CISA Bulletins - Vulnerability Summary for the Week of March 6, 2023

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
igamingmodules -- flashgamesA vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.2023-03-059.8CVE-2008-10003
MISC
MISC
MISC
codepeople -- polls_cpA vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268.2023-03-049.8CVE-2014-125091
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server2023-03-069.8CVE-2022-4328
MISC
zbt -- we1626_firmwareAn issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint.2023-03-039.8CVE-2022-45551
MISC
MISC
MISC
zbt -- we1626_firmwareAn issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port.2023-03-039.8CVE-2022-45553
MISC
MISC
MISC
anji-plus -- reportReport v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability.2023-03-039.8CVE-2022-46973
MISC
MISC
cisco -- ip_phone_6871_firmwareMultiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2023-03-039.8CVE-2023-20078
CISCO
judging_management_system -- judging_management_systemJudging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php.2023-03-039.8CVE-2023-24641
MISC
judging_management_system -- judging_management_systemJudging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php.2023-03-039.8CVE-2023-24642
MISC
judging_management_system -- judging_management_systemJudging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php.2023-03-039.8CVE-2023-24643
MISC
yf-exam -- yf-examCleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE).2023-03-039.8CVE-2023-26779
MISC
MISC
best_pos_management_system -- best_pos_management_systemBest POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php.2023-03-099.8CVE-2023-27202
MISC
MISC
best_pos_management_system -- best_pos_management_systemBest POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php.2023-03-099.8CVE-2023-27203
MISC
MISC
best_pos_management_system -- best_pos_management_systemBest POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php.2023-03-099.8CVE-2023-27204
MISC
MISC
best_pos_management_system -- best_pos_management_systemBest POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php.2023-03-099.8CVE-2023-27205
MISC
MISC
sourcecodester -- online_pizza_ordering_systemOnline Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php.2023-03-099.8CVE-2023-27207
MISC
MISC
sourcecodester -- online_pizza_ordering_systemOnline Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php.2023-03-099.8CVE-2023-27210
MISC
MISC
sourcecodester -- online_pizza_ordering_systemOnline Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php.2023-03-099.8CVE-2023-27213
MISC
MISC
sourcecodester -- online_pizza_ordering_systemOnline Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php.2023-03-099.8CVE-2023-27214
MISC
MISC
gitpod -- gitpodAn issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace.2023-03-039.6CVE-2023-0957
MISC
MISC
MISC
MISC
MISC
MISC
MISC
webkitgtk -- webkitgtkA vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.2023-03-068.8CVE-2019-8720
MISC
MISC
wordpress -- wordpressThe Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user2023-03-068.8CVE-2022-4265
MISC
draytek -- vigor_2960_firmwareA vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability.2023-03-038.8CVE-2023-1162
MISC
MISC
MISC
google -- chromeUse after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1213
MISC
MISC
google -- chromeType confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1214
MISC
MISC
google -- chromeType confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1215
MISC
MISC
google -- chromeUse after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1216
MISC
MISC
google -- chromeUse after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1218
MISC
MISC
google -- chromeHeap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1219
MISC
MISC
google -- chromeHeap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-03-078.8CVE-2023-1220
MISC
MISC
google -- chromeHeap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)2023-03-078.8CVE-2023-1222
MISC
MISC
google -- chromeUse after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)2023-03-078.8CVE-2023-1227
MISC
MISC
vantage6 -- vantage6vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0.2023-03-048.8CVE-2023-23929
MISC
MISC
prestashop -- xen_forumIn the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0.2023-03-068.8CVE-2023-24763
MISC
MISC
jeecg -- jeecgjeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component.2023-03-068.8CVE-2023-24789
MISC
mailcow -- mailcow\mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs.2023-03-048.8CVE-2023-26490
MISC
MISC
starsoftcomm -- coocarestarsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.2023-03-037.8CVE-2022-45988
MISC
MISC
struktur -- libde265Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse2023-03-037.8CVE-2022-47664
MISC
struktur -- libde265Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int)2023-03-037.8CVE-2022-47665
MISC
hornerautomation -- cscape_envision_rvCscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.2023-03-097.8CVE-2023-0621
MISC
hornerautomation -- cscape_envision_rvCscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.2023-03-097.8CVE-2023-0622
MISC
hornerautomation -- cscape_envision_rvCscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.2023-03-097.8CVE-2023-0623
MISC
kylinos -- kylin_osA vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260.2023-03-037.8CVE-2023-1164
MISC
MISC
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376.2023-03-037.8CVE-2023-1170
MISC
CONFIRM
imageinfo -- imageinfoA vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability.2023-03-067.8CVE-2023-1190
MISC
MISC
MISC
MISC
ebay -- sketchsvgAll versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.2023-03-067.8CVE-2023-26107
MISC
MISC
MISC
systemd -- systemdsystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.2023-03-037.8CVE-2023-26604
MISC
MISC
MISC
live2d -- cubism_editorCubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file.2023-03-037.8CVE-2023-27566
MISC
MISC
MISC
MISC
m-files -- m-files_serverRendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3.2023-03-067.6CVE-2022-4862
MISC
zerocoin -- libzerocoinA vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability.2023-03-067.5CVE-2017-20180
MISC
MISC
MISC
MISC
m-files -- m-files_serverDownload key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0.2023-03-067.5CVE-2022-3284
MISC
zbt -- we1626_firmwareAn Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory.2023-03-037.5CVE-2022-45552
MISC
MISC
MISC
cisco -- ip_phone_6871_firmwareMultiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.2023-03-037.5CVE-2023-20079
CISCO
cisco -- finesseA vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition.2023-03-037.5CVE-2023-20088
CISCO
yf-exam -- yf-examCleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload.2023-03-037.5CVE-2023-25402
MISC
MISC
yf-exam -- yf-examCleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication.2023-03-037.5CVE-2023-25403
MISC
MISC
dot-lens -- dot-lensAll versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file.2023-03-067.5CVE-2023-26106
MISC
MISC
@nubosoftware -- node-staticAll versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function.2023-03-067.5CVE-2023-26111
MISC
MISC
MISC
MISC
monospace -- directusDirectus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to /files/import). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0.2023-03-037.5CVE-2023-26492
MISC
MISC
MISC
phpseclib -- phpseclibMath/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields.2023-03-037.5CVE-2023-27560
MISC
CONFIRM
openbsd -- openbsdIn OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel.2023-03-037.5CVE-2023-27567
MISC
vim -- vimIncorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.2023-03-047.3CVE-2023-1175
MISC
CONFIRM
crmeb -- crmebA vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability.2023-03-037.2CVE-2023-1165
MISC
MISC
MISC
fastcms -- fastcmsA vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363.2023-03-067.2CVE-2023-1191
MISC
MISC
MISC
MISC
phpipam -- phpipamSQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.2023-03-077.2CVE-2023-1211
MISC
CONFIRM
barracuda -- cloudgen_wan_private_edge_gateway_firmwareOn Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters.2023-03-037.2CVE-2023-26213
FULLDISC
MISC
CONFIRM
MISC
runc -- runcrunc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.2023-03-037CVE-2023-27561
MISC
MISC
MISC

