Vulnerability Summary for the Week of April 3, 2023

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
mingsoft — mcms SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. 2023-04-04 9.8 CVE-2020-20913
MISC
publiccms — publiccms SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. 2023-04-04 9.8 CVE-2020-20914
MISC
publiccms — publiccms SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. 2023-04-04 9.8 CVE-2020-20915
MISC
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. 2023-03-31 9.8 CVE-2022-47190
CONFIRM
CONFIRM
CONFIRM
fernus — learning_management_systems Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. 2023-04-04 9.8 CVE-2023-1728
MISC
phpmyfaq — phpmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 9.8 CVE-2023-1753
MISC
CONFIRM
akbim — panon Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2. 2023-04-03 9.8 CVE-2023-1765
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671. 2023-03-31 9.8 CVE-2023-1770
MISC
MISC
MISC
rockoa — rockoa A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. 2023-03-31 9.8 CVE-2023-1773
MISC
MISC
MISC
jeecg — jeecg_boot A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. 2023-03-31 9.8 CVE-2023-1784
MISC
MISC
MISC
sourcecodester — earnings_and_expense_tracker_app A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700. 2023-03-31 9.8 CVE-2023-1785
MISC
MISC
MISC
firefly-iii — firefly_iii Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. 2023-04-01 9.8 CVE-2023-1789
MISC
CONFIRM
sourcecodester — simple_task_allocation_system A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743. 2023-04-02 9.8 CVE-2023-1791
MISC
MISC
MISC
sourcecodester — simple_mobile_comparison_website A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744. 2023-04-02 9.8 CVE-2023-1792
MISC
MISC
MISC
sourcecodester — police_crime_record_management_system A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability. 2023-04-02 9.8 CVE-2023-1793
MISC
MISC
MISC
otcms — otcms A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability. 2023-04-02 9.8 CVE-2023-1797
MISC
MISC
MISC
go-fastdfs_project — go-fastdfs A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: ‘../filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768. 2023-04-02 9.8 CVE-2023-1800
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-oclsadminsystem_infoindex.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. 2023-04-04 9.8 CVE-2023-1826
MISC
MISC
htmlunit_project — htmlunit Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. 2023-04-03 9.8 CVE-2023-26119
MISC
MISC
MISC
dlink — go-rt-ac750_firmware D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. 2023-04-01 9.8 CVE-2023-26822
MISC
MISC
gladinet — centrestack An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. 2023-03-31 9.8 CVE-2023-26829
MISC
myprestamodules — frequently_asked_questions_page SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. 2023-03-31 9.8 CVE-2023-26858
MISC
MISC
ibm — aspera_cargo/aspera_connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. 2023-04-02 9.8 CVE-2023-27284
MISC
MISC
ibm — aspera_cargo/aspera_connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. 2023-04-02 9.8 CVE-2023-27286
MISC
MISC
jenkins — role-based_authorization_strategy Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they’ve been disabled. 2023-04-02 9.8 CVE-2023-28668
MISC
jenkins — convert_to_pipeline Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin. 2023-04-02 9.8 CVE-2023-28677
MISC
202-ecommerce — paypal PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability. 2023-03-31 9.8 CVE-2023-28843
MISC
MISC
artifex — ghostscript In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. 2023-03-31 9.8 CVE-2023-28879
MISC
MISC
MISC
MLIST
DEBIAN
generex — cs141_firmware Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. 2023-03-31 9.1 CVE-2022-47189
CONFIRM
CONFIRM
CONFIRM
openapi-generator — openapi_generator openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 2023-03-31 9.1 CVE-2023-27162
MISC
MISC
MISC
MISC
deltaww — dx-2100l1-cn_firmware The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user “root.” If the attacker has credentials for the web service, then the device could be fully compromised. 2023-03-31 9 CVE-2023-0432
MISC
phpmywind — phpmywind SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. 2023-04-04 8.8 CVE-2020-21060
MISC
admesh_project — admesh An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-03 8.8 CVE-2022-38072
MISC
MISC
hcltech — hcl_compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. 2023-04-02 8.8 CVE-2022-42447
MISC
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. 2023-03-31 8.8 CVE-2022-47191
CONFIRM
CONFIRM
CONFIRM
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified “users.json” to the web server of the device, allowing him to replace the administrator password. 2023-03-31 8.8 CVE-2022-47192
CONFIRM
CONFIRM
CONFIRM
bestwebsoft — user_role The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. 2023-04-03 8.8 CVE-2023-0820
MISC
ibos — ibos A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635. 2023-03-31 8.8 CVE-2023-1747
MISC
MISC
MISC
phpmyfaq — phpmyfaq Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 8.8 CVE-2023-1762
MISC
CONFIRM
jenkins — octoperf_load_testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. 2023-04-02 8.8 CVE-2023-28674
MISC
jenkins — convert_to_pipeline A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). 2023-04-02 8.8 CVE-2023-28676
