holding rt6_info and other times fib6_info. This was not accounted for in other parts of the code where rt6_info was expected unconditionally, potentially leading to a kernel panic in fib6_rule_suppress.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3022
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
magnussolution -- magnusbilling
[/TD][TD]
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30258
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
raspap -- raspap-webgui
[/TD][TD]
Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30260
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
neox_contact_center -- neox_contact_center
[/TD][TD]
Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30347
MISC[/TD]
[/TR]
[TR]
[TD]
libcoap_library -- libcoap_library
[/TD][TD]
Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30362
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPForms WPForms Lite (wpforms-lite), WPForms WPForms Pro (wpforms) plugins td> [TD]
[TD]
[TD]CVE-2023-30500
MISC
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30500
MISC
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-30759
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3110
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3114
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
ricoh_company -- printer_driver_packager_nx
[/TD]
[TD]
The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. If a non-administrative user modifies the driver installation package and runs it on the target PC, an arbitrary program may be executed with the administrative privilege.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-30759
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
silicon_labs -- unify_gateway
[/TD][TD]
Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3110
MISC[/TD]
[/TR]
[TR]
[TD]
hashicorp -- terraform_enterprise
[/TD][TD]
Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. This authorization flaw could potentially allow a workspace to access resources from a separate, higher-privileged workspace in the same organization that targeted an agent pool. This vulnerability, CVE-2023-3114, is fixed in Terraform Enterprise v202306-1.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3114
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPBakery Page Builder plugin td> [TD]
[TD]
[TD]CVE-2023-31213
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31213
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31239
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3128
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31410
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31411
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31469
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31867
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-31868
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3212
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3220
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32201
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32208
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32209
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32210
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32214
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32216
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
fuji_electric/hakko_electronics -- v-server/v-server_lite
[/TD][TD]
Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31239
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
grafana -- grafana
[/TD][TD]
Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3128
MISC[/TD]
[/TR]
[TR]
[TD]
sick_ag -- eventcam_app
[/TD][TD]
A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the EventCam App and the Client, and potentially manipulate the data being transmitted.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31410
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sick_ag -- eventcam_app
[/TD][TD]
A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31411
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
oracle -- apache/streampipes
[/TD]
[TD]
A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges beyond the initially assigned roles. The issue is resolved by upgrading to StreamPipes 0.92.0.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31469
MISC[/TD]
[/TR]
[TR]
[TD]
sage -- x3
[/TD][TD]
Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31867
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sage -- x3
[/TD][TD]
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is injected into those fields, this code will be saved by the application and executed by the web browser of the user viewing the web page. Several injection points have been identified on the application. The major one requires the user to be authenticated with a common account, he can then target an Administrator. All others endpoints need the malicious user to be authenticated as an Administrator. Therefore, the impact is diminished.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-31868
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3212
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3220
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32201
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
Service workers could reveal script base URL due to dynamic
[/TD]import(). This vulnerability affects Firefox < 113.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32208
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
A maliciously crafted favicon could have led to an out of memory crash. This vulnerability affects Firefox < 113.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32209
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal. In certain circumstances it might have been possible to cause a document to be loaded with a higher privileged principal than intended. This vulnerability affects Firefox < 113.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32210
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products
[/TD]
[TD]
Protocol handlers
[/TD]ms-cxh and ms-cxh-full could have been leveraged to trigger a denial of service. Note: This attack only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32214
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
Memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32216
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in xtemos WoodMart theme td> [TD]
[TD]
[TD]CVE-2023-32239
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32239
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32270
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32273
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32274
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32276
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32288
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32320
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32351
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32352
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32353
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32354
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32355
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32357
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32360
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32363
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32365
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32367
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32368
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32371
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32372
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32373
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32375
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32376
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32380
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32382
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32384
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32385
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32386
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32387
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32388
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32389
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32390
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32391
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32392
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32394
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32395
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32397
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32398
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32399
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32400
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32402
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32403
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32404
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32405
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32407
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32408
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32409
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32410
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32411
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32412
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32413
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32414
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32415
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32417
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32419
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32420
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32422
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32423
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32434
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32435
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32439
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32449
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32463
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32464
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32480
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32538
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32542
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3256
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32571
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32270
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32273
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
enphase -- installer_toolkit
[/TD][TD]
Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. An attacker can exploit this and gain access to sensitive information.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32274
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32276
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM file may lead to information disclosure and/or arbitrary code execution.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32288
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- security-advisories
[/TD][TD]
Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32320
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- itunes_for_windows
[/TD]
[TD]
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32351
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32352
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- itunes_for_windows
[/TD]
[TD]
A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32353
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32354
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32355