Back to top



Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google -- androidIn tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.2023-03-076.7CVE-2023-20621
MISC
google -- androidIn vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530.2023-03-076.7CVE-2023-20624
MISC
google -- androidIn msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.2023-03-076.7CVE-2023-20626
MISC
google -- androidIn pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.2023-03-076.7CVE-2023-20627
MISC
google -- androidIn thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460.2023-03-076.7CVE-2023-20628
MISC
google -- androidIn usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628505; Issue ID: ALPS07628505.2023-03-076.7CVE-2023-20630
MISC
google -- androidIn usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506.2023-03-076.7CVE-2023-20632
MISC
google -- androidIn usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508.2023-03-076.7CVE-2023-20633
MISC
google -- androidIn widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697.2023-03-076.7CVE-2023-20634
MISC
google -- androidIn display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.2023-03-076.7CVE-2023-20636
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.2023-03-076.7CVE-2023-20637
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537.2023-03-076.7CVE-2023-20638
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587.2023-03-076.7CVE-2023-20639
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573.2023-03-076.7CVE-2023-20640
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574.2023-03-076.7CVE-2023-20641
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586.2023-03-076.7CVE-2023-20642
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584.2023-03-076.7CVE-2023-20643
MISC
google -- androidIn apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577.2023-03-076.7CVE-2023-20650
MISC
draytek -- vigor_2960_firmwareA vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259.2023-03-036.5CVE-2023-1163
MISC
MISC
MISC
google -- chromeStack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)2023-03-076.5CVE-2023-1217
MISC
MISC
google -- chromeInsufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)2023-03-076.5CVE-2023-1226
MISC
MISC
cisco -- unified_contact_center_expressMultiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.2023-03-036.5CVE-2023-20061
CISCO
goauthentik -- authentikauthentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin (or sent via email by an admin) can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an Identification and an Email stage bound to it. If the flow has policies on the identification stage to skip it when the flow is restored (by checking request.context['is_restored']), the flow is not affected by this. With this flow in place, an administrator must create a recovery Link or send a recovery URL to the attacker, who can, due to the improper validation of the token create, set the password for any account. Regardless, for custom recovery flows it is recommended to add a policy that checks if the flow is restored, and skips the identification stage. This issue has been fixed in versions 2023.2.3, 2023.1.3 and 2022.12.2.2023-03-046.5CVE-2023-26481
MISC
MISC
openzeppelin -- contracts_upgradeableOpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by balanceOf. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2.2023-03-036.5CVE-2023-26488
MISC
MISC
MISC
google -- androidIn ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778.2023-03-076.4CVE-2023-20623
MISC
google -- androidIn adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628532; Issue ID: ALPS07628532.2023-03-076.4CVE-2023-20625
MISC
google -- chromeType confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low)2023-03-076.3CVE-2023-1235
MISC
MISC
ajaxlife -- ajaxlifeA vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability.2023-03-056.1CVE-2008-10002
MISC
MISC
MISC
MISC
media_downloader -- media_downloaderA vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability.2023-03-046.1CVE-2014-125090
MISC
MISC
MISC
maxfoundry -- maxbuttonsA vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323.2023-03-056.1CVE-2014-125092
MISC
MISC
MISC
MISC
pluginmirror -- landing-pagesA vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320.2023-03-066.1CVE-2015-10090
MISC
MISC
MISC
MISC
qtranslate_slug -- qtranslate_slugA vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324.2023-03-066.1CVE-2015-10092
MISC
MISC
MISC
MISC
seotool-- seotoolA vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231.2023-03-046.1CVE-2020-36663
MISC
MISC
MISC
MISC
MISC
seotool -- seotoolA vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232.2023-03-046.1CVE-2020-36664
MISC
MISC
MISC
MISC
MISC
seotool -- seotoolA vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability.2023-03-046.1CVE-2020-36665
MISC
MISC
MISC
MISC
MISC
saysis -- starcitiesImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1.2023-03-066.1CVE-2022-2178
MISC
asosegitim -- sobiadImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01.2023-03-036.1CVE-2023-0577
MISC
asosegitim -- bookcitesImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05.2023-03-036.1CVE-2023-0578
MISC
kibokolabs -- watu_quizThe Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-03-036.1CVE-2023-0968
MISC
MISC
sourcecodester -- health_center_patient_record_management_systemA vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331.2023-03-056.1CVE-2023-1180
MISC
MISC
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.2023-03-106.1CVE-2023-1320
CONFIRM
MISC
draytek -- vigor2860_firmwareCertain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2.2023-03-036.1CVE-2023-23313
MISC
MISC
kitabisa -- teler-wafteler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0.2023-03-036.1CVE-2023-26047
MISC
MISC
MISC
vega-functions_project -- vega-functionsVega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.2023-03-046.1CVE-2023-26486
MISC
MISC
MISC
MISC
MISC
vega-functions -- vega-functionsVega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes push function on the 1st argument specifying array consisting of 2nd and 3rd arguments as push call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a push function as the 1st argument, push function can be set to any function that can be access via event.view (no all such functions can be exploited due to invalid context or signature, but some can, e.g. console.log). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS setImmediate polyfill basically allows eval-like functionality). This issue was patched in 5.23.0.2023-03-046.1CVE-2023-26487
MISC
MISC
MISC
best_pos_management_system -- best_pos_management_systemA cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.2023-03-096.1CVE-2023-27206
MISC
MISC
sourcecodester -- online_pizza_ordering_systemA cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.2023-03-096.1CVE-2023-27208
MISC
MISC
sourcecodester -- online_pizza_ordering_systemA cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.2023-03-096.1CVE-2023-27211
MISC
MISC
sourcecodester -- online_pizza_ordering_systemA cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter.2023-03-096.1CVE-2023-27212
MISC
MISC
quickentity_editor -- quickentity_editorquickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-03-066.1CVE-2023-27472
MISC
MISC
samba -- sambaA flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.2023-03-065.9CVE-2021-20251
MISC
MISC
ghost -- ghostGhost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact.2023-03-055.7CVE-2023-26510
MISC
MISC
MISC
samourai-wallet-android -- samourai-wallet-androidAn issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation.2023-03-045.5CVE-2021-36689
MISC
MISC
libtiff -- libtiffLibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125.2023-03-035.5CVE-2022-4645
MISC
MISC
CONFIRM
FEDORA
fabulatech -- webcam_for_remote_desktopA vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability.2023-03-065.5CVE-2023-1186
MISC
MISC
MISC
fabulatech -- webcam_for_remote_desktopA vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359.2023-03-065.5CVE-2023-1187
MISC
MISC
MISC
fabulatech -- webcam_for_remote_desktopA vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360.2023-03-065.5CVE-2023-1188
MISC
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.2023-03-065.4CVE-2015-10093
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0063
MISC
iwordpress -- wordpressThe i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0065
MISC
wordpress -- wordpressThe WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0069
MISC
wordpress -- wordpressThe Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0076
MISC
wordpress -- wordpressThe Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users2023-03-065.4CVE-2023-0078
MISC
wordpress -- wordpressThe Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0165
MISC
wordpress -- wordpressThe Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-065.4CVE-2023-0212
MISC
sourcecodester -- computer_parts_sales_and_inventory_systemA vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability.2023-03-055.4CVE-2023-1179
MISC
MISC
MISC
easyimages2.0 -- easyimages2.0Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7.2023-03-055.4CVE-2023-1181
CONFIRM
MISC
ehuacui-bbs -- ehuacui-bbsA vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388.2023-03-065.4CVE-2023-1200
MISC
MISC
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.2023-03-105.4CVE-2023-1315
MISC
CONFIRM
enhancesoft -- osticketCross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.2023-03-105.4CVE-2023-1316
CONFIRM
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6.2023-03-105.4CVE-2023-1317
CONFIRM
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6.2023-03-105.4CVE-2023-1318
MISC
CONFIRM
cisco -- prime_infrastructureA vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.2023-03-035.4CVE-2023-20069
CISCO
blogengine.net -- blogengine.netA stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file.2023-03-065.4CVE-2023-22856
MISC
blogengine.net -- blogengine.netA stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post.2023-03-065.4CVE-2023-22857
MISC
craftcms -- craftcmsCraft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.2023-03-035.4CVE-2023-23927
MISC
MISC
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module.2023-03-085.4CVE-2023-26950
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module.2023-03-085.4CVE-2023-26952
MISC
wallabag -- wallabagImproper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4.2023-03-055.3CVE-2023-0734
CONFIRM
MISC
discourse -- discourseDiscourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the tests-passed or beta branches >= 3.1.0.beta2. The issue is patched in the latest beta and tests-passed version of Discourse.2023-03-045.3CVE-2023-25819
MISC
MISC
nestjs -- nestVersions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.2023-03-065.3CVE-2023-26108
MISC
MISC
MISC
MISC
uvdesk -- community-skeletonCross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0.2023-03-064.8CVE-2023-1197
CONFIRM
MISC
phpipam -- phpipamCross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.2023-03-074.8CVE-2023-1212
CONFIRM
MISC
enhancesoft -- osticketCross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6.2023-03-104.8CVE-2023-1319
MISC
CONFIRM
google -- androidIn keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028.2023-03-074.4CVE-2023-20635
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603.2023-03-074.4CVE-2023-20644
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609.2023-03-074.4CVE-2023-20645
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536.2023-03-074.4CVE-2023-20646
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547.2023-03-074.4CVE-2023-20647
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612.2023-03-074.4CVE-2023-20648
MISC
google -- androidIn ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607.2023-03-074.4CVE-2023-20649
MISC
google -- androidIn apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.2023-03-074.4CVE-2023-20651
MISC
joinmastodon -- mastodonThe undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive.2023-03-064.3CVE-2022-48364
MISC
MISC
MISC
MISC
wordpress -- wordpressThe WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key).2023-03-064.3CVE-2023-0328
MISC
google -- chromeInsufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1221
MISC
MISC
google -- chromeInsufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1223
MISC
MISC
google -- chromeInsufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1224
MISC
MISC
google -- chromeInsufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1225
MISC
MISC
google -- chromeInsufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1228
MISC
MISC
google -- chromeInappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1229
MISC
MISC
google -- chromeInappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1230
MISC
MISC
google -- chromeInappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium)2023-03-074.3CVE-2023-1231
MISC
MISC
google -- chromeInsufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low)2023-03-074.3CVE-2023-1232
MISC
MISC
google -- chromeInsufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low)2023-03-074.3CVE-2023-1233
MISC
MISC
google -- chromeInappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)2023-03-074.3CVE-2023-1234
MISC
MISC
google -- chromeInappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low)2023-03-074.3CVE-2023-1236
MISC
MISC
cisco -- unified_contact_center_expressMultiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities.2023-03-034.3CVE-2023-20062
CISCO
google -- androidIn adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558.2023-03-074.1CVE-2023-20620
MISC

