CISA Bulletins - Vulnerability Summary for the Week of May 15, 2023

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
ideasoft --rental_moduleUnrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.2023-05-2010CVE-2023-2712MISC
wago -- multiple_productsIn multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise.2023-05-159.8CVE-2023-1698MISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884.2023-05-129.8CVE-2023-2668MISCMISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability.2023-05-129.8CVE-2023-2669MISCMISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability.2023-05-129.8CVE-2023-2670MISCMISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888.2023-05-129.8CVE-2023-2672MISCMISC
companymaps_project -- companymapsSQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.2023-05-129.8CVE-2023-29809MISCMISC
judging_management_system_project -- judging_management_systemSQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter.2023-05-129.8CVE-2023-30246MISCMISC
storage_unit_rental_management_system_project -- storage_unit_rental_management_systemFile Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter.2023-05-129.8CVE-2023-30247MISCMISC
codesys -- multiple_productsAn authenticated, remote attacker may use a out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into memory which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47379MISC
codesys -- multiple_productsAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47380MISC
codesys -- multiple_productsAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47381MISC
codesys -- multiple_productsAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47382MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47383MISC
codesys -- multiple_productsAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47384MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpAppForce Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47385MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47386MISC
codesys -- multiple_productsAn authenticated remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47387MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47388MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47389MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a stack based out-of-bounds write vulnerability in the CmpTraceMgr Component of multiple CODESYS products in multiple versions to write data into the stack which can lead to a denial-of-service condition, memory overwriting, or remote code execution.2023-05-158.8CVE-2022-47390MISC
google -- chromeOut of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. (Chromium security severity: High)2023-05-128.8CVE-2023-2457MISCMISC
google -- chromeUse after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: High)2023-05-128.8CVE-2023-2458MISCMISC
ideasoft -- rental_moduleAuthorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.2023-05-208.8CVE-2023-2713MISC
codesys -- development_system_v3Inadequate Encryption Strength in CODESYS Development System V3 versions prior to V3.5.18.40 allows an unauthenticated local attacker to access and manipulate code of the encrypted boot application.2023-05-157.7CVE-2022-4048MISC
codesys -- multiple_productsIn multiple CODESYS products in multiple versions an unauthorized, remote attacker may use a improper input validation vulnerability to read from invalid addresses leading to a denial of service.2023-05-157.5CVE-2022-47391MISC
rosariosis -- rosariosisStorage of Sensitive Data in a Mechanism without Access Control in GitHub repository francoisjacquet/rosariosis prior to 11.0.2023-05-127.5CVE-2023-2665CONFIRMMISC
froxlor -- froxlorAllocation of Resources Without Limits or Throttling in GitHub repository froxlor/froxlor prior to 2.0.16.2023-05-127.5CVE-2023-2666CONFIRMMISC

Back to top

Medium Vulnerabilities​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
codesys -- multiple_productsMultiple CODESYS products in multiple versions are prone to a improper input validation vulnerability. An authenticated remote attacker may craft specific requests that use the vulnerability leading to a denial-of-service condition.2023-05-156.5CVE-2022-47378MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a improper input validation vulnerability in the CmpApp/CmpAppBP/CmpAppForce Components of multiple CODESYS products in multiple versions to read from an invalid address which can lead to a denial-of-service condition.2023-05-156.5CVE-2022-47392MISC
codesys -- multiple_productsAn authenticated, remote attacker may use a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple versions of multiple CODESYS products to force a denial-of-service situation.2023-05-156.5CVE-2022-47393MISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883.2023-05-126.1CVE-2023-2667MISCMISC
lost_and_found_information_system_project -- lost_and_found_information_systemA vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887.2023-05-126.1CVE-2023-2671MISCMISC
companymaps_project -- companymapsCross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.2023-05-126.1CVE-2023-29808MISCMISCMISC
jerryscript -- jerryscriptJerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c.2023-05-125.5CVE-2023-31913MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc.2023-05-125.5CVE-2023-31914MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c.2023-05-125.5CVE-2023-31916MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c.2023-05-125.5CVE-2023-31918MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c.2023-05-125.5CVE-2023-31919MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c.2023-05-125.5CVE-2023-31920MISC
jerryscript -- jerryscriptJerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c.2023-05-125.5CVE-2023-31921MISC
ibm -- planning_analytics_localIBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.2023-05-125.4CVE-2023-28520MISCMISC
ibm -- spectrum_protectIBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. IBM X-Force ID: 249325.2023-05-124.9CVE-2023-27863MISCMISC
codesolz -- easy_ad_managerAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodeSolz Easy Ad Manager plugin <= 1.0.0 versions.2023-05-124.8CVE-2023-25460MISC
simple_tooltips_project -- simple_tooltipsAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Justin Saad Simple Tooltips plugin <= 2.1.4 versions.2023-05-124.8CVE-2023-25958MISC
apexchat -- apexchatAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ApexChat plugin <= 1.3.1 versions.2023-05-124.8CVE-2023-28414MISC
codesys -- multiple_productsImproper Input Validation vulnerability in multiple CODESYS V3 products allows an authenticated remote attacker to block consecutive logins of a specific type.2023-05-154.3CVE-2022-22508MISC

Back to top

Low Vulnerabilities​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
microsoft -- azure_arc_jumpstartAzure Arc Jumpstart Information Disclosure Vulnerability2023-05-183.3CVE-2022-35798MISC

Back to top

Severity Not Yet Assigned​

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
umbraco -- cmsUmbraco CMS 4.11.8 through 7.15.10, and 7.12.4, allows Remote Code Execution by authenticated administrators via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx.2023-05-18not yet calculatedCVE-2019-25137MISCMISCMISCMISC
google -- androidProduct: AndroidVersions: Android SoCAndroid ID: A-2737540942023-05-15not yet calculatedCVE-2021-0877MISC
moodle -- moodleMoodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.2023-05-16not yet calculatedCVE-2021-27131MISCMISC
fastweb – fastgate_media_access A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.2023-05-19not yet calculatedCVE-2022-30114MISCMISCMISC
western_digital -- multiple_productsAn uncontrolled resource consumption vulnerability issue that could arise by sending crafted requests to a service to consume a large amount of memory, eventually resulting in the service being stopped and restarted was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This issue requires the attacker to already have root privileges in order to exploit this vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.2023-05-18not yet calculatedCVE-2022-36326MISCMISC
western_digital -- multiple_productsImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to write files to locations with certain critical filesystem types leading to remote code execution was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.2023-05-18not yet calculatedCVE-2022-36327MISCMISC
western_digital -- multiple_productsImproper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configurations was discovered in Western Digital My Cloud Home, My Cloud Home Duo, SanDisk ibi and Western Digital My Cloud OS 5 devices. This can only be exploited once an attacker gains root privileges on the devices using an authentication bypass issue or another vulnerability.This issue affects My Cloud Home and My Cloud Home Duo: before 9.4.0-191; ibi: before 9.4.0-191; My Cloud OS 5: before 5.26.202.2023-05-18not yet calculatedCVE-2022-36328MISCMISC
xen -- xenMishandling of guest SSBD selection on AMD hardware The current logic to set SSBD on AMD Family 17h and Hygon Family 18h processors requires that the setting of SSBD is coordinated at a core level, as the setting is shared between threads. Logic was introduced to keep track of how many threads require SSBD active in order to coordinate it, such logic relies on using a per-core counter of threads that have SSBD active. When running on the mentioned hardware, it's possible for a guest to under or overflow the thread counter, because each write to VIRT_SPEC_CTRL.SSBD by the guest gets propagated to the helper that does the per-core active accounting. Underflowing the counter causes the value to get saturated, and thus attempts for guests running on the same core to set SSBD won't have effect because the hypervisor assumes it's already active.2023-05-17not yet calculatedCVE-2022-42336MISC
acronis -- cyber_protect_home_officeLocal privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40208.2023-05-18not yet calculatedCVE-2022-4418MISC
algoo -- tracimAlgoo Tracim before 4.4.2 allows XSS via HTML file upload.2023-05-17not yet calculatedCVE-2022-45144MISCMISCMISC
acronis -- multiple_productsSensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 28610, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 30984.2023-05-18not yet calculatedCVE-2022-45450MISC
acronis -- multiple_productsLocal privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.2023-05-18not yet calculatedCVE-2022-45452MISC
acronis -- cyber_protect_15TLS/SSL weak cipher suites enabled. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.2023-05-18not yet calculatedCVE-2022-45453MISC
acronis -- multiple_productsSensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984.2023-05-18not yet calculatedCVE-2022-45457MISC
acronis -- multiple_productsSensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984.2023-05-18not yet calculatedCVE-2022-45458MISC
acronis -- multiple_productsSensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.2023-05-18not yet calculatedCVE-2022-45459MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.2023-05-20not yet calculatedCVE-2022-47134MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Don Benjamin WP Custom Fields Search plugin <= 1.2.34 versions.2023-05-18not yet calculatedCVE-2022-47157MISC
wordpress -- wordpressThe Bit Form WordPress plugin before 1.9 does not validate the file types uploaded via it's file upload form field, allowing unauthenticated users to upload arbitrary files types such as PHP or HTML files to the server, leading to Remote Code Execution.2023-05-15not yet calculatedCVE-2022-4774MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.2023-05-19not yet calculatedCVE-2022-47984MISCMISC
vinteo -- vccVinteo VCC v2.36.4 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the conference parameter. This vulnerability allows attackers to inject arbitrary code which will be executed by the victim user's browser.2023-05-12not yet calculatedCVE-2022-48020MISCMISCMISC
octopus -- octopusIn affected versions of Octopus Deploy it is possible to discover network details via error message2023-05-18not yet calculatedCVE-2022-4870MISC
wordpress -- wordpressThe ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks2023-05-15not yet calculatedCVE-2023-0233MISC
wordpress -- wordpressThe f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2023-05-15not yet calculatedCVE-2023-0490MISC
wordpress -- wordpressThe RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored Cross-Site Scripting vulnerability which could be used against high-privilege users such as admin, furthermore lack of csrf protection means an attacker can trick a logged in admin to perform the attack by submitting a hidden form.2023-05-15not yet calculatedCVE-2023-0520MISC
wordpress -- wordpressThe WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.2023-05-15not yet calculatedCVE-2023-0600MISC
wordpress -- wordpressThe Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2023-05-15not yet calculatedCVE-2023-0644MISC
wordpress -- wordpressThe Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete arbitrary Staff via a CSRF attack2023-05-15not yet calculatedCVE-2023-0761MISC
wordpress -- wordpressThe Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete arbitrary designations via a CSRF attack2023-05-15not yet calculatedCVE-2023-0762MISC
wordpress -- wordpressThe Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack2023-05-15not yet calculatedCVE-2023-0763MISC
wordpress -- wordpressThe Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure.2023-05-15not yet calculatedCVE-2023-0812MISC
abb -- multiple_productsImproper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.2023-05-17not yet calculatedCVE-2023-0863MISC
abb -- multiple_productsCleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra AC wallbox (CE) Terra AC PTB, ABB Terra AC wallbox (CE) Symbiosis, ABB Terra AC wallbox (JP).This issue affects Terra AC wallbox (UL40/80A): from 1.0;0 through 1.5.5; Terra AC wallbox (UL32A) : from 1.0;0 through 1.6.5; Terra AC wallbox (CE) (Terra AC MID): from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC Juno CE: from 1.0;0 through 1.6.5; Terra AC wallbox (CE) Terra AC PTB : from 1.0;0 through 1.5.25; Terra AC wallbox (CE) Symbiosis: from 1.0;0 through 1.2.7; Terra AC wallbox (JP): from 1.0;0 through 1.6.5.2023-05-17not yet calculatedCVE-2023-0864MISC
wordpress -- wordpressThe BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-05-15not yet calculatedCVE-2023-0892MISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.2023-05-18not yet calculatedCVE-2023-0965MISCMISC
wordpress -- wordpressThe Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks.2023-05-15not yet calculatedCVE-2023-1019MISC
netapp -- snapcenterSnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user.2023-05-12not yet calculatedCVE-2023-1096MISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_se_driver_key_agreement