MISC
panasonic — aiseg2_firmware Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. 2023-03-31 8.8 CVE-2023-28726
MISC
panasonic — aiseg2_firmware Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. 2023-03-31 8.8 CVE-2023-28727
MISC
jenkins — visual_studio_code_metrics Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28681
MISC
jenkins — performance_publisher Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28682
MISC
jenkins — phabricator_differential Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28683
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 2023-04-01 7.8 CVE-2023-0189
MISC
gnu — binutils Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. 2023-04-03 7.8 CVE-2023-1579
MISC
linux — kernel hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. 2023-03-31 7.8 CVE-2023-28464
MISC
MISC
MISC
x-man_project — x-man X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. 2023-03-31 7.5 CVE-2022-46021
MISC
MISC
generex — cs141_firmware There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. 2023-03-31 7.5 CVE-2022-47188
CONFIRM
CONFIRM
CONFIRM
facebook — zstandard A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. 2023-03-31 7.5 CVE-2022-4899
MISC
akuvox — e11_firmware Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages. 2023-03-31 7.5 CVE-2023-0343
MISC
akuvox — e11_firmware Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. 2023-03-31 7.5 CVE-2023-0344
MISC
devolutions — devolutions_gateway Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. 2023-04-02 7.5 CVE-2023-1580
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability. 2023-03-31 7.5 CVE-2023-1769
MISC
MISC
MISC
sourcecodester — simple_task_allocation_system A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. 2023-04-01 7.5 CVE-2023-1790
MISC
MISC
MISC
cesnet — libyang libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. 2023-04-03 7.5 CVE-2023-26916
MISC
dlink — dir-882_firmware An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. 2023-03-31 7.5 CVE-2023-26925
MISC
MISC
tenda — ac6_firmware Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. 2023-04-04 7.5 CVE-2023-26976
MISC
ruoyi — ruoyi An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. 2023-04-02 7.5 CVE-2023-27025
MISC
MISC
appwrite — appwrite Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. 2023-03-31 7.5 CVE-2023-27159
MISC
MISC
MISC
MISC
MISC
jenkins — crap4j Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 7.5 CVE-2023-28680
MISC
ruby-lang — uri A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. 2023-03-31 7.5 CVE-2023-28755
MISC
MISC
CONFIRM
MISC
ruby-lang — time A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. 2023-03-31 7.5 CVE-2023-28756
MISC
CONFIRM
MISC
MISC
vtex — apps-graphql The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.) 2023-03-31 7.5 CVE-2023-28877
MISC
sophos — web_appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. 2023-04-04 7.2 CVE-2022-4934
CONFIRM
wpeasycart — wp_easycart The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 2023-04-03 7.2 CVE-2023-1124
MISC
gladinet — centrestack An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. 2023-03-31 7.2 CVE-2023-26830
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0183
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0186
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. 2023-04-01 7.1 CVE-2023-0191
MISC
nvidia — data_center_gpu_manager NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0208
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
monospace — directus An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. 2023-04-04 6.5 CVE-2020-19850
MISC
devolutions — remote_desktop_manager Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. 2023-04-02 6.5 CVE-2023-1202
MISC
inisev — redirection The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. 2023-04-03 6.5 CVE-2023-1330
MISC
devolutions — remote_desktop_manager Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. 2023-04-02 6.5 CVE-2023-1574
MISC
devolutions — devolutions_server Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. 2023-04-02 6.5 CVE-2023-1603
MISC
mattermost — mattermost_server When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. 2023-03-31 6.5 CVE-2023-1775
MISC
rbaskets — request_baskets request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 2023-03-31 6.5 CVE-2023-27163
MISC
MISC
MISC
MISC
nextcloud — richdocuments Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. 2023-03-31 6.5 CVE-2023-28645
MISC
MISC
MISC
jenkins — octoperf_load_testing Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-04-02 6.5 CVE-2023-28672
MISC
jenkins — remote-jobs-view Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 6.5 CVE-2023-28684
MISC
nextcloud — nextcloud_server Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-03-31 6.5 CVE-2023-28844
MISC
MISC
linux — kernel A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea 2023-04-03 6.3 CVE-2023-1611
MISC
MISC
FEDORA
FEDORA
editor.md — editor.md Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the 2023-04-04 6.1 CVE-2020-19697
MISC
editor.md — editor.md Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. 2023-04-04 6.1 CVE-2020-19698
MISC
kiftd_project — kiftd Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the tag in the upload file page. 2023-04-04 6.1 CVE-2020-19699
MISC
MISC
kitecms — kitecms Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. 2023-04-04 6.1 CVE-2020-20521