Back to top



Low Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.​

Back to top



Severity Not Yet Assigned​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info

wordpress -- wordpress
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability.2023-03-05not yet calculatedCVE-2006-10001
MISC
MISC
MISC
MISC
email_registration -- email_registrationA vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.2023-03-06not yet calculatedCVE-2008-10004
MISC
MISC
MISC
MISC
wordpress -- wordpressA vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability.2023-03-10not yet calculatedCVE-2013-10020
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739.2023-03-11not yet calculatedCVE-2013-10021
MISC
MISC
MISC
MISC
wordpress -- wordpressA vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability.2023-03-10not yet calculatedCVE-2014-125093
MISC
MISC
MISC
MISC

ayttm -- ayttm
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.2023-03-05not yet calculatedCVE-2015-10088
MISC
MISC
MISC
MISC

flame.js -- flame.js
A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291.2023-03-05not yet calculatedCVE-2015-10089
MISC
MISC
MISC
MISC

bywater_solutions -- bywater-koha-xslt
A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability.2023-03-06not yet calculatedCVE-2015-10091
MISC
MISC
MISC
wordpress -- wordpressA vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability.2023-03-06not yet calculatedCVE-2015-10094
MISC
MISC
MISC
MISC
wordpress -- wordpressA vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327.2023-03-06not yet calculatedCVE-2015-10095
MISC
MISC
MISC
MISC

hgzojer -- vocable_trainer
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.2023-03-07not yet calculatedCVE-2017-20181
MISC
MISC
MISC
MISC

mobile_vikings -- django_ajax_utilities
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611.2023-03-10not yet calculatedCVE-2017-20182
MISC
MISC
MISC
wordpress -- wordpressThe JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them.2023-03-07not yet calculatedCVE-2020-36667
MISC
MISC
wordpress -- wordpressThe JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information.2023-03-07not yet calculatedCVE-2020-36668
MISC
MISC
wordpress -- wordpressThe JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link.2023-03-07not yet calculatedCVE-2020-36669
MISC
MISC
wordpress -- wordpressThe NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more.2023-03-07not yet calculatedCVE-2020-36670
MISC
MISC

ibm -- financial_transactoin_manager
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954.2023-03-10not yet calculatedCVE-2020-5002
MISC
MISC

hclsoftware -- verse
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.2023-03-10not yet calculatedCVE-2021-27788
MISC

wyomind -- help_desk_magento_2
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.2023-03-08not yet calculatedCVE-2021-33351
MISC
MISC

wyomind -- help_desk_magento_2
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.2023-03-08not yet calculatedCVE-2021-33352
MISC
MISC

wyomind -- help_desk_magento_2
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.2023-03-08not yet calculatedCVE-2021-33353
MISC
MISC

gnuplot -- gnuplot
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s).2023-03-10not yet calculatedCVE-2021-33360
MISC
MISC
kernel -- kernelREMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.2023-03-08not yet calculatedCVE-2021-33639
MISC
yuneec -- mantis_q/px4-autopilotAn issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands.2023-03-09not yet calculatedCVE-2021-34125
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

vicidial -- vicidial
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.2023-03-06not yet calculatedCVE-2021-35377
MISC
MISC

moodle -- moodle
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses.2023-03-06not yet calculatedCVE-2021-36392
MISC

moodle -- moodle
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses.2023-03-06not yet calculatedCVE-2021-36393
MISC

moodle -- moodle
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.2023-03-06not yet calculatedCVE-2021-36394
MISC

moodle -- moodle
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.2023-03-06not yet calculatedCVE-2021-36395
MISC

moodle -- moodle
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.2023-03-06not yet calculatedCVE-2021-36396
MISC

moodle -- moodle
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.2023-03-06not yet calculatedCVE-2021-36397
MISC

moodle -- moodle
In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.2023-03-06not yet calculatedCVE-2021-36398
MISC

moodle -- moodle
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.2023-03-06not yet calculatedCVE-2021-36399
MISC

moodle -- moodle
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.2023-03-06not yet calculatedCVE-2021-36400
MISC

moodle -- moodle
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.2023-03-06not yet calculatedCVE-2021-36401
MISC

moodle -- moodle
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.2023-03-06not yet calculatedCVE-2021-36402
MISC