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32357
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32360
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD]
[TD]
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32363
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32365
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32367
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32368
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32371
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD]
[TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32372
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32373
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos_venture/macos_monterey
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32375
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32376
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32380
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32382
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32384
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32385
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32386
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32387
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32388
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32389
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32390
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32391
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32392
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32394
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32395
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32397
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32398
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32399
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32400
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32402
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32403
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32404
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32405
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32407
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32408
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32409
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32410
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32411
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32412
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32413
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- macos
[/TD][TD]
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32414
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32415
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- watchos
[/TD][TD]
This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32417
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- ios/ipados
[/TD][TD]
The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32419
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32420
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32422
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32423
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32434
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32435
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
apple -- multiple_products
[/TD][TD]
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32439
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- powerstore
[/TD][TD]
Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. An attacker can trick a high privileged user to install a malicious binary by bypassing the existing cryptographic signature checks
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32449
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- vxrail
[/TD][TD]
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32463
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- vxrail
[/TD][TD]
Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability. A high privileged remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32464
MISC[/TD]
[/TR]
[TR]
[TD]
dell -- cpg_bios
[/TD][TD]
Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32480
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32538
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fuji_electric/hakko_electronics -- tellus/tellus_lite
[/TD]
[TD]
Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32542
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
advantech -- r-seenet
[/TD][TD]
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3256
MISC[/TD]
[/TR]
[TR]
[TD]
dynamic -- linq
[/TD][TD]
Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32571
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin td> [TD]
[TD]
[TD]CVE-2023-32580
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32580
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-32659
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
subnet_solutions -- powersystem_center
[/TD][TD]
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32659
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin td> [TD]
[TD]
[TD]CVE-2023-32960
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-32960
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3302
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3303
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3304
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3305
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3306
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3307
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3308
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3309
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3310
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3311
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3312
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3315
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3316
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3317
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3318
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
admidio -- admidio
[/TD][TD]
Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3302
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
admidio -- admidio
[/TD][TD]
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3303
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
admidio -- admidio
[/TD][TD]
Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3304
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
c-data -- web_management_system
[/TD][TD]
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3305
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ruijie -- rg-ew1200g
[/TD][TD]
A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3306
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
minical --minical
[/TD][TD]
A vulnerability was found in miniCal 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /booking/show_bookings/. The manipulation of the argument search_query leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231803. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3307
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
whaleal_icefrog -- whaleal_icefrog
[/TD][TD]
A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8. Affected is an unknown function of the component Aviator Template Engine. The manipulation leads to deserialization. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-231804.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3308
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- resort_management_system
[/TD]
[TD]
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file ?page=rooms of the component Manage Room Page. The manipulation of the argument Cottage Number leads to cross site scripting. The attack can be launched remotely. The identifier VDB-231805 was assigned to this vulnerability.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3309
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
code-projects -- agro-school_management_system
[/TD]
[TD]
A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0. Affected by this issue is some unknown functionality of the file loaddata.php. The manipulation of the argument subject/course leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-231806 is the identifier assigned to this vulnerability.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3310
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
puneethreddyhc -- online_shopping_system_advanced
[/TD][TD]
A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0. This affects an unknown part of the file addsuppliers.php. The manipulation of the argument First name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231807.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3311
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3312
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins
[/TD]
[TD]
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3315
MISC[/TD]
[/TR]
[TR]
[TD]
libtiff -- libtiff
[/TD][TD]
A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3316
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel. This flaw could allow an attacker to crash the system after 'features' memory release. This vulnerability could even lead to a kernel information leak problem.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3317
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- resort_management_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231937 was assigned to this vulnerability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3318
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Display Custom Fields – wpView plugin td> [TD]
[TD]
[TD]CVE-2023-33213
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33213
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3326
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33289
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33299
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
freebsd -- freebsd
[/TD]
[TD]
pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3326
MISC[/TD]
[/TR]
[TR]
[TD]
urlnorm_crate -- urlnorm_crate
[/TD][TD]
The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33289
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fortinet -- fortinac
[/TD]
[TD]
A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port. Note FortiNAC versions 8.x will not be fixed.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33299
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD][TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember plugin td> [TD]
[TD]
[TD]CVE-2023-33323
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33323
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3337
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33387
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3339
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3340
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33405
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33495
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33565
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33584
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33591
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33725
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3380
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3381
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3382
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3383
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33842
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-33869
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3391
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3393