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-1132MISCMISC
linux -- kernelA use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server->hostname to NULL, leading to an invalid pointer request.2023-05-18not yet calculatedCVE-2023-1195MISC
wordpress -- wordpressThis HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.2023-05-15not yet calculatedCVE-2023-1207MISC
wordpress -- wordpressThe Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present2023-05-15not yet calculatedCVE-2023-1549MISC
wordpress -- wordpressThe tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-05-15not yet calculatedCVE-2023-1596MISC
mitshbishi_eclectric -- melsec_ws_series_wso-geth00200Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.2023-05-19not yet calculatedCVE-2023-1618MISCMISCMISC
huawei -- multiple_productsThe window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.2023-05-20not yet calculatedCVE-2023-1692MISCMISC
huawei -- multiple_productsThe Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.2023-05-20not yet calculatedCVE-2023-1693MISCMISC
huawei -- multiple_productsThe Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.2023-05-20not yet calculatedCVE-2023-1694MISCMISC
huawei -- multiple_productsThe multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.2023-05-20not yet calculatedCVE-2023-1696MISCMISC
libraw -- librawA flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex() caused by a maliciously crafted file may lead to an application crash.2023-05-15not yet calculatedCVE-2023-1729MISCMISCFEDORAFEDORA
cannon -- ij_nw_tooolCanon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the software.2023-05-17not yet calculatedCVE-2023-1763MISCMISC
cannon -- ij_nw_tooolCanon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive information on the Wi-Fi connection setup of the printer from the communication of the software.2023-05-17not yet calculatedCVE-2023-1764MISCMISC
wordpress -- wordpressThe Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-05-15not yet calculatedCVE-2023-1835MISC
wordpress -- wordpressThe Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).2023-05-15not yet calculatedCVE-2023-1839MISC
linux -- kernelA use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak.2023-05-17not yet calculatedCVE-2023-1859MISC
wordpress -- wordpressThe Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting2023-05-15not yet calculatedCVE-2023-1890MISC
wordpress -- wordpressThe Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.2023-05-15not yet calculatedCVE-2023-1915MISC
binutils -- binutilsA potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.2023-05-17not yet calculatedCVE-2023-1972MISCMISC
dassault -- 3dexperienceA reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code.2023-05-19not yet calculatedCVE-2023-1996MISC
cisco -- business_wireless_access_points_softwareA vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login authentication. This vulnerability is due to a logic error with the social login implementation. An attacker could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the Guest Portal without authentication.2023-05-18not yet calculatedCVE-2023-20003CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20024CISCO
cisco -- identity_services_engine_softwareMultiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.2023-05-18not yet calculatedCVE-2023-20077CISCO
cisco -- identity_services_engine_softwareMultiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device. These vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to download arbitrary files from the underlying filesystem of the affected device.2023-05-18not yet calculatedCVE-2023-20087CISCO
wordpress -- wordpressPlugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2023-05-15not yet calculatedCVE-2023-2009MISC
cisco -- identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20106CISCO
cisco -- smart_software_manager_on_premA vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface inadequately validates user input. An attacker could exploit this vulnerability by authenticating to the application as a low-privileged user and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to read sensitive data on the underlying database.2023-05-18not yet calculatedCVE-2023-20110CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20156CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20157CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20158CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20159CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20160CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20161CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20162CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20163CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20164CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20166CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform path traversal attacks on the underlying operating system to either elevate privileges to root or read arbitrary files. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20167CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20171CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to delete or read arbitrary files on the underlying operating system. To exploit these vulnerabilities, an attacker must have valid credentials on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20172CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20173CISCO
cisco – identity_services_engine_softwareMultiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read arbitrary files or conduct a server-side request forgery (SSRF) attack through an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20174CISCO
cisco -- digital_network_architecture_centerMultiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20182CISCO
cisco -- digital_network_architecture_centerMultiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20183CISCO
cisco -- digital_network_architecture_centerMultiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20184CISCO
cisco -- small_business_smart_and_managed_switchesMultiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affected device. These vulnerabilities are due to improper validation of requests that are sent to the web interface. For more information about these vulnerabilities, see the Details section of this advisory.2023-05-18not yet calculatedCVE-2023-20189CISCO
johnson_controls -- openblue_enterprise_manager_data_collectorImproper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances.2023-05-18not yet calculatedCVE-2023-2024MISCMISC
johnson_controls -- openblue_enterprise_manager_data_collectorOpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances.2023-05-18not yet calculatedCVE-2023-2025MISCMISC
mediatek -- multiple_productsIn vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103.2023-05-15not yet calculatedCVE-2023-20673MISC
mediatek -- multiple_productsIn preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only).2023-05-15not yet calculatedCVE-2023-20694MISC
mediatek -- multiple_productsIn preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only).2023-05-15not yet calculatedCVE-2023-20695MISC
mediatek -- multiple_productsIn preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only).2023-05-15not yet calculatedCVE-2023-20696MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.2023-05-15not yet calculatedCVE-2023-20697MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.2023-05-15not yet calculatedCVE-2023-20698MISC
mediatek -- multiple_productsIn adsp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696073; Issue ID: ALPS07696073.2023-05-15not yet calculatedCVE-2023-20699MISC
mediatek -- multiple_productsIn widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643304; Issue ID: ALPS07643304.2023-05-15not yet calculatedCVE-2023-20700MISC
mediatek -- multiple_productsIn widevine, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07643270; Issue ID: ALPS07643270.2023-05-15not yet calculatedCVE-2023-20701MISC
mediatek -- multiple_productsIn apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767853; Issue ID: ALPS07767853.2023-05-15not yet calculatedCVE-2023-20703MISC
mediatek -- multiple_productsIn apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767826; Issue ID: ALPS07767826.2023-05-15not yet calculatedCVE-2023-20704MISC
mediatek -- multiple_productsIn apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767870; Issue ID: ALPS07767870.2023-05-15not yet calculatedCVE-2023-20705MISC
mediatek -- multiple_productsIn apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767860; Issue ID: ALPS07767860.2023-05-15not yet calculatedCVE-2023-20706MISC
mediatek -- multiple_productsIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628556; Issue ID: ALPS07628556.2023-05-15not yet calculatedCVE-2023-20707MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.2023-05-15not yet calculatedCVE-2023-20708MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951.2023-05-15not yet calculatedCVE-2023-20709MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935.2023-05-15not yet calculatedCVE-2023-20710MISC
mediatek -- multiple_productsIn keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581668; Issue ID: ALPS07581668.2023-05-15not yet calculatedCVE-2023-20711MISC
mediatek -- multiple_productsIn vcu, there is a possible leak of dma buffer due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645185; Issue ID: ALPS07645185.2023-05-15not yet calculatedCVE-2023-20717MISC
mediatek -- multiple_productsIn vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645181; Issue ID: ALPS07645181.2023-05-15not yet calculatedCVE-2023-20718MISC
mediatek -- multiple_productsIn pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.2023-05-15not yet calculatedCVE-2023-20719MISC
mediatek -- multiple_productsIn pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629586; Issue ID: ALPS07629586.2023-05-15not yet calculatedCVE-2023-20720MISC
mediatek -- multiple_productsIn isp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07162155; Issue ID: ALPS07162155.2023-05-15not yet calculatedCVE-2023-20721MISC
mediatek -- multiple_productsIn m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084.2023-05-15not yet calculatedCVE-2023-20722MISC
mnld -- mnldIn mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only).2023-05-15not yet calculatedCVE-2023-20726MISC
vmware -- aria_operationsVMware Aria Operations contains a privilege escalation vulnerability. An authenticated malicious user with ReadOnly privileges can perform code execution leading to privilege escalation.2023-05-12not yet calculatedCVE-2023-20877MISC
vmware -- aria_operationsVMware Aria Operations contains a deserialization vulnerability. A malicious actor with administrative privileges can execute arbitrary commands and disrupt the system.2023-05-12not yet calculatedCVE-2023-20878MISC
vmware -- aria_operationsVMware Aria Operations contains a Local privilege escalation vulnerability. A malicious actor with administrative privileges in the Aria Operations application can gain root access to the underlying operating system.2023-05-12not yet calculatedCVE-2023-20879MISC
openstack -- openstackA flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality.2023-05-12not yet calculatedCVE-2023-2088MISC
vmware -- aria_operationsVMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.2023-05-12not yet calculatedCVE-2023-20880MISC
cloud_controller_ap -- cloud_controller_apiCloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.2023-05-19not yet calculatedCVE-2023-20881MISC
google -- androidIn onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-1899425292023-05-15not yet calculatedCVE-2023-20914MISC
google -- androidIn pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2505760662023-05-15not yet calculatedCVE-2023-20930MISC
google -- androidIn __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-260821414References: Upstream kernel2023-05-15not yet calculatedCVE-2023-21102MISC
google -- androidIn registerPhoneAccount of PhoneAccountRegistrar.java, uncaught exceptions in parsing persisted user data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2590646222023-05-15not yet calculatedCVE-2023-21103MISC
google -- androidIn applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-2599387712023-05-15not yet calculatedCVE-2023-21104MISC
google -- androidIn adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel2023-05-15not yet calculatedCVE-2023-21106MISC
google -- androidIn retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2593850172023-05-15not yet calculatedCVE-2023-21107MISC
google -- androidIn multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2615895972023-05-15not yet calculatedCVE-2023-21109MISC
google -- androidIn several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2584223652023-05-15not yet calculatedCVE-2023-21110MISC
google -- androidIn several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2568197692023-05-15not yet calculatedCVE-2023-21111MISC
google -- androidIn AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2527639832023-05-15not yet calculatedCVE-2023-21112MISC
google -- androidIn verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2562022732023-05-15not yet calculatedCVE-2023-21116MISC
google -- androidIn registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2633581012023-05-15not yet calculatedCVE-2023-21117MISC
google -- androidIn unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-2690140042023-05-15not yet calculatedCVE-2023-21118MISC
linux -- kernelAn out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.2023-05-15not yet calculatedCVE-2023-2124MISC