moodle -- moodle
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.2023-03-06not yet calculatedCVE-2021-36403
MISC
jquery -- jqueryCross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012.2023-03-06not yet calculatedCVE-2021-36713
MISC
MISC
json-logic-js -- json-logic-jsA vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability.2023-03-05not yet calculatedCVE-2021-4329
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.2023-03-07not yet calculatedCVE-2021-4330
MISC
MISC
wordpress -- wordpressThe Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post).2023-03-07not yet calculatedCVE-2021-4331
MISC
MISC
wordpress -- wordpressThe Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation.2023-03-07not yet calculatedCVE-2021-4332
MISC
MISC
wordpress -- wordpressThe WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-07not yet calculatedCVE-2021-4333
MISC
MISC
ubit_information_technologies -- student_information management_systemImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.2023-03-07not yet calculatedCVE-2021-44196
MISC
ubit_information_technologies -- student_information management_systemImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.2023-03-07not yet calculatedCVE-2021-44197
MISC
cisco -- cisco enterprise_nfv infrastructure_ softwareA vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.2023-03-10not yet calculatedCVE-2022-20929
MISC
qualcomm -- snapdragonInformation Disclosure in Graphics during GPU context switch.2023-03-10not yet calculatedCVE-2022-22075
MISC
fortinet -- multiple_productsAn incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments.2023-03-07not yet calculatedCVE-2022-22297
MISC
qualcomm -- snapdragonMemory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.2023-03-10not yet calculatedCVE-2022-25655
MISC
qualcomm -- snapdragonMemory corruption in Modem due to usage of Out-of-range pointer offset in UIM2023-03-10not yet calculatedCVE-2022-25694
MISC
qualcomm -- snapdragonMemory corruption in modem due to integer overflow to buffer overflow while handling APDU response2023-03-10not yet calculatedCVE-2022-25705
MISC
qualcomm -- snapdragonMemory corruption in modem due to use of out of range pointer offset while processing qmi msg2023-03-10not yet calculatedCVE-2022-25709
MISC
fortinet -- multiple_productsA exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via diagnose debug commands.2023-03-07not yet calculatedCVE-2022-27490
MISC
fortinet -- fortimailA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.2023-03-09not yet calculatedCVE-2022-29056
MISC
openstack-neutron -- openstack-neutronAn uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.2023-03-06not yet calculatedCVE-2022-3277
MISC
MISC
qualcomm -- snapdragonMemory corruption in modem due to buffer overflow while processing a PPP packet2023-03-10not yet calculatedCVE-2022-33213
MISC
qualcomm -- snapdragonMemory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD.2023-03-10not yet calculatedCVE-2022-33242
MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in modem during MIB reception and SIB timeout2023-03-10not yet calculatedCVE-2022-33244
MISC
qualcomm -- snapdragonMemory corruption in WLAN due to use after free2023-03-10not yet calculatedCVE-2022-33245
MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.2023-03-10not yet calculatedCVE-2022-33250
MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in Modem while processing SIB1 Message.2023-03-10not yet calculatedCVE-2022-33254
MISC
qualcomm -- snapdragonMemory corruption due to improper validation of array index in Multi-mode call processor.2023-03-10not yet calculatedCVE-2022-33256
MISC
qualcomm -- snapdragonMemory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.2023-03-10not yet calculatedCVE-2022-33257
MISC
qualcomm -- snapdragonMemory corruption due to stack based buffer overflow in core while sending command from USB of large size.2023-03-10not yet calculatedCVE-2022-33260
MISC
qualcomm -- snapdragonTransient DOS in modem due to reachable assertion.2023-03-10not yet calculatedCVE-2022-33272
MISC
qualcomm -- snapdragonMemory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.2023-03-10not yet calculatedCVE-2022-33278
MISC
qualcomm -- snapdragonTransient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes.2023-03-10not yet calculatedCVE-2022-33309
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites2023-03-09not yet calculatedCVE-2022-3381
CONFIRM
MISC
MISC
linux -- kernelA use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.2023-03-06not yet calculatedCVE-2022-3424
MISC
MISC
MISC
MISC
gitlab -- gitlabA double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.2023-03-06not yet calculatedCVE-2022-3707
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet.2023-03-09not yet calculatedCVE-2022-3758
MISC
MISC
CONFIRM
mia_technology -- mia-medImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.2023-03-07not yet calculatedCVE-2022-3760
MISC
gitlab -- dastMissing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.2023-03-09not yet calculatedCVE-2022-3767
CONFIRM
MISC
hewlett_packard_enterprise -- hpe_flex/hpe_flex_280A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.2023-03-10not yet calculatedCVE-2022-37939
MISC
ceph -- cephA flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.2023-03-06not yet calculatedCVE-2022-3854
MISC
libpng -- libpngA flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.2023-03-06not yet calculatedCVE-2022-3857
MISC
fortinet -- fortiwebA improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests.2023-03-07not yet calculatedCVE-2022-39951
MISC
fortinet -- fortinacA improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands.2023-03-07not yet calculatedCVE-2022-39953
MISC
gitlab -- gitlabA issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.2023-03-08not yet calculatedCVE-2022-4007
CONFIRM
MISC
MISC
qualcomm -- snapdragonMemory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.2023-03-10not yet calculatedCVE-2022-40515
MISC
qualcomm -- snapdragonTransient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.2023-03-10not yet calculatedCVE-2022-40527
MISC
qualcomm -- snapdragonMemory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase.2023-03-10not yet calculatedCVE-2022-40530
MISC
qualcomm -- snapdragon
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.2023-03-10not yet calculatedCVE-2022-40531
MISC
qualcomm -- snapdragonTransient DOS due to buffer over-read in WLAN while sending a packet to device.2023-03-10not yet calculatedCVE-2022-40535
MISC
qualcomm -- snapdragonMemory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.2023-03-10not yet calculatedCVE-2022-40537
MISC
qualcomm -- snapdragonMemory corruption in Automotive Android OS due to improper validation of array index.2023-03-10not yet calculatedCVE-2022-40539
MISC
qualcomm -- snapdragonMemory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel.2023-03-10not yet calculatedCVE-2022-40540
MISC
fortinet -- fortinacA improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests.2023-03-07not yet calculatedCVE-2022-40676
MISC
fortinet -- fortiosA improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands.2023-03-07not yet calculatedCVE-2022-41328
MISC
fortinet -- multiple_productsAn exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests.2023-03-07not yet calculatedCVE-2022-41329
MISC
fortinet -- fortirecorderAn uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests.2023-03-07not yet calculatedCVE-2022-41333
MISC