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-3394
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
puneethreddyhc -- online_shopping_system_advanced
[/TD][TD]
A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/reg.php of the component Admin Registration. The manipulation leads to improper authentication. The attack can be launched remotely. The identifier VDB-232009 was assigned to this vulnerability.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3337
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
datev_eg -- personal-management_system_comfort/comfort_plus
[/TD][TD]
A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33387
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
code-projects -- agro-school_management_system
[/TD]
[TD]
A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file exam-delete.php. The manipulation of the argument test_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232015.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3339
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- online_school_fees_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajx.php of the component GET Parameter Handler. The manipulation of the argument name_startsWith leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232016.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3340
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
blogengine.net -- blogengine.net
[/TD][TD]
Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33405
MISC[/TD]
[/TR]
[TR]
[TD]
craft_cms -- craft_cms
[/TD][TD]
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33495
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ros2 -- ros2
[/TD][TD]
ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33565
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- enrollment_system_project
[/TD]
[TD]
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33584
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
user_registration/login_and_user_management_system -- user_registration/login_and_user_management_system
[/TD][TD]
User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33591
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
broadleaf -- broadleaf
[/TD][TD]
Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in 6.2.6.1-GA.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33725
MISC[/TD]
[/TR]
[TR]
[TD]
wavlink -- wn579x3
[/TD]
[TD]
A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3380
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- online_school_fees_system
[/TD]
[TD]
A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3381
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- game_result_matrix_system
[/TD]
[TD]
A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3382
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- game_result_matrix_system
[/TD]
[TD]
A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3383
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ibm -- spss_modeler
[/TD][TD]
IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information. IBM X-Force ID: 256117.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33842
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
enphase -- envoy
[/TD][TD]
Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33869
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- human_resource_management_system
[/TD]
[TD]
A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3391
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fossbilling -- fossbilling
[/TD]
[TD]
Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3393
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fossbilling -- fossbilling
[/TD]
[TD]
Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-3394
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Robin Wilson bbp style pack plugin td> [TD]
[TD]
[TD]CVE-2023-33997
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-33997
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi Telegram Bot & Channel plugin td> [TD]
[TD]
[TD]CVE-2023-34006
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34006
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin td> [TD]
[TD]
[TD]CVE-2023-34012
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34012
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin td> [TD]
[TD]
[TD]CVE-2023-34021
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34021
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin td> [TD]
[TD]
[TD]CVE-2023-34028
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34028
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34110
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34155
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34156
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34158
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34159
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34160
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34161
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34162
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34163
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34166
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34167
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
flask-appbuilder -- flask-appbuilder
[/TD][TD]
Flask-AppBuilder is an application development framework, built on top of Flask. Prior to version 4.3.2, an authenticated malicious actor with Admin privileges, could by adding a special character on the add, edit User forms trigger a database error, this error is surfaced back to this actor on the UI. On certain database engines this error can include the entire user row including the pbkdf2:sha256 hashed password. This vulnerability has been fixed in version 4.3.2.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34110
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34155
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34156
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34158
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34159
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34160
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34161
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34162
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34163
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34166
MISC[/TD]
[/TR]
[TR]
[TD]
huawei -- harmonyos
[/TD]
[TD]
Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34167
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Overnight Quick/Bulk Order Form for WooCommerce plugin td> [TD]
[TD]
[TD]CVE-2023-34170
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34170
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34188
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34203
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34241
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34254
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34340
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
mongoose -- mongoose
[/TD][TD]
The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34188
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
progress -- openedge_management/openedge_explorer
[/TD][TD]
In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin. This affects OpenEdge LTS before 11.7.16, 12.x before 12.2.12, and 12.3.x through 12.6.x before 12.7.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34203
MISC[/TD]
[/TR]
[TR]
[TD]
openprinting -- cups
[/TD][TD]
OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function
[/TD]httpClose(con->http) being called in scheduler/client.c. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function cupsdAcceptClient if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in cupsd.conf) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny. Version 2.4.6 has a patch for this issue.[TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34241
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
glpi-project -- glpi-agent
[/TD][TD]
The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. In the case, the agent is running with administration privileges, a malicious user could gain high privileges on the computer glpi-agent is running on. A malicious user could also disclose all remote accesses the agent is configured with for remoteinventory task. This vulnerability has been patched in glpi-agent 1.5.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34254
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
oracle -- apache/accumulo
[/TD]
[TD]
Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided. Users are advised to upgrade to 2.1.1.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34340
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin td> [TD]
[TD]
[TD]CVE-2023-34368
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34368
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD][TD]
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin td> [TD]
[TD]
[TD]CVE-2023-34373
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34373
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34414
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34415
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34416
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34417
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34460
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34461
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34462
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34464
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34465
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34466
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34467
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34541
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34553
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34563
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34596
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34597
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34600
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34601
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34602
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34603
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34641
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34642
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34657
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34671
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34672
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34673
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34796
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34923
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34927
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34939
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-34981
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35005
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
mozilla -- multiple_products
[/TD]
[TD]
The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34414
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34415
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- multiple_products
[/TD]
[TD]
Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 102.12, Firefox < 114, and Thunderbird < 102.12.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34416
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
mozilla -- firefox
[/TD]
[TD]
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34417
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
tauri-apps -- tauri
[/TD][TD]
Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope check for dotfiles on Unix. Previously dotfiles were not implicitly allowed by the glob wildcard scopes (eg.