MISC
kitecms — kitecms Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. 2023-04-04 6.1 CVE-2020-20522
MISC
progress — ipswitch_ws_ftp_server Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. 2023-04-03 6.1 CVE-2022-27665
MISC
MISC
ykmbilisim — ykm_crm Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30. 2023-03-31 6.1 CVE-2023-1060
MISC
solidres — solidres The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-03 6.1 CVE-2023-1377
MISC
akbim — panon Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2. 2023-04-03 6.1 CVE-2023-1766
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672. 2023-03-31 6.1 CVE-2023-1771
MISC
MISC
MISC
sourcecodester — police_crime_record_management_system A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input “> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability. 2023-04-02 6.1 CVE-2023-1794
MISC
MISC
MISC
sourcecodester — gadget_works_online_ordering_system A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747. 2023-04-02 6.1 CVE-2023-1795
MISC
MISC
MISC
samba — samba The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. 2023-04-03 5.9 CVE-2023-0922
MISC
CONFIRM
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. 2023-04-01 5.5 CVE-2023-0187
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. 2023-04-01 5.5 CVE-2023-0188
MISC
sophos — web_appliance A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. 2023-04-04 5.4 CVE-2020-36692
CONFIRM
hcltechsw — hcl_launch HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. 2023-04-02 5.4 CVE-2022-42452
MISC
wordpress — wordpress The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-04-03 5.4 CVE-2023-0399
MISC
proliz_obs — proliz_obs
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01. 2023-04-07 5.4 CVE-2023-1726
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 5.4 CVE-2023-1755
CONFIRM
MISC
phpmyfaq — phpmyfaq Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 5.4 CVE-2023-1761
MISC
CONFIRM
mattermost — mattermost_server When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter’s permission to that channel, allowing an attacker to invite themselves to a private channel. 2023-03-31 5.4 CVE-2023-1774
MISC
mattermost — mattermost_server Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. 2023-03-31 5.4 CVE-2023-1776
MISC
sourcecodester — employee_payslip_generator_system A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748. 2023-04-02 5.4 CVE-2023-1796
MISC
MISC
MISC
eyoucms — eyoucms A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability. 2023-04-02 5.4 CVE-2023-1798
MISC
MISC
MISC
eyoucms — eyoucms A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751. 2023-04-02 5.4 CVE-2023-1799
MISC
MISC
MISC
ibm — websphere_application_server IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. 2023-04-02 5.4 CVE-2023-26283
MISC
MISC
jenkins — jacoco Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the ‘Record JaCoCo coverage report’ post-build action. 2023-04-02 5.4 CVE-2023-28669
MISC
jenkins — pipeline_aggregator_view Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view’s URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. 2023-04-02 5.4 CVE-2023-28670
MISC
jenkins — cppcheck Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents. 2023-04-02 5.4 CVE-2023-28678
MISC
jenkins — mashup_portlets Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the “Generic JS Portlet” feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. 2023-04-02 5.4 CVE-2023-28679
MISC
abb — flow-x/m_firmware Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. 2023-03-31 5.3 CVE-2023-1258
MISC
mattermost — mattermost_server Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. 2023-03-31 5.3 CVE-2023-1777
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.8 CVE-2023-1759
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.8 CVE-2023-1760
MISC
CONFIRM
datagear — datagear A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability. 2023-03-31 4.8 CVE-2023-1772
MISC
MISC
MISC
dupeoff_project — dupeoff Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin 2023-04-03 4.8 CVE-2023-26529
MISC
phpmyfaq — phpmyfaq Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.7 CVE-2023-1754
MISC
CONFIRM
samba — samba A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. 2023-04-03 4.3 CVE-2023-0225
MISC
CONFIRM
jenkins — octoperf_load_testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-04-02 4.3 CVE-2023-28671
MISC
jenkins — octoperf_load_testing A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2023-04-02 4.3 CVE-2023-28673
MISC
jenkins — octoperf_load_testing A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. 2023-04-02 4.3 CVE-2023-28675
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
nextcloud — talk Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. 2023-03-31 3.5 CVE-2023-28845
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordpress — wordpress A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2013-10022
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. 2023-04-08 not yet calculated CVE-2013-10023
MISC
MISC
MISC
MISC
wordpress — wordpress A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10024
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10025
MISC
MISC
MISC
phpminiadmin — phpminiadmin A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability. 2023-04-06 not yet calculated CVE-2014-125094
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. 2023-04-08 not yet calculated CVE-2015-10098