openstack -- glance
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.2023-03-06not yet calculatedCVE-2022-4134
MISC
MISC
MISC
qlik -- qlikviewQlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.2023-03-06not yet calculatedCVE-2022-42248
MISC
MISC
fortinet -- fortiosA relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests.2023-03-07not yet calculatedCVE-2022-42476
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.2023-03-09not yet calculatedCVE-2022-4289
MISC
MISC
CONFIRM
gitlab -- dastAn issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.2023-03-08not yet calculatedCVE-2022-4315
CONFIRM
MISC
MISC
gitlab -- dastAn issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects.2023-03-09not yet calculatedCVE-2022-4317
CONFIRM
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group.2023-03-09not yet calculatedCVE-2022-4331
MISC
MISC
CONFIRM
ibm -- mqIBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832.2023-03-10not yet calculatedCVE-2022-43902
MISC
MISC
ivanti -- avalancheAn improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.2023-03-10not yet calculatedCVE-2022-44574
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.2023-03-09not yet calculatedCVE-2022-4462
MISC
CONFIRM
MISC
kioware -- kiowareKioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.2023-03-06not yet calculatedCVE-2022-44875
MISC
MISC
samba -- active_directorySince the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).2023-03-06not yet calculatedCVE-2022-45141
MISC
heimdal -- heimdalThe fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.2023-03-06not yet calculatedCVE-2022-45142
MISC
fortinet -- multiple_productsAn access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request.2023-03-07not yet calculatedCVE-2022-45861
MISC
github -- github_enterprise_serverAn information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.2023-03-07not yet calculatedCVE-2022-46257
MISC
MISC
MISC
MISC
arm -- arm_maliAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.2023-03-08not yet calculatedCVE-2022-46394
MISC
MISC
arm -- arm_maliAn issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0.2023-03-06not yet calculatedCVE-2022-46395
CONFIRM
MISC
dell -- biosDell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service.2023-03-08not yet calculatedCVE-2022-46752
MISC
unisoc_technologies -- multiple_productsIn wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service.2023-03-10not yet calculatedCVE-2022-47453
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47454
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47455
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47456
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47457
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47458
MISC
unisoc_technologies -- multiple_productsIn wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.2023-03-10not yet calculatedCVE-2022-47459
MISC
unisoc_technologies -- multiple_productsIn gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel.2023-03-10not yet calculatedCVE-2022-47460
MISC
unisoc_technologies -- multiple_productsIn telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.2023-03-10not yet calculatedCVE-2022-47461
MISC
unisoc_technologies -- multiple_productsIn telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed.2023-03-10not yet calculatedCVE-2022-47462
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47471
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47472
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47473
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47474
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47475
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47476
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47477
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47478
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47479
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47480
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47481
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47482
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47483
MISC
unisoc_technologies -- multiple_productsIn telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.2023-03-10not yet calculatedCVE-2022-47484
MISC
sipe -- yarixA cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter.2023-03-10not yet calculatedCVE-2022-48111
MISC
MISC
MISC
c-ares -- c-aresA flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.2023-03-06not yet calculatedCVE-2022-4904
MISC
MISC
FEDORA
ualbertalib -- neosdiscoveryA vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287.2023-03-05not yet calculatedCVE-2022-4927
MISC
MISC
MISC
MISC
MISC
icplayer -- icplayerA vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability.2023-03-06not yet calculatedCVE-2022-4928
MISC
MISC
MISC
MISC
MISC
icplayer -- icplayerA vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability.2023-03-06not yet calculatedCVE-2022-4929
MISC
MISC
MISC
MISC
MISC
syspass -- syspassA vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The name of the patch is 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319.2023-03-06not yet calculatedCVE-2022-4930
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpressThe BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.2023-03-07not yet calculatedCVE-2022-4931
MISC
MISC
wordpress -- wordpressThe Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up.2023-03-07not yet calculatedCVE-2022-4932
MISC
MISC
linux -- kernelA use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system.2023-03-08not yet calculatedCVE-2023-0030
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims.2023-03-09not yet calculatedCVE-2023-0050
CONFIRM
MISC
MISC
wordpress -- wordpressThe eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-06not yet calculatedCVE-2023-0064
MISC
wordpress -- wordpressThe Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-06not yet calculatedCVE-2023-0068
MISC
openharmony -- openharmyThe ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash.2023-03-10not yet calculatedCVE-2023-0083
MISC
proofpoint -- enterprise_protectionThe webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below.2023-03-08not yet calculatedCVE-2023-0089
MISC
proofpoint -- enterprise_protectionThe webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.2023-03-08not yet calculatedCVE-2023-0090
MISC
okta -- advanced_server_access_clientOkta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.2023-03-06not yet calculatedCVE-2023-0093
MISC
nvidia -- cuda_toolkit_sdkNVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure.2023-03-10not yet calculatedCVE-2023-0193
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings.2023-03-09not yet calculatedCVE-2023-0223
CONFIRM
MISC
MISC
qemu -- qemuA vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.2023-03-06not yet calculatedCVE-2023-0330
MISC
wordpress -- wordpressThe Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-03-06not yet calculatedCVE-2023-0377
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site.2023-03-09not yet calculatedCVE-2023-0483
CONFIRM
MISC
MISC
gigamon -- gigavue-fm/gigavue-osThe help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting.2023-03-10not yet calculatedCVE-2023-0746
CONFIRM
promis_process_company -- inscadaImproper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1.2023-03-06not yet calculatedCVE-2023-0839
MISC
hashicorp -- consul/consul_enterpriseConsul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.2023-03-09not yet calculatedCVE-2023-0845
MISC
meddata_informatics -- meddatapacsImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData Informatics MedDataPACS.This issue affects MedDataPACS : before 2023-03-03.2023-03-06not yet calculatedCVE-2023-0979
MISC
typora -- typoraA vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736.2023-03-07not yet calculatedCVE-2023-1003
MISC
MISC
MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details.2023-03-09not yet calculatedCVE-2023-1072
MISC
CONFIRM
gitlab -- gitlab_ce/eeAn issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request.2023-03-09not yet calculatedCVE-2023-1084
MISC
MISC
CONFIRM
alpata -- licensed_warehousing_automation_systemImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01.2023-03-10not yet calculatedCVE-2023-1091
MISC
wireshark -- wiresharkISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file2023-03-06not yet calculatedCVE-2023-1161
CONFIRM
MISC
MISC
ecshop -- ecshopA vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356.2023-03-06not yet calculatedCVE-2023-1184
MISC
MISC
MISC
ecshop -- ecshopA vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability.2023-03-06not yet calculatedCVE-2023-1185
MISC
MISC
MISC
wisecleaner -- wise_folder_hiderA vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability.2023-03-06not yet calculatedCVE-2023-1189
MISC
MISC
MISC
saysis -- starcitiesImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3.2023-03-10not yet calculatedCVE-2023-1198
MISC
devolutions -- serverImproper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains.2023-03-10not yet calculatedCVE-2023-1201
MISC
devolutions -- remote_desktop_manager_powershell_moduleImproper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.2023-03-10not yet calculatedCVE-2023-1203
MISC
netgear -- nighthawk_wifi6_routerNETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections.2023-03-10not yet calculatedCVE-2023-1205
MISC
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1237
CONFIRM
MISC
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1238
CONFIRM
MISC
answerdev -- answerCross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1239
MISC
CONFIRM
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1240
CONFIRM
MISC
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1241
CONFIRM
MISC
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1242
MISC
CONFIRM
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1243
MISC
CONFIRM
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1244
MISC
CONFIRM
answerdev -- answerCross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.2023-03-07not yet calculatedCVE-2023-1245
CONFIRM
MISC
saysis -- starcitiesFiles or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3.2023-03-10not yet calculatedCVE-2023-1246
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.2023-03-07not yet calculatedCVE-2023-1247
MISC
CONFIRM
akinsoft -- wolvoxImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.2023-03-09not yet calculatedCVE-2023-1251
MISC
sourcecodester -- health_center_patient_record_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483.2023-03-07not yet calculatedCVE-2023-1253
MISC
MISC
MISC
sourcecodester -- health_center_patient_record_management_systemA vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484.2023-03-07not yet calculatedCVE-2023-1254
MISC
MISC
MISC
moxa -- uc_seriesAn attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system.2023-03-07not yet calculatedCVE-2023-1257
MISC
wordpress -- wordpressThe CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled.2023-03-07not yet calculatedCVE-2023-1263
MISC
MISC
vim -- vimNULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392.2023-03-07not yet calculatedCVE-2023-1264
CONFIRM
MISC
ulkem -- pttem_kartImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1.2023-03-08not yet calculatedCVE-2023-1267
MISC
easyappointment -- easyappointmentUse of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.2023-03-08not yet calculatedCVE-2023-1269
CONFIRM
MISC
btcpayserver -- btcpayserverCommand Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3.2023-03-08not yet calculatedCVE-2023-1270
MISC
CONFIRM
sourcecodester -- phone_shop_sales_managements_systemA vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.2023-03-08not yet calculatedCVE-2023-1275
MISC
MISC
MISC
sul1ss_shop -- sul1ss_shopA vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599.2023-03-08not yet calculatedCVE-2023-1276
MISC
MISC
MISC
kylin -- kylin-system-updaterA vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600.2023-03-08not yet calculatedCVE-2023-1277
MISC
MISC
MISC
ibos -- ibosA vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608.2023-03-08not yet calculatedCVE-2023-1278
MISC
MISC
MISC
qwik -- qwikCode Injection in GitHub repository builderio/qwik prior to 0.21.0.2023-03-08not yet calculatedCVE-2023-1283
CONFIRM
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19.2023-03-09not yet calculatedCVE-2023-1286
CONFIRM
MISC
dassault_systèmes -- enovia_live_collaborationAn XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution.2023-03-09not yet calculatedCVE-2023-1287
MISC
dassault_systèmes -- enovia_live_collaborationAn XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions.2023-03-09not yet calculatedCVE-2023-1288
MISC
sourcecodester -- sales_tracker_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644.2023-03-09not yet calculatedCVE-2023-1290
MISC
MISC
MISC
sourcecodester -- sales_tracker_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability.2023-03-09not yet calculatedCVE-2023-1291
MISC
MISC
MISC
sourcecodester -- sales_tracker_management_systemA vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability.2023-03-09not yet calculatedCVE-2023-1292
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_systemA vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647.2023-03-09not yet calculatedCVE-2023-1293
MISC
MISC
MISC
dester -- file_tracker_manager_systemA vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648.2023-03-09not yet calculatedCVE-2023-1294
MISC
MISC
MISC
sourcecodester -- covid_19_testing_management_systemA vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222661 was assigned to this vulnerability.2023-03-09not yet calculatedCVE-2023-1300
MISC
MISC
MISC
sourcecodester -- friendly_island_pizza_website_and_ordering_systemA vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability.2023-03-09not yet calculatedCVE-2023-1301
MISC
MISC
MISC
sourcecodester -- file_tracker_management_systemA vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663.2023-03-09not yet calculatedCVE-2023-1302
MISC
MISC
MISC
ucms -- ucmsA vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683.2023-03-09not yet calculatedCVE-2023-1303
MISC
MISC
MISC
froxlor -- froxlorAuthentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13.2023-03-10not yet calculatedCVE-2023-1307
MISC
CONFIRM
sourcecodester -- online_graduate_tracer_systemA vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696.2023-03-10not yet calculatedCVE-2023-1308
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_systemA vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222697 was assigned to this vulnerability.2023-03-10not yet calculatedCVE-2023-1309
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_systemA vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability.2023-03-10not yet calculatedCVE-2023-1310
MISC
MISC
MISC
sourcecodester -- friendly_island_pizza_website_and_ordering_systemA vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699.2023-03-10not yet calculatedCVE-2023-1311
MISC
MISC
MISC
pimcore -- pimcoreCross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19.2023-03-10not yet calculatedCVE-2023-1312
CONFIRM
MISC
cockpit-hq -- cockpitUnrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1.2023-03-10not yet calculatedCVE-2023-1313
CONFIRM
MISC
lmxcms -- lmxcmsA vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727.2023-03-10not yet calculatedCVE-2023-1321
MISC
MISC
lmxcms -- lmxcmsA vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728.2023-03-10not yet calculatedCVE-2023-1322
MISC
MISC
guizhou -- 115cmsA vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability.2023-03-10not yet calculatedCVE-2023-1328
MISC
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.2023-03-10not yet calculatedCVE-2023-1333
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache.2023-03-10not yet calculatedCVE-2023-1334
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site.2023-03-10not yet calculatedCVE-2023-1335
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching.2023-03-10not yet calculatedCVE-2023-1336
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files.2023-03-10not yet calculatedCVE-2023-1337
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules.2023-03-10not yet calculatedCVE-2023-1338
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules.2023-03-10not yet calculatedCVE-2023-1339
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1340
MISC
MISC
wordpress -- wordpress
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1341
MISC
MISC
wordpress -- wordpress
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1342
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1343
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1344
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1345
MISC
MISC
wordpress -- wordpressThe RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-03-10not yet calculatedCVE-2023-1346
MISC
MISC
hsycms -- hsycmsA vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability.2023-03-11not yet calculatedCVE-2023-1349
MISC
MISC
MISC