schneider_electric -- opc_factory_server
A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that
could cause unauthorized read access to the file system when a malicious configuration file is
loaded on to the software by a local user.
2023-05-16not yet calculatedCVE-2023-2161MISC
wordpress -- wordpressThe WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users, which could allow low privilege users such as subscriber to update arbitrary order status, making them paid without actually paying for them for example2023-05-15not yet calculatedCVE-2023-2179MISC
wordpress -- wordpressThe KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod arbitrary files, as well as perform PHAR unserialization (assuming they can upload a file on the server)2023-05-15not yet calculatedCVE-2023-2180MISC
gitlab -- gitlabAn issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.2023-05-12not yet calculatedCVE-2023-2181MISCMISCCONFIRM
jenkins -- Jenkins_code_dx_pluginA cross-site request forgery (CSRF) vulnerability in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers to connect to an attacker-specified URL.2023-05-16not yet calculatedCVE-2023-2195MISC
jenkins -- Jenkins_code_dx_pluginA missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Item/Read permission to check for the existence of an attacker-specified file path on an agent file system.2023-05-16not yet calculatedCVE-2023-2196MISC
red_hat -- webkitgtkA flaw was found in the WebKitGTK package. An improper input validation issue may lead to a use-after-free vulnerability. This flaw allows attackers with network access to pass specially crafted web content files, causing a denial of service or arbitrary code execution. This CVE exists because of a CVE-2023-28205 security regression for the WebKitGTK package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.2023-05-17not yet calculatedCVE-2023-2203MISCMISCMISCMISC
checkmk -- tribe29Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5.2023-05-15not yet calculatedCVE-2023-22318MISC
checkmk -- gmbhImproper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs.2023-05-17not yet calculatedCVE-2023-22348MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Subscribers.Com Subscribers plugin <= 1.5.3 versions.2023-05-15not yet calculatedCVE-2023-22684MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.2 versions.2023-05-12not yet calculatedCVE-2023-22685MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.2023-05-20not yet calculatedCVE-2023-22689MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shopfiles Ltd Ebook Store plugin <= 5.775 versions.2023-05-15not yet calculatedCVE-2023-22690MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Webcodin WCP Contact Form plugin <= 3.1.0 versions.2023-05-15not yet calculatedCVE-2023-22703MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.48 versions.2023-05-15not yet calculatedCVE-2023-22706MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in nCrafts FormCraft plugin <= 1.2.6 versions.2023-05-15not yet calculatedCVE-2023-22717MISC
wordpress -- wordpressThe WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.2023-05-20not yet calculatedCVE-2023-2276MISCMISCMISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.2023-05-19not yet calculatedCVE-2023-22878MISCMISC
red_hat -- libreswanA vulnerability was found in the libreswan library. This security issue occurs when an IKEv1 Aggressive Mode packet is received with only unacceptable crypto algorithms, and the response packet is not sent with a zero responder SPI. When a subsequent packet is received where the sender reuses the libreswan responder SPI as its own initiator SPI, the pluto daemon state machine crashes. No remote code execution is possible. This CVE exists because of a CVE-2023-30570 security regression for libreswan package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.2023-05-17not yet calculatedCVE-2023-2295MISCMISCMISCMISC