[/TD]$HOME/*), but a regression was introduced when a configuration option for this behavior was implemented. Only Tauri applications using wildcard scopes in the fs endpoint are affected. The regression has been patched on version 1.4.1.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34460
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
pybb -- pybb
[/TD][TD]
PyBB is an open source bulletin board. A manual code review of the PyBB bulletin board server has revealed that a vulnerability could have been exploited in which users could submit any type of HTML tag, and have said tag run. For example, a malicious
[/TD] that looks like [URL='https://www.cisa.gov/uscert/ncas/javascript:alert']xss[/URL]`` could have been used to run code through JavaScript on the client side. The problem has been patched as of commit 5defd92, and users are advised to upgrade. Attackers do need posting privilege in order to exploit this vulnerability. This vulnerability is present within the 0.1.0 release, and users are advised to upgrade to 0.1.1. Users unable to upgrade may be able to work around the attack by either; Removing the ability to create posts, removing the |safe tag from the Jinja2 template titled "post.html" in templates or by adding manual validation of links in the post creation section.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34461
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
netty -- netty
[/TD][TD]
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The
[/TD]SniHandler can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the SniHandler to allocate 16MB of heap. The SniHandler class is a handler that waits for the TLS handshake to configure a SslHandler according to the indicated server name by the ClientHello record. For this matter it allocates a ByteBuf using the value defined in the ClientHello record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the SslClientHelloHandler. This vulnerability has been fixed in version 4.1.94.Final.[TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34462
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the
[/TD]displaycontent or rendercontent template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34464
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2,
[/TD]Mail.MailConfig can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the Mail.MailConfig page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the XWiki.XWikiAdminGroup group).[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34465
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34466
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34467
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
langchain -- langchain
[/TD][TD]
Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34541
MISC[/TD]
[/TR]
[TR]
[TD]
wafu -- keyless_smart_lock
[/TD][TD]
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34553
MISC[/TD]
[/TR]
[TR]
[TD]
netgear -- R6250
[/TD][TD]
netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34563
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
aeotec -- wallmote_switch
[/TD][TD]
A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34596
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
fibaro -- motion_sensor
[/TD][TD]
A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34597
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
adiscon -- loganalyzer
[/TD][TD]
Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34600
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
jeesite -- jeesite
[/TD][TD]
Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34601
MISC[/TD]
[/TR]
[TR]
[TD]
jeecgboot -- jeecgboot
[/TD][TD]
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34602
MISC[/TD]
[/TR]
[TR]
[TD]
jeecgboot -- jeecgboot
[/TD][TD]
JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34603
MISC[/TD]
[/TR]
[TR]
[TD]
kioware_for_windows -- kioware_for_windows
[/TD][TD]
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34641
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
kioware_for_windows -- kioware_for_windows
[/TD][TD]
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34642
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
eyoucms -- eyoucms
[/TD][TD]
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34657
MISC[/TD]
[/TR]
[TR]
[TD]
elenos -- etg150_fm_transmitter
[/TD][TD]
Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the public Internet in some cases.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34671
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
elenos -- etg150_fm_transmitter
[/TD][TD]
Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. An attack could occur over the public Internet in some cases.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34672
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
elenos -- etg150_fm_transmitter
[/TD][TD]
Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. The attack can occur over the public Internet in some cases.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34673
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
dmarcts-report-viewer -- dmarcts-report-viewer
[/TD][TD]
Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34796
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
topdesk -- topdesk
[/TD][TD]
XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34923
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
casdoor -- casdoor
[/TD][TD]
Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password. This vulnerability allows attackers to arbitrarily change the victim user's password via supplying a crafted URL.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34927
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- community_server
[/TD][TD]
Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34939
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
oracle -- apache/tomcat
[/TD]
[TD]
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
[/TD][TD]
2023-06-21
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-34981
MISC[/TD]
[/TR]
[TR]
[TD]
oracle -- apache/airflow
[/TD]
[TD]
In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if
[/TD][webserver] expose_config is set to non-sensitive-only), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.[TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35005
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin td> [TD]
[TD]
[TD]CVE-2023-35048
MISC[/TD]
[/TD]2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35048
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin td> [TD]
[TD]
[TD]CVE-2023-35090
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35090
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin td> [TD]
[TD]
[TD]CVE-2023-35093
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35093
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Flothemes Flo Forms – Easy Drag & Drop Form Builder plugin td> [TD]
[TD]
[TD]CVE-2023-35095
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35095
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Internet Marketing Dojo WP Affiliate Links plugin td> [TD]