liferea -- liferea
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date &gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848.2023-03-11not yet calculatedCVE-2023-1350
MISC
MISC
MISC

sourcecodester -- computer_parts_sales_and_inventory_system
A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability.2023-03-11not yet calculatedCVE-2023-1351
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851.2023-03-11not yet calculatedCVE-2023-1352
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852.2023-03-11not yet calculatedCVE-2023-1353
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability.2023-03-11not yet calculatedCVE-2023-1354
MISC
MISC
MISC

vim -- vim
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402.2023-03-11not yet calculatedCVE-2023-1355
MISC
CONFIRM

cisco -- ios_xr_software_for_asr9000_series_routers
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads.2023-03-09not yet calculatedCVE-2023-20049
CISCO

cisco -- ios_xr_software
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device.2023-03-09not yet calculatedCVE-2023-20064
CISCO

openharmony -- openharmony
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system.2023-03-10not yet calculatedCVE-2023-22301
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.2023-03-06not yet calculatedCVE-2023-22335
MISC
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.2023-03-06not yet calculatedCVE-2023-22336
MISC
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device.2023-03-06not yet calculatedCVE-2023-22344
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_softwareOut-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.2023-03-06not yet calculatedCVE-2023-22419
MISC
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_softwareOut-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.2023-03-06not yet calculatedCVE-2023-22421
MISC
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_softwareUse-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution.2023-03-06not yet calculatedCVE-2023-22424
MISC
MISC
MISC

web2py -- web2py
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.2023-03-06not yet calculatedCVE-2023-22432
MISC
MISC
MISC

openharmony -- openharmony
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root.2023-03-10not yet calculatedCVE-2023-22436
MISC

ec_cube -- 4_series
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script.2023-03-06not yet calculatedCVE-2023-22438
MISC
MISC
MISC
MISC

freshrss -- freshrss
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in users/_/log_api.txt in the case where the authentication fails. The issues occurs in authorizationToUser() in greader.php. If there is an issue with the request or the credentials, unauthorized() or badRequest() is called. Both these functions are printing the return of debugInfo() in the logs. debugInfo() will return the content of the request. By default, this will be saved in users/_/log_api.txt and if the const COPY_LOG_TO_SYSLOG is true, in syslogs as well. Exploiting this issue requires having access to logs produced by FreshRSS. Using the information from the logs, a malicious individual could get users' API keys (would be displayed if the users fills in a bad username) or passwords.2023-03-06not yet calculatedCVE-2023-22481
MISC
MISC

ec_cube -- 4_series
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.2023-03-06not yet calculatedCVE-2023-22838
MISC
MISC

pg_ivm -- pg_ivm
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it.2023-03-07not yet calculatedCVE-2023-22847
MISC
MISC
MISC

blog_engine.net -- blog_engine.net
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs.2023-03-06not yet calculatedCVE-2023-22858
MISC

smartbear -- zephr_enterprise
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.2023-03-08not yet calculatedCVE-2023-22889
MISC

smartbear -- zephr_enterprise
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.2023-03-08not yet calculatedCVE-2023-22890
MISC

smartbear -- zephr_enterprise
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.2023-03-08not yet calculatedCVE-2023-22891
MISC

smartbear -- zephr_enterprise
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.2023-03-08not yet calculatedCVE-2023-22892
MISC

avantfax -- avantfax
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.2023-03-10not yet calculatedCVE-2023-23326
MISC
MISC

avantfax -- avantfax
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.2023-03-10not yet calculatedCVE-2023-23327
MISC
MISC

avantfax -- avantfax
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file.2023-03-10not yet calculatedCVE-2023-23328
MISC
MISC