red_hat -- pcs
It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.2023-05-17not yet calculatedCVE-2023-2319MISCMISCMISC
sick_ag -- multiple_productsImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote
attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the
REST interface.
2023-05-15not yet calculatedCVE-2023-23445MISCMISCMISC
sick_ag -- multiple_productsImproper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers
1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface.
2023-05-15not yet calculatedCVE-2023-23446MISCMISCMISC
sick_ag -- multiple_productsUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged
remote attacker to influence the availability of the webserver by invocing several open file requests via
the REST interface.
2023-05-15not yet calculatedCVE-2023-23447MISCMISCMISC
sick_ag -- multiple_productsInclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a
remote attacker to gain information about valid usernames via analysis of source code.
2023-05-15not yet calculatedCVE-2023-23448MISCMISCMISC
sick_ag -- multiple_productsObservable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker
to gain information about valid usernames by analyzing challenge responses from the server via the
REST interface.
2023-05-15not yet calculatedCVE-2023-23449MISCMISCMISC
sick_ag -- multiple_productsUse of Password Hash Instead of Password for Authentication in SICK FTMg AIR
FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526
allows an unprivileged remote attacker to use a password hash instead of an actual password to login
to a valid user account via the REST interface.
2023-05-15not yet calculatedCVE-2023-23450MISCMISCMISC
facebook -- hermesAn error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-23556MISCMISC
facebook -- hermesAn error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-23557MISCMISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPmanage Uji Popup plugin <= 1.4.3 versions.2023-05-16not yet calculatedCVE-2023-23641MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SparkPost plugin <= 3.2.5 versions.2023-05-15not yet calculatedCVE-2023-23654MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Richard Leishman t/a Webforward Mail Subscribe List plugin <= 2.1.9 versions.2023-05-16not yet calculatedCVE-2023-23657MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in BeRocket Brands for WooCommerce plugin <= 3.7.0.6 versions.2023-05-18not yet calculatedCVE-2023-23667MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Harish Chouhan, Themeist I Recommend This plugin <= 3.8.3 versions.2023-05-16not yet calculatedCVE-2023-23673MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in RVOLA WP Original Media Path plugin <= 2.4.0 versions.2023-05-15not yet calculatedCVE-2023-23674MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bruno "Aesqe" Babic File Gallery plugin <= 1.8.5.3 versions.2023-05-16not yet calculatedCVE-2023-23676MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Maintenance Mode plugin <= 1.0.1 versions.2023-05-15not yet calculatedCVE-2023-23682MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ozan Canakli White Label Branding for Elementor Page Builder plugin <= 1.0.2 versions.2023-05-15not yet calculatedCVE-2023-23683MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin <= 4.4 versions.2023-05-15not yet calculatedCVE-2023-23688MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Arconix Shortcodes plugin <= 2.1.7 versions.2023-05-16not yet calculatedCVE-2023-23703MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Denis WPJAM Basic plugin <= 6.2.1 versions.2023-05-16not yet calculatedCVE-2023-23709MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NetReviews SAS Verified Reviews (Avis Vérifiés) plugin <= 2.3.13 versions.2023-05-16not yet calculatedCVE-2023-23720MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Formilla Live Chat by Formilla plugin <= 1.3 versions.2023-05-16not yet calculatedCVE-2023-23727MISC
facebook -- fizzThere is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service).2023-05-18not yet calculatedCVE-2023-23759MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SnapOrbital Panorama plugin <= 1.5 versions.2023-05-12not yet calculatedCVE-2023-23810MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gautam Thapar Button Builder – Buttons X plugin <= 0.8.6 versions.2023-05-12not yet calculatedCVE-2023-23867MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.2023-05-20not yet calculatedCVE-2023-23890MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MonsterInsights plugin <= 8.14.0 versions.2023-05-18not yet calculatedCVE-2023-23999MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.2023-05-20not yet calculatedCVE-2023-24414MISC
openprinting -- cups-filterscups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. beh.c contains the line retval = system(cmdline) >> 8; which calls the system command with the operand cmdline. cmdline contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit 8f2740357 and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime.2023-05-17not yet calculatedCVE-2023-24805MISCMISCMISCMISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_se_opaque_import_key