[TD]
[TD]CVE-2023-35097
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35097
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in John Brien WordPress NextGen GalleryView plugin td> [TD]
[TD]
[TD]CVE-2023-35098
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35098
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35131
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35132
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35133
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35150
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35151
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35152
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35153
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35154
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35155
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35156
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35157
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35158
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35159
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35160
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35161
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35162
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35163
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35165
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35166
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35167
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35169
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35171
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35172
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35173
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35174
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35759
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
moodle -- moodle
[/TD]
[TD]
Content on the groups page required additional sanitizing to prevent an XSS risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8 and 3.11 to 3.11.14.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35131
MISC[/TD]
[/TR]
[TR]
[TD]
moodle -- moodle
[/TD]
[TD]
A limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35132
MISC[/TD]
[/TR]
[TR]
[TD]
moodle -- moodle
[/TD]
[TD]
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35133
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35150
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35151
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35152
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a
[/TD]AppWithinMinutes.FormFieldCategoryClass class on a page and setting the payload on the page title. Then, any user visiting /xwiki/bin/view/AppWithinMinutes/ClassEditSheet executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update AppWithinMinutes.ClassEditSheet with a patch.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35153
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
knowagelabs -- knowage-server
[/TD][TD]
Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35154
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an
[/TD]alter on the browser: /xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you., where `` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35155
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn't enough to entirely fix the vulnerability.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35156
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35157
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35158
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35159
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35160
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35161
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35162
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
vegaprotocol -- vega
[/TD][TD]
Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For example, a deposit to the collateral bridge for 100USDT that credits a party’s general account on Vega, can be re-processed 50 times resulting in 5000USDT in that party’s general account. This is without depositing any more than the original 100USDT on the bridge. Despite this exploit requiring access to a validator's Vega key, a validator key can be obtained at the small cost of 3000VEGA, the amount needed to announce a new node onto the network. A patch is available in version 0.71.6. No known workarounds are available, however there are mitigations in place should this vulnerability be exploited. There are monitoring alerts for
[/TD]mainnet1 in place to identify any issues of this nature including this vulnerability being exploited. The validators have the ability to stop the bridge thus stopping any withdrawals should this vulnerability be exploited.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35163
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
aws -- cloud_development_kit
[/TD][TD]
AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages
[/TD]aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster constructs create two roles, CreationRole and default MastersRole, that have an overly permissive trust policy. The first, referred to as the CreationRole, is used by lambda handlers to create the cluster and deploy Kubernetes resources (e.g KubernetesManifest, HelmChart, ...) onto it. Users with CDK version higher or equal to 1.62.0 (including v2 users) may be affected. The second, referred to as the default MastersRole, is provisioned only if the mastersRole property isn't provided and has permissions to execute kubectl commands on the cluster. Users with CDK version higher or equal to 1.57.0 (including v2 users) may be affected. The issue has been fixed in @aws-cdk/aws-eks v1.202.0 and aws-cdk-lib v2.80.0. These versions no longer use the account root principal. Instead, they restrict the trust policy to the specific roles of lambda handlers that need it. There is no workaround available for CreationRole. To avoid creating the default MastersRole, use the mastersRole property to explicitly provide a role.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35165
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
xwiki -- xwiki-platform
[/TD][TD]
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35166
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
remult -- remult
[/TD][TD]
Remult is a CRUD framework for full-stack TypeScript. If you used the apiPrefilter option of the
[/TD]@Entity decorator, by setting it to a function that returns a filter that prevents unauthorized access to data, an attacker who knows the id of an entity instance is not authorized to access, can gain read, update and delete access to it. The issue is fixed in version 0.20.6. As a workaround, set the apiPrefilter option to a filter object instead of a function.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35167
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
webklex -- php-imap
[/TD][TD]
PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Prior to version 5.3.0, an unsanitized attachment filename allows any unauthenticated user to leverage a directory traversal vulnerability, which results in a remote code execution vulnerability. Every application that stores attachments with
[/TD]Attachment::save() without providing a $filename or passing unsanitized user input is affected by this attack. An attacker can send an email with a malicious attachment to the inbox, which gets crawled with webklex/php-imap or webklex/laravel-imap. Prerequisite for the vulnerability is that the script stores the attachments without providing a $filename, or providing an unsanitized $filename, in src/Attachment::save(string $path, string $filename = null). In this case, where no $filename gets passed into the Attachment::save() method, the package would use a series of unsanitized and insecure input values from the mail as fallback. Even if a developer passes a $filename into the Attachment::save() method, e.g. by passing the name or filename of the mail attachment itself (from email headers), the input values never get sanitized by the package. There is also no restriction about the file extension (e.g. ".php") or the contents of a file. This allows an attacker to upload malicious code of any type and content at any location where the underlying user has write permissions. The attacker can also overwrite existing files and inject malicious code into files that, e.g. get executed by the system via cron or requests. Version 5.3.0 contains a patch for this issue.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35169
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- server/enterprise_server
[/TD][TD]
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Starting in version 26.0.0 and prior to version 26.0.2, an attacker could supply a URL that redirects an unsuspecting victim from a legitimate domain to an attacker's site. Nextcloud Server and Nextcloud Enterprise Server 26.0.2 contain a patch for this issue. No known workarounds are available.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35171
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- server/enterprise_server
[/TD][TD]
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35172
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- end-to-end_encryption_app
[/TD][TD]
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35173
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
livebook-dev -- livebook
[/TD][TD]
Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a
[/TD]livebook:// link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.[TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35174
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
progess - whatsup_gold
[/TD][TD]
In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35759
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alain Gonzalez Google Map Shortcode plugin td> [TD]
[TD]
[TD]CVE-2023-35772
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35772
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Backup Solutions WP Backup Manager plugin td> [TD]
[TD]
[TD]CVE-2023-35775
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35775
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin td> [TD]
[TD]
[TD]CVE-2023-35776
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35776
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Seed Webs Seed Fonts plugin td> [TD]
[TD]
[TD]CVE-2023-35779
MISC[/TD]
[/TD]2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35779
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35801
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35808
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35809
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35810
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35811
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35813
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35823
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35824
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35826
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35827
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35828
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35829
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35839
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35840
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35843
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35844
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35846
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35847
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35848
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35849
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35852
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35853
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35854
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35855
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35856
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35857
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35862
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
safe -- softwarez_fme_server
[/TD][TD]
A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files. Successful exploitation requires an attacker to have access to a user account with write privileges. FME Flow 2023.0 is also a fixed version.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35801
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
sugarcrm -- enterprise
[/TD][TD]
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using crafted requests, custom PHP code can be injected and executed through the Notes module because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.
[/TD][TD]
2023-06-17
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35808
MISC[/TD]
[/TR]
[TR]
[TD]
sugarcrm -- enterprise
[/TD][TD]
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Bean Manipulation vulnerability has been identified in the REST API. By using a crafted request, custom PHP code can be injected through the REST API because of missing input validation. Regular user privileges can be used to exploit this vulnerability. Editions other than Enterprise are also affected.
[/TD][TD]
2023-06-17
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35809
MISC[/TD]
[/TR]
[TR]
[TD]
sugarcrm -- enterprise
[/TD][TD]
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing input validation. Admin user privileges are required to exploit this vulnerability. Editions other than Enterprise are also affected.
[/TD][TD]
2023-06-17
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35810
MISC[/TD]
[/TR]
[TR]
[TD]
sugarcrm -- enterprise
[/TD][TD]
An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Two SQL Injection vectors have been identified in the REST API. By using crafted requests, custom SQL code can be injected through the REST API because of missing input validation. Regular user privileges can use used for exploitation. Editions other than Enterprise are also affected.