MISC
MISC
MISC
MISC
ubuntu — linux_kernel It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. 2023-04-07 not yet calculated CVE-2020-11935
UBUNTU
UBUNTU
mm-wiki — mm-wiki Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. 2023-04-04 not yet calculated CVE-2020-19277
MISC
mm-wiki — mm-wiki Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. 2023-04-04 not yet calculated CVE-2020-19278
MISC
MISC
b3log_wide — b3log_wide Directory Traversal vulnerability found in B3log Wide allows an attacker to escalate privileges via symbolic links. 2023-04-04 not yet calculated CVE-2020-19279
MISC
netgate — pfsense/pfsense_suricata Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. 2023-04-06 not yet calculated CVE-2020-19678
MISC
MISC
MISC
nginx — njs Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. 2023-04-04 not yet calculated CVE-2020-19692
MISC
espruino — espruino An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint. 2023-04-04 not yet calculated CVE-2020-19693
MISC
nginx — njs Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. 2023-04-04 not yet calculated CVE-2020-19695
MISC
netgate —- pfsense/acme Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. 2023-04-04 not yet calculated CVE-2020-21487
MISC
MISC
fluent — fluentd An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password. 2023-04-04 not yet calculated CVE-2020-21514
MISC
zentao — zentao Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter 2023-04-04 not yet calculated CVE-2020-22533
MISC
espruino — espruino Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. 2023-04-04 not yet calculated CVE-2020-23257
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. 2023-04-04 not yet calculated CVE-2020-23258
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. 2023-04-04 not yet calculated CVE-2020-23259
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. 2023-04-04 not yet calculated CVE-2020-23260
MISC
MISC
zblogphp — zblogphp Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model. 2023-04-04 not yet calculated CVE-2020-23327
MISC
zend — framework An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. 2023-04-04 not yet calculated CVE-2020-29312
MISC
MISC
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. 2023-04-06 not yet calculated CVE-2020-36071
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter. 2023-04-06 not yet calculated CVE-2020-36072
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page. 2023-04-06 not yet calculated CVE-2020-36073
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. 2023-04-06 not yet calculated CVE-2020-36074
MISC
etcd — etcd-io Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. 2023-04-04 not yet calculated CVE-2021-28235
MISC
MISC
MISC
MISC
kitecms — kitecms Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. 2023-04-04 not yet calculated CVE-2021-31707
MISC
kitecms — kitecms File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. 2023-04-04 not yet calculated CVE-2021-3267
MISC
osticket — osticket Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. 2023-04-05 not yet calculated CVE-2022-31888
MISC
MISC
MISC
osticket — osticket Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. 2023-04-05 not yet calculated CVE-2022-31889
MISC
MISC
osticket — osticket SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. 2023-04-05 not yet calculated CVE-2022-31890
MISC
MISC
mediatek — multiple_products In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390. 2023-04-06 not yet calculated CVE-2022-32599
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. 2023-04-05 not yet calculated CVE-2022-3375
MISC
CONFIRM
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. 2023-04-07 not yet calculated CVE-2022-33959
MISC
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. 2023-04-07 not yet calculated CVE-2022-34333
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP. 2023-04-05 not yet calculated CVE-2022-3513
MISC
MISC
CONFIRM
frrouting_frr-bgpd — frrouting_frr-bgpd A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. 2023-04-03 not yet calculated CVE-2022-36440
MISC
MISC
bluepage_cms — bluepage_cms BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the ‘users-cookie-settings’ token using a Time-based blind SLEEP payload. 2023-04-03 not yet calculated CVE-2022-38922
MISC
MISC
MISC
bluepage_cms — bluepage_cms BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the ‘User-Agent’ field using a Time-based blind SLEEP payload. 2023-04-03 not yet calculated CVE-2022-38923
MISC
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 2023-04-03 not yet calculated CVE-2022-3960
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin 2023-04-04 not yet calculated CVE-2022-41633
MISC
supermicro — x11ssl-cf_hw Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. 2023-04-07 not yet calculated CVE-2022-43309
MISC
MISC
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2022-43664
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 2023-04-03 not yet calculated CVE-2022-43769
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. 2023-04-03 not yet calculated CVE-2022-43771
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 2023-04-03 not yet calculated CVE-2022-43772
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 2023-04-03 not yet calculated CVE-2022-43773
MISC
ibm — tririga_application_platform IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036. 2023-04-07 not yet calculated CVE-2022-43914