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-2481MISCMISC
facebook -- hermesA null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-24832MISCMISC
facebook -- hermesA use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-24833MISCMISC
emacs -- emacsA flaw was found in the Emacs text editor. Processing a specially crafted org-mode code with the "org-babel-execute:latex" function in ob-latex.el can result in arbitrary command execution. This CVE exists because of a CVE-2023-28617 security regression for the emacs package in Red Hat Enterprise Linux 8.8 and Red Hat Enterprise Linux 9.2.2023-05-17not yet calculatedCVE-2023-2491MISCMISCMISCMISC
wordpress -- wordpressThe RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a Google social login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2023-05-16not yet calculatedCVE-2023-2499MISCMISCMISC
autodesk -- infraworksA maliciously crafted DLL file can be forced to read beyond allocated boundaries in Autodesk InfraWorks 2023, and 2021 when parsing the DLL files could lead to a resource injection vulnerability.2023-05-12not yet calculatedCVE-2023-25005MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger a use-after-free vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25006MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an uninitialized pointer which could result in code execution.2023-05-12not yet calculatedCVE-2023-25007MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25008MISC
autodesk -- 3ds_max_usd_pluginA malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution.2023-05-12not yet calculatedCVE-2023-25009MISC
asustor -- admA Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. An attacker can exploit this vulnerability to inject malicious scripts into the target applications to access any cookies or sensitive information retained by the browser and used with that application. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below, LooksGood 2.0.0.R129 and below and SoundsGood 2.3.0.r1027 and below.2023-05-17not yet calculatedCVE-2023-2509MISC
wordpress -- wordpressThe Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-05-17not yet calculatedCVE-2023-2528MISCMISCMISC
videostream -- videostreamVideostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours.2023-05-17not yet calculatedCVE-2023-25394MISCMISC
soft-o -- free_password_managerA DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.2023-05-12not yet calculatedCVE-2023-25428MISCMISC
wordpress -- wordpressThe RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers, with administrator-level permissions and above, to change user passwords and potentially take over super-administrator accounts in multisite setup.2023-05-16not yet calculatedCVE-2023-2548MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions.2023-05-18not yet calculatedCVE-2023-25698MISC
ibm -- security_verify_accessIBM Security Verify Access 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, and 10.0.5 could allow an attacker to crash the webseald process using specially crafted HTTP requests resulting in loss of access to the system. IBM X-Force ID: 247635.2023-05-12not yet calculatedCVE-2023-25927MISCMISC
facebook -- hermesA type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-25933MISCMISC
reactphp -- httpreact/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Previous versions of ReactPHP's HTTP server component contain a potential DoS vulnerability that can cause high CPU load when processing large HTTP request bodies. This vulnerability has little to no impact on the default configuration, but can be exploited when explicitly using the RequestBodyBufferMiddleware with very large settings. This might lead to consuming large amounts of CPU time for processing requests and significantly delay or slow down the processing of legitimate user requests. This issue has been addressed in release 1.9.0. Users are advised to upgrade. Users unable to upgrade may keep the request body limited using RequestBodyBufferMiddleware with a sensible value which should mitigate the issue. An infrastructure or DevOps workaround could be to place a reverse proxy in front of the ReactPHP HTTP server to filter out any excessive HTTP request bodies.2023-05-17not yet calculatedCVE-2023-26044MISCMISC
wordpress -- wordpressThe Multiple Page Generator Plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to missing nonce verification on the projects_list function and insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries leading to resource exhaustion via a forged request granted they can trick an administrator into performing an action such as clicking on a link. Version 3.3.18 addresses the SQL Injection, which drastically reduced the severity.2023-05-17not yet calculatedCVE-2023-2608MISCMISCMISCMISC
jenkins -- code_dx_pluginA missing permission check in Jenkins Code Dx Plugin 3.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.2023-05-16not yet calculatedCVE-2023-2631MISC
jenkins -- code_dx_pluginJenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.2023-05-16not yet calculatedCVE-2023-2632MISC
jenkins -- code_dx_pluginJenkins Code Dx Plugin 3.1.0 and earlier does not mask Code Dx server API keys displayed on the configuration form, increasing the potential for attackers to observe and capture them.2023-05-16not yet calculatedCVE-2023-2633MISC
snow_software -- spe_slmData leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.2023-05-17not yet calculatedCVE-2023-2679MISC
telegram -- telegramTelegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.2023-05-19not yet calculatedCVE-2023-26818MISCMISC
sourcecodester -- billing_management_systemA vulnerability classified as critical was found in SourceCodester Billing Management System 1.0. This vulnerability affects unknown code of the file editproduct.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228970 is the identifier assigned to this vulnerability.2023-05-14not yet calculatedCVE-2023-2689MISCMISCMISC
sourcecodester -- personnel_property_equipment_systemA vulnerability, which was classified as critical, has been found in SourceCodester Personnel Property Equipment System 1.0. This issue affects some unknown processing of the file admin/returned_reuse_form.php of the component GET Parameter Handler. The manipulation of the argument client_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228971.2023-05-14not yet calculatedCVE-2023-2690MISCMISCMISC
sourcecodester -- personnel_property_equipment_systemA vulnerability, which was classified as problematic, was found in SourceCodester Personnel Property Equipment System 1.0. Affected is an unknown function of the file admin/add_item.php of the component POST Parameter Handler. The manipulation of the argument item_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228972.2023-05-14not yet calculatedCVE-2023-2691MISCMISCMISC
sourcecodester -- ict_laboratoryA vulnerability has been found in SourceCodester ICT Laboratory Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file views/room_info.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228973 was assigned to this vulnerability.2023-05-14not yet calculatedCVE-2023-2692MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability was found in SourceCodester Online Exam System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mahasiswa/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228974 is the identifier assigned to this vulnerability.2023-05-14not yet calculatedCVE-2023-2693MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability was found in SourceCodester Online Exam System 1.0. It has been classified as critical. This affects an unknown part of the file /dosen/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228975.2023-05-14not yet calculatedCVE-2023-2694MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability was found in SourceCodester Online Exam System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /kelas/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228976.2023-05-14not yet calculatedCVE-2023-2695MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability was found in SourceCodester Online Exam System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /matkul/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228977 was assigned to this vulnerability.2023-05-14not yet calculatedCVE-2023-2696MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Affected is an unknown function of the file /jurusan/data of the component POST Parameter Handler. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228978 is the identifier assigned to this vulnerability.2023-05-14not yet calculatedCVE-2023-2697MISCMISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979.2023-05-14not yet calculatedCVE-2023-2698MISCMISCMISC
sourcecodester -- lost_and_found_information_systemA vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980.2023-05-14not yet calculatedCVE-2023-2699MISCMISCMISC
libvrt -- libvrtA vulnerability was found in libvirt. This security flaw ouccers due to repeatedly querying an SR-IOV PCI device's capabilities that exposes a memory leak caused by a failure to free the virPCIVirtualFunction array within the parent struct's g_autoptr cleanup.2023-05-15not yet calculatedCVE-2023-2700MISCMISCMISC
wordpress -- wordpressThe BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2023-05-19not yet calculatedCVE-2023-2704MISCMISCMISCMISC
wordpress -- wordpressThe OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. This is due to the fact that when generating OTP codes for users to use in order to login via phone number, the plugin returns these codes in an AJAX response. This makes it possible for unauthenticated attackers to obtain login codes for administrators. This does require an attacker have access to the phone number configured for an account, which can be obtained via social engineering or reconnaissance.2023-05-17not yet calculatedCVE-2023-2706MISCMISCMISC
wordpress -- wordpressThe Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-05-16not yet calculatedCVE-2023-2708MISCMISCMISC
wordpress -- wordpressThe video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2023-05-16not yet calculatedCVE-2023-2710MISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.2023-05-20not yet calculatedCVE-2023-2714MISCMISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.2023-05-20not yet calculatedCVE-2023-2715MISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.2023-05-20not yet calculatedCVE-2023-2716MISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.2023-05-20not yet calculatedCVE-2023-2717MISCMISCMISC
google -- chromeUse after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)2023-05-16not yet calculatedCVE-2023-2721MISCMISCMISCMISCMISC
belkin -- smart_outletA stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a crafted UPNP request.2023-05-18not yet calculatedCVE-2023-27217MISC
google -- chromeUse after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-05-16not yet calculatedCVE-2023-2722MISCMISCMISCMISCMISC
google -- chromeUse after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-05-16not yet calculatedCVE-2023-2723MISCMISCMISCMISCMISC
piwigo -- piwigoPiwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.2023-05-17not yet calculatedCVE-2023-27233MISCCONFIRM
google -- chromeType confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-05-16not yet calculatedCVE-2023-2724MISCMISCMISCMISCMISC
google -- chromeUse after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-05-16not yet calculatedCVE-2023-2725MISCMISCMISCMISCMISC
google -- chromeInappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)2023-05-16not yet calculatedCVE-2023-2726MISCMISCMISCMISCMISC
pimcore -- pimcoreCross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3.2023-05-16not yet calculatedCVE-2023-2730CONFIRMMISC
libtiff -- libtiffA NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or denial of service.2023-05-17not yet calculatedCVE-2023-2731MISCMISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.2023-05-20not yet calculatedCVE-2023-2735MISCMISCMISCMISC
wordpress -- wordpressThe Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-05-20not yet calculatedCVE-2023-2736MISCMISCMISCMISC
tongda -- oaA vulnerability classified as critical has been found in Tongda OA 11.10. This affects the function actionGetdata of the file GatewayController.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-16not yet calculatedCVE-2023-2738MISCMISCMISC
gira -- homeserverA vulnerability classified as problematic was found in Gira HomeServer up to 4.12.0.220829 beta. This vulnerability affects unknown code of the file /hslist. The manipulation of the argument lst with the input debug%27"><img%20src=x%20onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-16not yet calculatedCVE-2023-2739MISCMISC
sourcecodester -- guest_management_systemA vulnerability, which was classified as problematic, has been found in SourceCodester Guest Management System 1.0. Affected by this issue is some unknown functionality of the file dateTest.php of the component GET Parameter Handler. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229160.2023-05-16not yet calculatedCVE-2023-2740MISCMISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions.2023-05-18not yet calculatedCVE-2023-27423MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions.2023-05-18not yet calculatedCVE-2023-27430MISC