[/TD][TD]
2023-06-17
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35811
MISC[/TD]
[/TR]
[TR]
[TD]
sitecore -- multiple_products
[/TD][TD]
Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.
[/TD][TD]
2023-06-17
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35813
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35823
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35824
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35826
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35827
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35828
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- kernel
[/TD]
[TD]
An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.
[/TD][TD]
2023-06-18
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35829
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
solon -- solon
[/TD][TD]
Solon before 2.3.3 allows Deserialization of Untrusted Data.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35839
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
elfinder -- elfinder
[/TD][TD]
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35840
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nocodb -- nocodb
[/TD][TD]
NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35843
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
lightdash -- lightdash
[/TD][TD]
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35844
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
picotcp -- picotcp
[/TD][TD]
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35846
MISC[/TD]
[/TR]
[TR]
[TD]
picotcp -- picotcp
[/TD][TD]
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35847
MISC[/TD]
[/TR]
[TR]
[TD]
picotcp -- picotcp
[/TD][TD]
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35848
MISC[/TD]
[/TR]
[TR]
[TD]
picotcp -- picotcp
[/TD][TD]
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35849
MISC[/TD]
[/TR]
[TR]
[TD]
suricata -- suricata
[/TD]
[TD]
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35852
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
suricata -- suricata
[/TD]
[TD]
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35853
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
zoho -- manageengine_adselfservice_plus
[/TD][TD]
Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35854
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
counter-strike -- counter-strike
[/TD][TD]
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35855
MISC[/TD]
[/TR]
[TR]
[TD]
nintendo -- multiple_mario_kart_wii_versions
[/TD][TD]
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35856
MISC[/TD]
[/TR]
[TR]
[TD]
siren -- investigate
[/TD][TD]
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35857
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
libcoap -- libcoap
[/TD][TD]
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
[/TD][TD]
2023-06-19
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35862
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Vadym K. Extra User Details plugin td> [TD]
[TD]
[TD]CVE-2023-35878
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35878
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor Super Socializer plugin td> [TD]
[TD]
[TD]CVE-2023-35882
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35882
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin td> [TD]
[TD]
[TD]CVE-2023-35884
MISC[/TD]
[/TD]2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35884
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35885
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
cloudpanel_2 -- cloudpanel_2
[/TD][TD]
CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.
[/TD][TD]
2023-06-20
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35885
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin td> [TD]
[TD]
[TD]CVE-2023-35917
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35917
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[/TR]
[TD]
[/TD][TD]
wordpress -- wordpress
[/TD]
[TD]
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Bulk Stock Management plugin td> [TD]
[TD]
[TD]CVE-2023-35918
MISC[/TD]
[/TD]2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35918
MISC[/TD]
[/TR]
[TD]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35925
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35926
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35927
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35928
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35931
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-35932
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36093
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36097
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36191
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36192
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36193
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36239
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36243
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36271
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36272
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36273
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36274
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36284
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36287
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36288
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36289
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36345
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36346
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36348
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36354
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36355
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36356
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36357
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36358
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36359
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36362
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36363
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36364
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36365
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36366
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36367
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36368
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36369
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36370
MISC[/TD]
[/TR]
[TR]
[TD]
[TD]
[TD]
[TD]
[TD]CVE-2023-36371
MISC[/TD]
[/TR]
[/TD][TD]
intellectualsites -- fastasyncworldedit
[/TD][TD]
FastAsyncWorldEdit (FAWE) is designed for efficient world editing. This vulnerability enables the attacker to select a region with the
[/TD]Infinity keyword (case-sensitive!) and executes any operation. This has a possibility of bringing the performing server down. This issue has been fixed in version 2.6.3.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35925