MISC
MISC
ibm — toolbox_for_java The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. 2023-04-07 not yet calculated CVE-2022-43928
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 2023-04-03 not yet calculated CVE-2022-43938
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 2023-04-03 not yet calculated CVE-2022-43939
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 2023-04-03 not yet calculated CVE-2022-43940
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 2023-04-03 not yet calculated CVE-2022-43941
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2022-45115
MISC
MISC
arm_developer — mali_gpu_kernel_driver An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. 2023-04-06 not yet calculated CVE-2022-46781
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin 2023-04-06 not yet calculated CVE-2022-46793
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 2023-04-03 not yet calculated CVE-2022-4769
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 2023-04-03 not yet calculated CVE-2022-4770
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 2023-04-03 not yet calculated CVE-2022-4771
MISC
redgate — sql_monitor A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. 2023-04-04 not yet calculated CVE-2022-47870
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI’s get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48221
MISC
MISC
acuant — acufill_sdk
 
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48222
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. 2023-04-04 not yet calculated CVE-2022-48223
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48224
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. 2023-04-04 not yet calculated CVE-2022-48225
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:WindowsTemp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation. 2023-04-04 not yet calculated CVE-2022-48226
MISC
MISC
acuant — assureid_sentinel An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. 2023-04-04 not yet calculated CVE-2022-48227
MISC
MISC
acuant — assureid_sentinel An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. 2023-04-04 not yet calculated CVE-2022-48228
MISC
MISC
jetbrains — phpstorm In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file 2023-04-04 not yet calculated CVE-2022-48435
MISC
wordpress — wordpress The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action). 2023-04-05 not yet calculated CVE-2022-4935
MISC
MISC
wordpress — wordpress The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2022-4936
MISC
MISC
wordpress — wordpress The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected. 2023-04-05 not yet calculated CVE-2022-4937
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected. 2023-04-05 not yet calculated CVE-2022-4938
MISC
MISC
wordpress — wordpress THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator. 2023-04-05 not yet calculated CVE-2022-4939
MISC
MISC
wordpress — wordpress The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more. 2023-04-05 not yet calculated CVE-2022-4940
MISC
MISC
MISC
MISC
wordpress — wordpress The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2022-4941
MISC
MISC
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. 2023-04-01 not yet calculated CVE-2023-0180
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. 2023-04-01 not yet calculated CVE-2023-0181
MISC
nvidia — vgpu
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. 2023-04-01 not yet calculated CVE-2023-0182
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. 2023-04-01 not yet calculated CVE-2023-0185
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. 2023-04-01 not yet calculated CVE-2023-0192
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. 2023-04-01 not yet calculated CVE-2023-0194
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver 2023-04-01 not yet calculated CVE-2023-0195
MISC
nvidia — vgpu NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. 2023-04-01 not yet calculated CVE-2023-0197
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. 2023-04-01 not yet calculated CVE-2023-0198
MISC
uvdesk — uvdesk Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. 2023-04-04 not yet calculated CVE-2023-0265
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. 2023-04-05 not yet calculated CVE-2023-0319
MISC
CONFIRM
MISC
uvdesk — uvdesk Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. 2023-04-04 not yet calculated CVE-2023-0325
MISC
MISC
helpy — helpy Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket. 2023-04-04 not yet calculated CVE-2023-0357
MISC
MISC
m-files — server User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. 2023-04-05 not yet calculated CVE-2023-0382
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. 2023-04-05 not yet calculated CVE-2023-0450
MISC
MISC
CONFIRM
vitalpbx — vitalpbx VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator’s account. This is possible because the application is vulnerable to CSRF. 2023-04-04 not yet calculated CVE-2023-0480
MISC
MISC
vitalpbx — vitalpbx VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance’s administrator account via a malicious link. This is possible because the application is vulnerable to XSS. 2023-04-04 not yet calculated CVE-2023-0486
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. 2023-04-05 not yet calculated CVE-2023-0523
MISC
CONFIRM
MISC