wordpress -- wordpressWordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. This allows unauthenticated attackers to access and load arbitrary translation files. In cases where an attacker is able to upload a crafted translation file onto the site, such as via an upload form, this could be also used to perform a Cross-Site Scripting attack.2023-05-17not yet calculatedCVE-2023-2745MISCMISCMISCMISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2023-05-17not yet calculatedCVE-2023-2752CONFIRMMISC
phpmyfaq -- phpmyfaqCross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2023-05-17not yet calculatedCVE-2023-2753MISCCONFIRM
pimcore -- pimcore/customer-data-frameworkSQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10.2023-05-17not yet calculatedCVE-2023-2756MISCCONFIRM
wordpress -- wordpressThe Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. This could lead to Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for subscriber-level attackers to access functions to save plugin data that can potentially lead to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-05-18not yet calculatedCVE-2023-2757MISCMISCMISC
weaver -- oaA vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. This vulnerability affects unknown code of the file /E-mobile/App/System/File/downfile.php. The manipulation of the argument url leads to absolute path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-229270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-17not yet calculatedCVE-2023-2765MISCMISCMISC
weaver -- oaA vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-17not yet calculatedCVE-2023-2766MISCMISCMISC
sucms -- sucmsA vulnerability was found in Sucms 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file admin_ads.php?action=add. The manipulation of the argument intro leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229274 is the identifier assigned to this vulnerability.2023-05-17not yet calculatedCVE-2023-2768MISCMISCMISC
sourcecodester -- service_provider_management_systemA vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275.2023-05-17not yet calculatedCVE-2023-2769MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. This vulnerability affects unknown code of the file /kelasdosen/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229276.2023-05-17not yet calculatedCVE-2023-2770MISCMISCMISC
sourcecodester -- online_exam_systemA vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. This issue affects some unknown processing of the file /jurusanmatkul/data. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229277 was assigned to this vulnerability.2023-05-17not yet calculatedCVE-2023-2771MISCMISCMISC
sourcecodester -- budget_and_expense_tracker_systemA vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Affected is an unknown function of the file /admin/budget/manage_budget.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-229278 is the identifier assigned to this vulnerability.2023-05-17not yet calculatedCVE-2023-2772MISCMISCMISC
code-projects -- bus_dispatch_and_information_systemA vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file view_admin.php. The manipulation of the argument adminid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229279.2023-05-17not yet calculatedCVE-2023-2773MISCMISCMISC
code-projects -- bus_dispatch_and_information_systemA vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file view_branch.php. The manipulation of the argument branchid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229280.2023-05-17not yet calculatedCVE-2023-2774MISCMISCMISC
idurar_erp -- crm_v1IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.2023-05-16not yet calculatedCVE-2023-27742MISC
code-projects -- bus_dispatch_and_information_systemA vulnerability was found in code-projects Bus Dispatch and Information System 1.0. It has been classified as critical. This affects an unknown part of the file adminHome.php. The manipulation of the argument reach_city leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229281 was assigned to this vulnerability.2023-05-17not yet calculatedCVE-2023-2775MISCMISCMISC
code-projects -- simple_photo_galleryA vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-229282 is the identifier assigned to this vulnerability.2023-05-17not yet calculatedCVE-2023-2776MISCMISCMISC
mlflow/mlflow -- mlflow/mlflowPath Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.2023-05-17not yet calculatedCVE-2023-2780CONFIRMMISC
acronis -- acronis_cyber_infrastructureSensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.3.1-38.2023-05-18not yet calculatedCVE-2023-2782MISC
gnu -- cflowA vulnerability was found in GNU cflow 1.7. It has been rated as problematic. This issue affects the function func_body/parse_variable_declaration of the file parser.c. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-229373 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-18not yet calculatedCVE-2023-2789MISCMISCMISCMISC
totolink -- n200reA vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Affected is an unknown function of the file /squashfs-root/etc_ro/custom.conf of the component Telnet Service. The manipulation leads to password in configuration file. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229374 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-18not yet calculatedCVE-2023-2790MISCMISCMISC
cnoa -- oaA vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Affected by this issue is some unknown functionality of the file /index.php?app=main&func=passport&action=login. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229376. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-18not yet calculatedCVE-2023-2799MISCMISCMISCMISC
huggingface -- transformersInsecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0.2023-05-18not yet calculatedCVE-2023-2800MISCCONFIRM
dell -- cloudiq_collectorDell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.2023-05-19not yet calculatedCVE-2023-28045MISC
weaver -- e-cologyA vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-19not yet calculatedCVE-2023-2806MISCMISCMISC
dell -- cloudlinkCloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure.2023-05-16not yet calculatedCVE-2023-28076MISC
facebook -- hermesA bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-28081MISCMISC
soureccodester -- class_scheduling_systemA vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428.2023-05-19not yet calculatedCVE-2023-2814MISCMISCMISC
sourcecodester -- online_jewelery_storeA vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.2023-05-19not yet calculatedCVE-2023-2815MISCMISCMISC
ellucian -- ethos_identityA vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.2023-05-20not yet calculatedCVE-2023-2822MISCMISCMISCMISC
sourcecodester -- class_scheduling_systemA vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability.2023-05-20not yet calculatedCVE-2023-2823MISCMISCMISC
sourcecodester -- dental_clinic_appointment_reservation_systemA vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability.2023-05-20not yet calculatedCVE-2023-2824MISCMISCMISC
brother_industries,_ltd. -- brother_iprint&scanBrother iPrint&Scan V6.11.2 and earlier contains an improper access control vulnerability. This vulnerability may be exploited by the other app installed on the victim user's Android device, which may lead to displaying the settings and/or log information of the affected app as a print preview.2023-05-18not yet calculatedCVE-2023-28369MISCMISCMISCMISC
ibm -- mqIBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.2023-05-19not yet calculatedCVE-2023-28514MISCMISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.2023-05-19not yet calculatedCVE-2023-28529MISCMISC
zulip -- zulipZulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: ZulipLDAPAuthBackend and an external authentication backend (any aside of ZulipLDAPAuthBackend and EmailAuthBackend) are the only ones enabled in AUTHENTICATION_BACKENDS in /etc/zulip/settings.py and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having Invitations are required for joining this organization organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the Invitations are required for joining this organization organization permission to prevent this issue.2023-05-19not yet calculatedCVE-2023-28623MISCMISC
facebook -- netconsdnetconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. A malicious individual could leverage this overflow to create heap memory corruption with attacker controlled data.2023-05-18not yet calculatedCVE-2023-28753MISCMISC
ibm -- mqIBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.2023-05-19not yet calculatedCVE-2023-28950MISCMISC
intel -- intel_oneapi_toolkitsImproper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-29242MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.35 versions.2023-05-16not yet calculatedCVE-2023-29439MISCMISC
sofawiki -- sofawikiSofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php.2023-05-18not yet calculatedCVE-2023-29720MISCMISC
exelysis -- unified_communication_solutionCross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page.2023-05-17not yet calculatedCVE-2023-29837MISCMISC
teslamate -- teslamateAn issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link.2023-05-18not yet calculatedCVE-2023-29857MISCMISC
flir-dvtel -- flir-dvtelAn issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device.2023-05-15not yet calculatedCVE-2023-29861MISCMISC
agasio -- camera_deviceAn issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters.2023-05-15not yet calculatedCVE-2023-29862MISCMISC
sage -- sageVersions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or "Client Server Network" Sage 300 configurations, could recover the SQL connection strings being used by Sage 300 and interact directly with the underlying database(s) to create, update, and delete all company records, bypassing the program’s role-based access controls.2023-05-16not yet calculatedCVE-2023-29927MISC
d-link -- dir-605lD-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,2023-05-16not yet calculatedCVE-2023-29961MISCMISC
sourcecodester -- student_study_center_desk_management_systemSourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.2023-05-18not yet calculatedCVE-2023-29985MISC
lavalite -- lavaliteLavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS).2023-05-18not yet calculatedCVE-2023-30124MISC
prestashop -- posstaticblocksPrestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().2023-05-16not yet calculatedCVE-2023-30189MISC
prestashop -- cdesignerPrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().2023-05-17not yet calculatedCVE-2023-30191MISC
prestashop -- customexporterPrestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.2023-05-19not yet calculatedCVE-2023-30199MISCMISC
sourcecodester -- judging_management_systemSQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file.2023-05-15not yet calculatedCVE-2023-30245MISCMISC
prestashop -- scquickaccountingInsecure permissions in the ps_customer table of Prestashop scquickaccounting before v3.7.3 allows attackers to access sensitive information stored in the component.2023-05-16not yet calculatedCVE-2023-30281MISC
perfreeblog -- perfreeblogAn arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file.2023-05-18not yet calculatedCVE-2023-30333MISC
ibm -- powervm_hypervisorAn internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of the isolation between logical partitions which could lead to data leakage or the execution of arbitrary code in other logical partitions on the same physical server. IBM X-Force ID: 252706.2023-05-17not yet calculatedCVE-2023-30438MISCMISC
morosystems -- easymindThe MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter.2023-05-17not yet calculatedCVE-2023-30452MISCMISC
facebook -- hermesA use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most React Native applications are not affected.2023-05-18not yet calculatedCVE-2023-30470MISCMISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.2023-05-18not yet calculatedCVE-2023-30487MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30501MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30502MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30503MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30504MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30505MISC
hpe -- aruba_edgeconnect_enterpriseVulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-05-16not yet calculatedCVE-2023-30506MISC
hpe -- aruba_edgeconnect_enterpriseMultiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.2023-05-16not yet calculatedCVE-2023-30507MISC
hpe -- aruba_edgeconnect_enterpriseMultiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.2023-05-16not yet calculatedCVE-2023-30508MISC
hpe -- aruba_edgeconnect_enterpriseMultiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.2023-05-16not yet calculatedCVE-2023-30509MISC
hpe -- aruba_edgeconnect_enterpriseA vulnerability exists in the Aruba EdgeConnect Enterprise web management interface that allows remote authenticated users to issue arbitrary URL requests from the Aruba EdgeConnect Enterprise instance. The impact of this vulnerability is limited to a subset of URLs which can result in the possible disclosure of data due to the network position of the Aruba EdgeConnect Enterprise instance.2023-05-16not yet calculatedCVE-2023-30510MISC