pg_ivm -- pg_ivm
Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner.2023-03-07not yet calculatedCVE-2023-23554
MISC
MISC
MISC
apache -- dubboA deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions.2023-03-08not yet calculatedCVE-2023-23638
MISC
github -- enterprise_serverA path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program.2023-03-08not yet calculatedCVE-2023-23760
MISC
MISC
MISC
MISC
fortinet -- fortianalyzerAn exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer2023-03-07not yet calculatedCVE-2023-23776
MISC
rocket.chat -- rocket.chatAn improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room.2023-03-10not yet calculatedCVE-2023-23911
MISC
azure -- setup-kubectlAzure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs fs.chmodSync(kubectlPath, 777) to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions v3 and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue.2023-03-06not yet calculatedCVE-2023-23939
MISC
MISC
agilebio -- electronic_lab_notebookAgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.2023-03-06not yet calculatedCVE-2023-24217
MISC
MISC
poly/hp -- trioAn arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.2023-03-08not yet calculatedCVE-2023-24282
MISC
MISC
openharmony -- openharmonyCommunication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash.2023-03-10not yet calculatedCVE-2023-24465
MISC
go -- p256The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.2023-03-08not yet calculatedCVE-2023-24532
MISC
MISC
MISC
MISC
go -- p256Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this.2023-03-08not yet calculatedCVE-2023-24533
MISC
MISC
MISC
phpipam -- phpipamphpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php.2023-03-08not yet calculatedCVE-2023-24657
MISC
pmb -- pmbPMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php.2023-03-06not yet calculatedCVE-2023-24733
MISC
pmb -- pmbAn arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file.2023-03-06not yet calculatedCVE-2023-24734
MISC
pmb -- pmbPMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL.2023-03-06not yet calculatedCVE-2023-24735
MISC
pmb -- pmbPMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php.2023-03-06not yet calculatedCVE-2023-24736
MISC
pmb -- pmbPMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php.2023-03-06not yet calculatedCVE-2023-24737
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list.2023-03-08not yet calculatedCVE-2023-24773
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php.2023-03-10not yet calculatedCVE-2023-24774
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php.2023-03-07not yet calculatedCVE-2023-24775
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php.2023-03-06not yet calculatedCVE-2023-24776
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list.2023-03-08not yet calculatedCVE-2023-24777
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns.2023-03-08not yet calculatedCVE-2023-24780
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.2023-03-07not yet calculatedCVE-2023-24781
MISC
funadmin -- funadminFunadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit.2023-03-08not yet calculatedCVE-2023-24782
MISC
ibm -- spectrum_symphonyIBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030.2023-03-10not yet calculatedCVE-2023-24975
MISC
MISC
hashicorp -- vault/vault_enterpriseHashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above.2023-03-11not yet calculatedCVE-2023-24999
MISC
ec-cube -- 4_seriesCross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script.2023-03-06not yet calculatedCVE-2023-25077
MISC
MISC
trend_micro -- apex_one_serverAn uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.2023-03-10not yet calculatedCVE-2023-25143
MISC
trend_micro -- apex_oneAn improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.2023-03-10not yet calculatedCVE-2023-25144
MISC
MISC
trend_micro -- apex_oneA link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2023-03-10not yet calculatedCVE-2023-25145
MISC
MISC
trend_micro -- apex_oneA security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2023-03-10not yet calculatedCVE-2023-25146
MISC
MISC
trend_micro -- apex_oneAn issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this.2023-03-10not yet calculatedCVE-2023-25147
MISC
trend_micro -- apex_oneA security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2023-03-10not yet calculatedCVE-2023-25148
MISC
MISC
discourse -- discourse-yearly-reviewdiscourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit b3ab33bbf7 which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the yearly_review_enabled setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually.2023-03-06not yet calculatedCVE-2023-25169
MISC
MISC
crmeb -- crmebCRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list.2023-03-07not yet calculatedCVE-2023-25223
MISC
loonflow -- loonflowloonflow r2.0.14 is vulnerable to server-side request forgery (SSRF).2023-03-07not yet calculatedCVE-2023-25230
MISC
prism_launcher -- prism_launcherPrism Launcher <= 6.1 is vulnerable to Directory Traversal.2023-03-06not yet calculatedCVE-2023-25304
MISC
totolink -- a7100ruTOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability.2023-03-08not yet calculatedCVE-2023-25395
MISC
metersphere -- meterspheremetersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-03-09not yet calculatedCVE-2023-25573
MISC
fortinet -- fortisoarA improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests.2023-03-07not yet calculatedCVE-2023-25605
MISC
fortinet -- fortianalyzerA improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names.2023-03-07not yet calculatedCVE-2023-25611
MISC
apache -- http_serverSome mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.2023-03-07not yet calculatedCVE-2023-25690
MISC
metersphere -- meterspheremetersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue.2023-03-09not yet calculatedCVE-2023-25814
MISC
openharmony -- openharmonyThe bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package.2023-03-10not yet calculatedCVE-2023-25947
MISC
docker -- buildkitBuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from .git/config file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in BuildInfo structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting BUILDX_GIT_INFO=0. buildctl does not set VCS hints based on .git directory, and values would need to be passed manually with --opt.2023-03-06not yet calculatedCVE-2023-26054
MISC
MISC
samsung -- multiple_productsAn issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List.2023-03-10not yet calculatedCVE-2023-26075
MISC
MISC
MISC
snyk -- snykAll versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.2023-03-09not yet calculatedCVE-2023-26109
MISC
snyk -- snykAll versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation.2023-03-09not yet calculatedCVE-2023-26110
MISC
fortinet -- multiple_productsA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.2023-03-09not yet calculatedCVE-2023-26208
MISC
fortinet -- multiple_productsA improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form.2023-03-09not yet calculatedCVE-2023-26209
MISC
ubika -- waap gateway/cloudIn UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15.2023-03-08not yet calculatedCVE-2023-26261
MISC
MISC
go -- gosaml2
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a deflate-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with deflate is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it may be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0.2023-03-03not yet calculatedCVE-2023-26483
MISC
MISC
MISC
MISC
wasmtime -- wasmtimewasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to 0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexisting wasm modules to see if they're affected by the incorrect codegen rules and possibly correlate that with an anomalous number of traps during historical execution to locate possibly suspicious modules. The specific bug in Cranelift's x86_64 backend is that a WebAssembly address which is left-shifted by a constant amount from 1 to 3 will get folded into x86_64's addressing modes which perform shifts. For example (i32.load (i32.shl (local.get 0) (i32.const 3))) loads from the WebAssembly address $local0 << 3. When translated to Cranelift the $local0 << 3 computation, a 32-bit value, is zero-extended to a 64-bit value and then added to the base address of linear memory. Cranelift would generate an instruction of the form movl (%base, %local0, 8), %dst which calculates %base + %local0 << 3. The bug here, however, is that the address computation happens with 64-bit values, where the $local0 << 3 computation was supposed to be truncated to a a 32-bit value. This means that %local0, which can use up to 32-bits for an address, gets 3 extra bits of address space to be accessible via this movl instruction. The fix in Cranelift is to remove the erroneous lowering rules in the backend which handle these zero-extended expression. The above example is then translated to movl %local0, %temp; shl $3, %temp; movl (%base, %temp), %dst which correctly truncates the intermediate computation of %local0 << 3 to 32-bits inside the %temp register which is then added to the %base value. Wasmtime version 4.0.1, 5.0.1, and 6.0.1 have been released and have all been patched to no longer contain the erroneous lowering rules. While updating Wasmtime is recommended, there are a number of possible workarounds that embedders can employ to mitigate this issue if updating is not possible. Note that none of these workarounds are on-by-default and require explicit configuration: 1. The Config::static_memory_maximum_size(0) option can be used to force all accesses to linear memory to be explicitly bounds-checked. This will perform a bounds check separately from the address-mode computation which correctly calculates the effective address of a load/store. Note that this can have a large impact on the execution performance of WebAssembly modules. 2. The Config::static_memory_guard_size(1 << 36) option can be used to greatly increase the guard pages placed after linear memory. This will guarantee that memory accesses up-to-34G away are guaranteed to be semantically correct by reserving unmapped memory for the instance. Note that this reserves a very large amount of virtual memory per-instances and can greatly reduce the maximum number of concurrent instances being run. 3. If using a non-x86_64 host is possible, then that will also work around this bug. This bug does not affect Wasmtime's or Cranelift's AArch64 backend, for example.2023-03-08not yet calculatedCVE-2023-26489