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
backstage -- backstage
[/TD][TD]
Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been
[/TD]vm2, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the template in a way that allows for remote code execution on the scaffolder-backend instance. This was only exploitable in the template YAML definition itself and not by user input data. This is vulnerability is fixed in version 1.15.0 of @backstage/plugin-scaffolder-backend.[TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35926
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- server/enterprise_server
[/TD][TD]
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, when two server are registered as trusted servers for each other and successfully exchanged the share secrets, the malicious server could modify or delete VCards in the system addressbook on the origin server. This would impact the available and shown information in certain places, such as the user search and avatar menu. If a manipulated user modifies their own data in the personal settings the entry is fixed again. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. A workaround is available. Remove all trusted servers in the "Administration" > "Sharing" settings
[/TD]…/index.php/settings/admin/sharing. Afterwards, trigger a recreation of the local system addressbook with the following occ dav:sync-system-addressbook.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35927
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
nextcloud -- server/enterprise_server
[/TD][TD]
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, a user could use this functionality to get access to the login credentials of another user and take over their account. This issue has been patched in Nextcloud Server versions 25.0.7 and 26.0.2 and NextCloud Enterprise Server versions 19.0.13.9, 20.0.14.14, 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2. Three workarounds are available. Disable app files_external. Change config setting "Allow users to mount external storage" to disabled in "Administration" > "External storage" settings
[/TD]…/index.php/settings/admin/externalstorages. Change config setting to disallow users to create external storages in "Administration" > "External storage" settings …/index.php/settings/admin/externalstorages with the types FTP, Nextcloud, SFTP, and/or WebDAV.[TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35928
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
shescape -- shescape
[/TD][TD]
Shescape is a simple shell escape library for JavaScript. An attacker may be able to get read-only access to environment variables. This bug has been patched in version 1.7.1.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35931
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
jcvi -- jcvi
[/TD][TD]
jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. A configuration injection happens when user input is considered by the application in an unsanitized format and can reach the configuration file. A malicious user may craft a special payload that may lead to a command injection. The impact of a configuration injection may vary. Under some conditions, it may lead to command injection if there is for instance shell code execution from the configuration file values. This vulnerability does not currently have a fix.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-35932
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
eyoucms -- eyoucms
[/TD][TD]
There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36093
MISC[/TD]
[/TR]
[TR]
[TD]
funadmin -- funadmin
[/TD][TD]
funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36097
MISC[/TD]
[/TR]
[TR]
[TD]
sqlite3 -- sqlite3
[/TD][TD]
sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36191
MISC[/TD]
[/TR]
[TR]
[TD]
sngrep -- sngrep
[/TD][TD]
Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36192
MISC[/TD]
[/TR]
[TR]
[TD]
gifsicle -- gifsicle
[/TD][TD]
Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36193
MISC[/TD]
[/TR]
[TR]
[TD]
libming_ listswf -- libming_ listswf
[/TD][TD]
libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36239
MISC[/TD]
[/TR]
[TR]
[TD]
flvmeta -- flvmeta
[/TD][TD]
FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36243
MISC[/TD]
[/TR]
[TR]
[TD]
libredwg -- libredwg
[/TD]
[TD]
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36271
MISC[/TD]
[/TR]
[TR]
[TD]
libredwg -- libredwg
[/TD]
[TD]
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36272
MISC[/TD]
[/TR]
[TR]
[TD]
libredwg -- libredwg
[/TD]
[TD]
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36273
MISC[/TD]
[/TR]
[TR]
[TD]
libredwg -- libredwg
[/TD]
[TD]
LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36274
MISC[/TD]
[/TR]
[TR]
[TD]
webkul -- qloapps
[/TD][TD]
An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36284
MISC[/TD]
[/TR]
[TR]
[TD]
webkul -- qloapps
[/TD][TD]
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36287
MISC[/TD]
[/TR]
[TR]
[TD]
webkul -- qloapps
[/TD][TD]
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36288
MISC[/TD]
[/TR]
[TR]
[TD]
webkul -- qloapps
[/TD][TD]
An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36289
MISC[/TD]
[/TR]
[TR]
[TD]
codekop -- codekop
[/TD]
[TD]
A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36345
MISC[/TD]
[/TR]
[TR]
[TD]
codekop -- codekop
[/TD]
[TD]
POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36346
MISC[/TD]
[/TR]
[TR]
[TD]
codekop -- codekop
[/TD]
[TD]
POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.
[/TD][TD]
2023-06-23
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36348
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36354
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36355
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36356
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36357
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36358
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- multiple_products
[/TD]
[TD]
TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36359
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36362
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36363
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36364
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36365
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36366
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36367
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36368
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36369
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36370
MISC[/TD]
[/TR]
[TR]
[TD]
monetdb_server -- monetdb_server
[/TD]
[TD]
An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
[/TD][TD]
2023-06-22
[/TD][TD]
not yet calculated
[/TD][TD]CVE-2023-36371
MISC[/TD]
[/TR]
[TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD][/TD]
[/TD]
[TD]
[TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD][TD]
[/TD]
[/TD]
[/TD]
Continue reading...