intel -- soc_watchHeap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-30763MISC
intel -- server_board_s2600wttImproper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-30768MISC
libtiff -- libtiffA vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.2023-05-19not yet calculatedCVE-2023-30774MISCMISCMISC
libtiff -- libtiffA vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.2023-05-19not yet calculatedCVE-2023-30775MISCMISCMISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TheGuideX User IP and Location plugin <= 2.2 versions.2023-05-18not yet calculatedCVE-2023-30780MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jon Christopher CMS Tree Page View plugin <= 1.6.7 versions.2023-05-18not yet calculatedCVE-2023-30868MISC
greenplum-db -- greenplum-dbGreenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. In versions prior to 6.22.3 Greenplum Database used an unsafe methods to extract tar files within GPPKGs. greenplum-db is vulnerable to path traversal leading to arbitrary file writes. An attacker can use this vulnerability to overwrite data or system files potentially leading to crash or malfunction of the system. Any files which are accessible to the running process are at risk. All users are requested to upgrade to Greenplum Database version 6.23.2 or higher. There are no known workarounds for this vulnerability.2023-05-15not yet calculatedCVE-2023-31131MISCMISC
dgraph-io -- dgraph-ioDgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being encrypted. This is problematic because two log lines will often have the same length, so due to these collisions we are reusing the same nonce many times. All audit logs generated by versions of Dgraph <v23.0.0 are affected. Attackers must have access to the system the logs are stored on. Dgraph users should upgrade to v23.0.0. Users unable to upgrade should store existing audit logs in a secure location and for extra security, encrypt using an external tool like gpg.2023-05-17not yet calculatedCVE-2023-31135MISCMISCMISC
collaboraonline -- collaboraonlineCollabora Online is a collaborative online office suite based on LibreOffice technology. This vulnerability report describes a reflected XSS vulnerability with full CSP bypass in Nextcloud installations using the recommended bundle. The vulnerability can be exploited to perform a trivial account takeover attack. The vulnerability allows attackers to inject malicious code into web pages, which can be executed in the context of the victim's browser session. This means that an attacker can steal sensitive data, such as login credentials or personal information, or perform unauthorized actions on behalf of the victim, such as modifying or deleting data. In this specific case, the vulnerability allows for a trivial account takeover attack. An attacker can exploit the vulnerability to inject code into the victim's browser session, allowing the attacker to take over the victim's account without their knowledge or consent. This can lead to unauthorized access to sensitive information and data, as well as the ability to perform actions on behalf of the victim. Furthermore, the fact that the vulnerability bypasses the Content Security Policy (CSP) makes it more dangerous, as CSP is an important security mechanism used to prevent cross-site scripting attacks. By bypassing CSP, attackers can circumvent the security measures put in place by the web application and execute their malicious code. This issue has been patched in versions 22.05.13, 21.11.9, and 6.4.27. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-15not yet calculatedCVE-2023-31145MISC
intel -- trace_analyzer_collectorUncontrolled search path in the Intel(R) Trace Analyzer and Collector before version 2020 update 3 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-31197MISC
intel -- solid_state_drive_toolboxImproper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access.2023-05-12not yet calculatedCVE-2023-31199MISC
checkmk_gmbh -- checkmkImproper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users.2023-05-17not yet calculatedCVE-2023-31208MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Haoqisir Baidu Tongji generator plugin <= 1.0.2 versions.2023-05-18not yet calculatedCVE-2023-31233MISC
sick_ag -- sick_ftmg_air_flow_sensorCleartext Storage of Sensitive Information in SICK FTMg AIR FLOW SENSOR with
Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote
attacker to potentially steal user credentials that are stored in the user’s browsers local storage via
cross-site-scripting attacks.
2023-05-15not yet calculatedCVE-2023-31408MISCMISCMISC
sick_ag -- sick_ftmg_air_flow_sensorUncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an remote attacker to influence the availability of the webserver by invocing a Slowloris style attack via HTTP requests.2023-05-15not yet calculatedCVE-2023-31409MISCMISCMISC
pharmacy_management_system -- pharmacy_management_system Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.2023-05-16not yet calculatedCVE-2023-31519MISC
opencms -- opencmsA stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module.2023-05-16not yet calculatedCVE-2023-31544MISCMISC
bludit -- bluditAn issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request.2023-05-16not yet calculatedCVE-2023-31572MISC
serendipity -- serendipityAn arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.2023-05-16not yet calculatedCVE-2023-31576MISC
tenda -- ac5_routerTenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.2023-05-16not yet calculatedCVE-2023-31587MISCMISCMISC
zammad -- zammadAn issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.2023-05-18not yet calculatedCVE-2023-31597MISC
openlink -- virtuoso-opensourceAn issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31607MISC
openlink -- virtuoso-opensourceAn issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31608MISC
openlink -- virtuoso-opensourceAn issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31609MISC
openlink -- virtuoso-opensourceAn issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31610MISC
openlink -- virtuoso-opensourceAn issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31611MISC
openlink -- virtuoso-opensourceAn issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31612MISC
openlink -- virtuoso-opensourceAn issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31613MISC
openlink -- virtuoso-opensourceAn issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement.2023-05-15not yet calculatedCVE-2023-31614MISC
openlink -- virtuoso-opensourceAn issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31615MISC
openlink -- virtuoso-opensourceAn issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31616MISC
openlink -- virtuoso-opensourceAn issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31617MISC
openlink -- virtuoso-opensourceAn issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31618MISC
openlink -- virtuoso-opensourceAn issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31619MISC
openlink -- virtuoso-opensourceAn issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31620MISC
openlink -- virtuoso-opensourceAn issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31621MISC
openlink -- virtuoso-opensourceAn issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31622MISC
openlink -- virtuoso-opensourceAn issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31623MISC
openlink -- virtuoso-opensourceAn issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31624MISC
openlink -- virtuoso-opensourceAn issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31625MISC
openlink -- virtuoso-opensourceAn issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31626MISC
openlink -- virtuoso-opensourceAn issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31627MISC
openlink -- virtuoso-opensourceAn issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31628MISC
openlink -- virtuoso-opensourceAn issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31629MISC
openlink -- virtuoso-opensourceAn issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31630MISC
openlink -- virtuoso-opensourceAn issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.2023-05-15not yet calculatedCVE-2023-31631MISC
redis -- redisredis-7.0.10 was discovered to contain a segmentation violation.2023-05-18not yet calculatedCVE-2023-31655MISC
luowice -- luowiceInsecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter.2023-05-16not yet calculatedCVE-2023-31677MISC
videogo -- videogoIncorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended.2023-05-16not yet calculatedCVE-2023-31678MISC
videogo -- videogoIncorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter.2023-05-16not yet calculatedCVE-2023-31679MISC
bludit -- bluditBludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo.2023-05-17not yet calculatedCVE-2023-31698MISCMISC
churchcrm -- churchcrmChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.2023-05-17not yet calculatedCVE-2023-31699MISC
tp-link -- tl-wpa4530_kit_v2TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd.2023-05-17not yet calculatedCVE-2023-31700MISC
tp-link -- tl-wpa4530_kit_v2TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove.2023-05-17not yet calculatedCVE-2023-31701MISC
microwold_technologies -- escan_management_consoleSQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.2023-05-17not yet calculatedCVE-2023-31702MISC
microwold_technologies -- escan_management_consoleCross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.2023-05-17not yet calculatedCVE-2023-31703MISC
semcms -- semcmsSEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.2023-05-19not yet calculatedCVE-2023-31707MISC
nasm -- nasmThere exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891).2023-05-17not yet calculatedCVE-2023-31722MISC
yasm -- yasmyasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c.2023-05-17not yet calculatedCVE-2023-31723MISCMISC
yasm -- yasmyasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c.2023-05-17not yet calculatedCVE-2023-31724MISCMISC
yasm -- yasmyasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c.2023-05-17not yet calculatedCVE-2023-31725MISCMISC
totolink -- a3300rTOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection.2023-05-18not yet calculatedCVE-2023-31729MISCMISC
tp-link -- archer_vr1600v_devicesA command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.2023-05-19not yet calculatedCVE-2023-31756MISC
dedecms -- dedecmsDedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'2023-05-19not yet calculatedCVE-2023-31757MISC
sourecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.2023-05-15not yet calculatedCVE-2023-31842MISC
sourecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=.2023-05-15not yet calculatedCVE-2023-31843MISC
sourecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=.2023-05-15not yet calculatedCVE-2023-31844MISC
sourecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=.2023-05-15not yet calculatedCVE-2023-31845MISC
davinci -- davinciIn davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side.2023-05-17not yet calculatedCVE-2023-31847MISC
davinci -- davincidavinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF).2023-05-17not yet calculatedCVE-2023-31848MISC
totolink -- cp300_plusA command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet.2023-05-16not yet calculatedCVE-2023-31856MISC
sourcecodester -- online_computer_laptop_storeSourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.2023-05-16not yet calculatedCVE-2023-31857MISC
jizhicms -- jizhicmsjizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.2023-05-19not yet calculatedCVE-2023-31862MISC
opentext -- documentum_content_serverOpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. The software comes prepackaged with a root owned SUID binary dm_secure_writer. The binary has security controls in place preventing creation of a file in a non-owned directory, or as the root user. However, these controls can be carefully bypassed to allow for an arbitrary file write as root.2023-05-18not yet calculatedCVE-2023-31871MISC
glazedlists -- glazedlistsAn XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter.2023-05-16not yet calculatedCVE-2023-31890MISC
rpa_technology -- mobile_mouseRPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE).2023-05-17not yet calculatedCVE-2023-31902MISCMISC
guppy_cms -- guppy_cmsGuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file.2023-05-17not yet calculatedCVE-2023-31903MISCMISC
savysoda -- wi-fi_hd_wireless_disk_drivesavysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion.2023-05-17not yet calculatedCVE-2023-31904MISC
edimax -- wireless_router_n300A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations.2023-05-12not yet calculatedCVE-2023-31983MISC
edimax -- wireless_router_n300A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations.2023-05-15not yet calculatedCVE-2023-31986MISC
xwiki -- xwiki_platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like http:example.com in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-15not yet calculatedCVE-2023-32068MISCMISCMISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_crypto_transparent_aead_encrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-32096MISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_crypto_transparent_aead_decrypt_tag