MISC
MISC
MISC
MISC
MISC
rsshub -- rsshubRSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds.2023-03-03not yet calculatedCVE-2023-26491
MISC
MISC
zoho -- multiple_productsManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.2023-03-06not yet calculatedCVE-2023-26600
MISC
MISC
zoho -- multiple_productsZoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).2023-03-06not yet calculatedCVE-2023-26601
MISC
MISC
shopex -- ecshopAn arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file.2023-03-07not yet calculatedCVE-2023-26823
MISC
variscite -- matrix_guiSQL injection vulnerability found in Variscite matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint.2023-03-08not yet calculatedCVE-2023-26922
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.2023-03-09not yet calculatedCVE-2023-26948
MISC
onekeyadmin -- onekeyadminAn arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file.2023-03-06not yet calculatedCVE-2023-26949
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.2023-03-07not yet calculatedCVE-2023-26953
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module.2023-03-07not yet calculatedCVE-2023-26954
MISC
onekeyadmin -- onekeyadmin
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module.2023-03-07not yet calculatedCVE-2023-26955
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.2023-03-08not yet calculatedCVE-2023-26956
MISC
onekeyadmin -- onekeyadminonekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins.2023-03-09not yet calculatedCVE-2023-26957
MISC
indexcontroller.java -- indexcontroller.javafeiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will.2023-03-08not yet calculatedCVE-2023-27088
MISC
radare -- radare2radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c.2023-03-10not yet calculatedCVE-2023-27114
MISC
MISC
webassembly -- webassemblyWebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.2023-03-10not yet calculatedCVE-2023-27115
MISC
MISC
webassembly -- webassemblyWebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType.2023-03-10not yet calculatedCVE-2023-27116
MISC
webassembly -- webassemblyWebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::eek:perator.2023-03-10not yet calculatedCVE-2023-27117
MISC
webassembly -- webassemblyWebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild.2023-03-10not yet calculatedCVE-2023-27119
MISC
jellyfin -- multiple_productsJellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.2023-03-10not yet calculatedCVE-2023-27161
MISC
MISC
MISC
halo -- multiple_productsAn arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file.2023-03-10not yet calculatedCVE-2023-27164
MISC
MISC
MISC
ibm -- instanaDocker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737.2023-03-03not yet calculatedCVE-2023-27290
MISC
MISC
directus -- directusDirectus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround.2023-03-06not yet calculatedCVE-2023-27474
MISC
MISC
MISC
go -- goutilGoutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue.2023-03-07not yet calculatedCVE-2023-27475
MISC
MISC
owslib -- owslibOWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both lxml and xml.etree) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See GHSA-8h9c-r582-mggc for details.2023-03-08not yet calculatedCVE-2023-27476
MISC
MISC
MISC
wasmtime -- wasmtimewasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the pshufb instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.2023-03-08not yet calculatedCVE-2023-27477
MISC
MISC
MISC
MISC
MISC
libmemcached -- libmemcachedlibmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLL_TIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high POLL_TIMEOUT setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state.2023-03-07not yet calculatedCVE-2023-27478
MISC
MISC
MISC
MISC
xwiki_platform -- xwiki_platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an XWiki.UIExtensionClass xobject to the user profile page, with an Extension Parameters content containing label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}. Then, navigating to PanelsCode.ApplicationsPanelConfigurationSheet (i.e., <xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet where <xwiki-host> is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see Hello from groovy! displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the PanelsCode.ApplicationsPanelConfigurationSheet wiki page and making the same modifications as shown in commit 6de5442f3c.2023-03-07not yet calculatedCVE-2023-27479
MISC
MISC
MISC
xwiki_platform -- xwiki_platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch e3527b98fd manually.2023-03-07not yet calculatedCVE-2023-27480
MISC
MISC
MISC
directus -- directusDirectus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the password field in directus_users can extract the argon2 password hashes by brute forcing the export functionality combined with a _starts_with filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the _starts_with or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has read access to the password field in directus_users.2023-03-07not yet calculatedCVE-2023-27481
MISC
MISC
MISC
homeassistant -- homeassistanthomeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet.2023-03-08not yet calculatedCVE-2023-27482
MISC
MISC
crossplane -- crossplanecrossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the Paved type's SetValue method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the Paved type's SetValue method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the SetValue method of the Paved type, constraining the index size as deemed appropriate.2023-03-09not yet calculatedCVE-2023-27483
MISC
MISC
crossplane -- crossplanecrossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's ToFieldPath, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround.2023-03-09not yet calculatedCVE-2023-27484
MISC
fbs-core -- fbs-corethmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying subresults, it is possible to query subresults from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue.2023-03-07not yet calculatedCVE-2023-27485
MISC
MISC
MISC
MISC
xcat -- xcatxCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit 85149c37f49.2023-03-08not yet calculatedCVE-2023-27486
MISC
MISC
MISC
MISC
next.js -- next.jsNextAuth.js is an open source authentication solution for Next.js applications. next-auth applications using OAuth provider versions before v4.20.1 have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to log in as the victim, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details.2023-03-09not yet calculatedCVE-2023-27490
MISC
MISC
MISC
MISC
MISC
MISC
apache_software_foundation -- http_serverHTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client.2023-03-07not yet calculatedCVE-2023-27522
MISC
rack -- rackA DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.2023-03-10not yet calculatedCVE-2023-27530
MISC
veeam -- backup_&_replicationVulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.2023-03-10not yet calculatedCVE-2023-27532
MISC
shadowocks -- x-ngShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS.2023-03-03not yet calculatedCVE-2023-27574
MISC
MISC
flarum -- flarumflarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the LESS parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom LESS setting, which the LESS parser will then read. For example, an attacker could use the following code to read the contents of the /etc/passwd file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version 1.7. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level.2023-03-10not yet calculatedCVE-2023-27577
MISC
MISC
debian-goodies -- debian-goodiesdebmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.)2023-03-05not yet calculatedCVE-2023-27635
MISC
l-soft -- listservThe REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.2023-03-05not yet calculatedCVE-2023-27641
MISC
netgear -- nighthawk_wifi6NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device.2023-03-10not yet calculatedCVE-2023-27850
MISC
netgear -- nighthawk_wifi6NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device.2023-03-10not yet calculatedCVE-2023-27851
MISC
netgear -- nighthawk_wifi6NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device.2023-03-10not yet calculatedCVE-2023-27852
MISC
netgear -- nighthawk_wifi6NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device.2023-03-10not yet calculatedCVE-2023-27853
MISC
pretix -- pretixrami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.2023-03-06not yet calculatedCVE-2023-27891
MISC
jenkins_project -- jenkinsJenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.2023-03-10not yet calculatedCVE-2023-27898
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.2023-03-10not yet calculatedCVE-2023-27899
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service.2023-03-10not yet calculatedCVE-2023-27900
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.2023-03-10not yet calculatedCVE-2023-27901
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.2023-03-10not yet calculatedCVE-2023-27902
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.2023-03-10not yet calculatedCVE-2023-27903
MISC
jenkins_project -- jenkinsJenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.2023-03-10not yet calculatedCVE-2023-27904
MISC
jenkins_project -- jenkinsJenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.2023-03-10not yet calculatedCVE-2023-27905
MISC
emacs -- emacsclient-mail.desktopemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification.2023-03-09not yet calculatedCVE-2023-27985
MISC
MISC
MISC
MLIST
emacs -- emacsclient-mail.desktopemacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.2023-03-09not yet calculatedCVE-2023-27986
MISC
MISC
MLIST

Back to top

Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.

Continue reading...