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-32097MISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_se_sign_message

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-32098MISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-32099MISCMISC
silicon_labs -- gecko_platform_sdkCompiler removal of buffer clearing in
sli_se_driver_mac_compute

in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM.
2023-05-18not yet calculatedCVE-2023-32100MISCMISC
wordpress -- wordpressImproper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.2023-05-12not yet calculatedCVE-2023-32243MISCMISCMISC
planet_labs -- planet_client_pythonPlanet is software that provides satellite data. The secret file stores the user's Planet API authentication information. It should only be accessible by the user, but before version 2.0.1, its permissions allowed the user's group and non-group to read the file as well. This issue was patched in version 2.0.1. As a workaround, set the secret file permissions to only user read/write by hand.2023-05-12not yet calculatedCVE-2023-32303MISCMISCMISC
aiven-extras -- aiven-extrasaiven-extras is a PostgreSQL extension. Versions prior to 1.1.9 contain a privilege escalation vulnerability, allowing elevation to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension. A low privileged user can create objects that collide with existing function names, which will then be executed instead. Exploiting this vulnerability could allow a low privileged user to acquire superuser privileges, which would allow full, unrestricted access to all data and database functions. And could lead to arbitrary code execution or data access on the underlying host as the postgres user. The issue has been patched as of version 1.1.9.2023-05-12not yet calculatedCVE-2023-32305MISCMISC
anukotime_tracker -- time_trackerTime Tracker is an open source time tracking system. A time-based blind injection vulnerability existed in Time Tracker reports in versions prior to 1.22.13.5792. This was happening because the reports.php page was not validating all parameters in POST requests. Because some parameters were not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue is fixed in version 1.22.13.5792. As a workaround, use the fixed code in ttReportHelper.class.php from version 1.22.13.5792.2023-05-12not yet calculatedCVE-2023-32306MISC
anuko_timetracker -- anuko_timetrackeranuko timetracker is an open source time tracking system. Boolean-based blind SQL injection vulnerability existed in Time Tracker invoices.php in versions prior to 1.22.11.5781. This was happening because of a coding error after validating parameters in POST requests. There was no check for errors before adjusting invoice sorting order. Because of this, it was possible to craft a POST request with malicious SQL for Time Tracker database. This issue has been fixed in version 1.22.11.5781. Users are advised to upgrade. Users unable to upgrade may insert an additional check for errors in a condition before calling ttGroupHelper::getActiveInvoices() in invoices.php.2023-05-15not yet calculatedCVE-2023-32308MISCMISC
pymdown-extensions -- pymdown-extensionsPyMdown Extensions is a set of extensions for the Python-Markdown markdown project. In affected versions an arbitrary file read is possible when using include file syntax. By using the syntax --8<--"/etc/passwd" or --8<--"/proc/self/environ" the content of these files will be rendered in the generated documentation. Additionally, a path relative to a specified, allowed base path can also be used to render the content of a file outside the specified base paths: --8<-- "../../../../etc/passwd". Within the Snippets extension, there exists a base_path option but the implementation is vulnerable to Directory Traversal. The vulnerable section exists in get_snippet_path(self, path) lines 155 to 174 in snippets.py. Any readable file on the host where the plugin is executing may have its content exposed. This can impact any use of Snippets that exposes the use of Snippets to external users. It is never recommended to use Snippets to process user-facing, dynamic content. It is designed to process known content on the backend under the control of the host, but if someone were to accidentally enable it for user-facing content, undesired information could be exposed. This issue has been addressed in version 10.0. Users are advised to upgrade. Users unable to upgrade may restrict relative paths by filtering input.2023-05-15not yet calculatedCVE-2023-32309MISCMISC
vm2 -- vm2vm2 is a sandbox that can run untrusted code with Node's built-in modules. In versions 3.9.17 and lower of vm2 it was possible to get a read-write reference to the node inspect method and edit options for console.log. As a result a threat actor can edit options for the console.log command. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. Users unable to upgrade may make the inspect method readonly with vm.readonly(inspect) after creating a vm.2023-05-15not yet calculatedCVE-2023-32313MISCMISCMISCMISC
vm2 -- vm2vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a host object based on the specification of Proxy. As a result a threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.18 of vm2. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-15not yet calculatedCVE-2023-32314MISCMISCMISCMISC
ombi -- ombiOmbi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in ReadLogFile and Download endpoints in SystemControllers.cs as the parameter logFileName is not sanitized before being combined with the Logs directory. When using Path.Combine(arg1, arg2, arg3), an attacker may be able to escape to folders/files outside of Path.Combine(arg1, arg2) by using ".." in arg3. In addition, by specifying an absolute path for arg3, Path.Combine will completely ignore the first two arguments and just return just arg3. This vulnerability can lead to information disclosure. The Ombi documentation suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit b8a8f029 and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088.2023-05-18not yet calculatedCVE-2023-32322MISCMISCMISCMISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Matt Gibbs Custom Field Suite plugin <= 2.6.2.1 versions.2023-05-18not yet calculatedCVE-2023-32515MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.2023-05-20not yet calculatedCVE-2023-32589MISC
vyper -- vyperVyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked nonpayable. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global calldatasize check in commit 02339dfda. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.2023-05-19not yet calculatedCVE-2023-32675MISCMISC
zulip -- zulipZulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams.2023-05-19not yet calculatedCVE-2023-32677MISCMISCMISCMISC
craft_cms -- craft_cmsCraft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-19not yet calculatedCVE-2023-32679MISC
metabase -- metabaseMetabase is an open source business analytics engine. To edit SQL Snippets, Metabase should have required people to be in at least one group with native query editing permissions to a database–but affected versions of Metabase didn't enforce that requirement. This lack of enforcement meant that: Anyone–including people in sandboxed groups–could edit SQL snippets. They could edit snippets via the API or, in the application UI, when editing the metadata for a model based on a SQL question, and people in sandboxed groups could edit a SQL snippet used in a query that creates their sandbox. If the snippet contained logic that restricted which data that person could see, they could potentially edit that snippet and change their level of data access. The permissions model for SQL snippets has been fixed in Metabase versions 0.46.3, 0.45.4, 0.44.7, 1.46.3, 1.45.4, and 1.44.7. Users are advised to upgrade. Users unable to upgrade should ensure that SQL queries used to create sandboxes exclude SQL snippets.2023-05-18not yet calculatedCVE-2023-32680MISCMISCMISCMISC
luatex -- luatexLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.2023-05-20not yet calculatedCVE-2023-32700MISCMISCMISCMISC
giturlparse -- giturlparsegiturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep through 1.21.0, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. This might be relevant if Semgrep is analyzing an untrusted package (for example, to check whether it accesses any Git repository at an http:// URL), and that package's author placed a ReDoS attack payload in a URL used by the package.2023-05-15not yet calculatedCVE-2023-32758MISCMISCMISC
symcon -- ip-symconThe web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. directory-traversal sequences in the URL.2023-05-17not yet calculatedCVE-2023-32767MISCMISC
keepass -- keepassIn KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.2023-05-15not yet calculatedCVE-2023-32784MISCMISCMISC
opc_ua_legacy_java_stack -- opc_ua_legacy_java_stackThe OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications.2023-05-15not yet calculatedCVE-2023-32787MISCCONFIRMMISC
synology -- synology_router_managerImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers to execute arbitrary commands via unspecified vectors.2023-05-16not yet calculatedCVE-2023-32955MISC
synology -- synology_router_managerImproper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to execute arbitrary code via unspecified vectors.2023-05-16not yet calculatedCVE-2023-32956MISC
jenkins_pipeline -- jenkins_pipelineJenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately.2023-05-16not yet calculatedCVE-2023-32977MISC
jenkins_ldap -- jenkins_ldapA cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.2023-05-16not yet calculatedCVE-2023-32978MISC
jenkins_email_extension Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system.2023-05-16not yet calculatedCVE-2023-32979MISC
jenkins_email_extension A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.2023-05-16not yet calculatedCVE-2023-32980MISC
jenkins_pipeline -- jenkins_pipelineAn arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content.2023-05-16not yet calculatedCVE-2023-32981MISC
jenkins_ansible -- jenkins_ansibleJenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.2023-05-16not yet calculatedCVE-2023-32982MISC
jenkins_ansible -- jenkins_ansibleJenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them.2023-05-16not yet calculatedCVE-2023-32983MISC
jenkins_testng_results -- jenkins_testng_resultsJenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a crafted TestNG report file.2023-05-16not yet calculatedCVE-2023-32984MISC
jenkins_sidebar_link -- jenkins_sidebar_linkJenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.2023-05-16not yet calculatedCVE-2023-32985MISC
jenkins_file_paramater -- jenkins_file_parameterJenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content.2023-05-16not yet calculatedCVE-2023-32986MISC
jenkins_reverse_proxy_auth -- jenkins_reverse_proxy_authA cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.2023-05-16not yet calculatedCVE-2023-32987MISC
jenkins_azure_vm_agents -- jenkins_azure_vm_agentsA missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.2023-05-16not yet calculatedCVE-2023-32988MISC
jenkins_azure_vm_agents -- jenkins_azure_vm_agentsA cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.2023-05-16not yet calculatedCVE-2023-32989MISC
jenkins_azure_vm_agents -- jenkins_azure_vm_agentsA missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained through another method.2023-05-16not yet calculatedCVE-2023-32990MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onA cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.2023-05-16not yet calculatedCVE-2023-32991MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onMissing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML, or parse a local file on the Jenkins controller as XML.2023-05-16not yet calculatedCVE-2023-32992MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.2023-05-16not yet calculatedCVE-2023-32993MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onJenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections.2023-05-16not yet calculatedCVE-2023-32994MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onA cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.2023-05-16not yet calculatedCVE-2023-32995MISC
jenkins_saml_single_sign_on -- jenkins_saml_single_sign_onA missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails.2023-05-16not yet calculatedCVE-2023-32996MISC
jenkins_cas -- jenkins_casJenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login.2023-05-16not yet calculatedCVE-2023-32997MISC
jenkins_appspider -- jenkins_appspiderA cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.2023-05-16not yet calculatedCVE-2023-32998MISC
jenkins_appspider -- jenkins_appspiderA missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a JSON payload consisting of attacker-specified credentials.2023-05-16not yet calculatedCVE-2023-32999MISC
jenkins_ns-nd -- jenkins_ns-ndJenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them.2023-05-16not yet calculatedCVE-2023-33000MISC
jenkins_hashicorp_vault -- jenkins_hashicorp_vaultJenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled.2023-05-16not yet calculatedCVE-2023-33001MISC
jenkins_testcomplete -- jenkins_testcompleteJenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2023-05-16not yet calculatedCVE-2023-33002MISC
jenkins_tag_profiler -- jenkins_tag_profilerA cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.2023-05-16not yet calculatedCVE-2023-33003MISC
jenkins_tag_profiler -- jenkins_tag_profilerA missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics.2023-05-16not yet calculatedCVE-2023-33004MISC
jenkins_wso2_oauth -- jenkins_wso2_oauthJenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login.2023-05-16not yet calculatedCVE-2023-33005MISC
jenkins_wso2_oauth -- jenkins_wso2_oauthA cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account.2023-05-16not yet calculatedCVE-2023-33006MISC
jenkins_loadcomplete -- jenkins_loadcompleteJenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.2023-05-16not yet calculatedCVE-2023-33007MISC
linux -- kernelThe Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device.2023-05-18not yet calculatedCVE-2023-33203MISCMISCMISC
jenkins_loadcomplete -- jenkins_loadcompletesysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.2023-05-18not yet calculatedCVE-2023-33204MISC
foxit_pdf_reader -- foxit_pdf_readerFoxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.2023-05-19not yet calculatedCVE-2023-33240MISC

obsidian -- obsidian
Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.2023-05-20not yet calculatedCVE-2023-33244MISCMISC

Back to top

Sort all tables

Continue reading...