abb — my_control_system Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. 2023-04-06 not yet calculated CVE-2023-0580
MISC
samba — ad_dc The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. 2023-04-03 not yet calculated CVE-2023-0614
MISC
CONFIRM
cloudflare — warp Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows ( 2023-04-06 not yet calculated CVE-2023-0652
MISC
MISC
MISC
ulearn — ulearn Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image. 2023-04-05 not yet calculated CVE-2023-0670
MISC
orangescrum — orangescrum OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. 2023-04-04 not yet calculated CVE-2023-0738
MISC
MISC
lynx_technik_ag — yellobrik Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : – Change the password, resulting in a DOS of the users – Change the streaming source, compromising the integrity of the stream – Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued. 2023-04-06 not yet calculated CVE-2023-0750
MISC
markdown-pdf — markdown-pdf markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. 2023-04-04 not yet calculated CVE-2023-0835
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. 2023-04-05 not yet calculated CVE-2023-0838
CONFIRM
MISC
MISC
xml2js– xml2js xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. 2023-04-05 not yet calculated CVE-2023-0842
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. 2023-04-05 not yet calculated CVE-2023-0944
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. 2023-04-05 not yet calculated CVE-2023-0959
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform. 2023-04-05 not yet calculated CVE-2023-0967
MISC
MISC
trellix — agent_for_windows A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. 2023-04-03 not yet calculated CVE-2023-0975
MISC
trellix — agent A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. 2023-04-03 not yet calculated CVE-2023-0977
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. 2023-04-05 not yet calculated CVE-2023-1071
CONFIRM
MISC
gitlab — gitlab An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. 2023-04-05 not yet calculated CVE-2023-1098
MISC
CONFIRM
MISC
gitlab — gitlab Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. 2023-04-05 not yet calculated CVE-2023-1167
CONFIRM
MISC
cloudflare — warp An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows ( 2023-04-05 not yet calculated CVE-2023-1412
MISC
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim’s epic in an unrelated group. 2023-04-05 not yet calculated CVE-2023-1417
MISC
CONFIRM
MISC
genetec – security_center SQL Injection in the Hardware Inventory report of Security Center 5.11.2. 2023-04-05 not yet calculated CVE-2023-1522
MISC
linux — kernel A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. 2023-04-05 not yet calculated CVE-2023-1582
MISC
sophos — web_appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. 2023-04-04 not yet calculated CVE-2023-1671
CONFIRM
gitlab — gitlab An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. 2023-04-05 not yet calculated CVE-2023-1708
CONFIRM
MISC
MISC
gitlab — gitlab A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. 2023-04-05 not yet calculated CVE-2023-1710
MISC
MISC
CONFIRM
gitlab — gitlab A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. 2023-04-05 not yet calculated CVE-2023-1733
MISC
MISC
CONFIRM
nexx — multiple_products The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer. 2023-04-04 not yet calculated CVE-2023-1748
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. 2023-04-04 not yet calculated CVE-2023-1749
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information. 2023-04-04 not yet calculated CVE-2023-1750
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId. 2023-04-04 not yet calculated CVE-2023-1751
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. 2023-04-04 not yet calculated CVE-2023-1752
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1756
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1757
MISC
CONFIRM
phpmyfaq — phpmyfaq Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1758
MISC
CONFIRM
tribe29 — checkmk Inappropriate error handling in Tribe29 Checkmk 2023-04-04 not yet calculated CVE-2023-1768
MISC
hashicorp — multiple_products HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. 2023-04-05 not yet calculated CVE-2023-1782
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. 2023-04-05 not yet calculated CVE-2023-1787
MISC
CONFIRM
firefly-iii — firefly-iii Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. 2023-04-05 not yet calculated CVE-2023-1788
CONFIRM
MISC
the_tcpdump_group — tcpdump The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. 2023-04-07 not yet calculated CVE-2023-1801
MISC
MISC
docker — docker_desktop In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. 2023-04-06 not yet calculated CVE-2023-1802
MISC
MISC
google — chrome Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-04-04 not yet calculated CVE-2023-1810
MISC
MISC
MISC
google — chrome Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-04-04 not yet calculated CVE-2023-1811
MISC
MISC
MISC
google — chrome Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1812
MISC
MISC
MISC
google — chrome Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1813
MISC
MISC
MISC
google — chrome Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1814
MISC
MISC
MISC
google — chrome Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1815
MISC
MISC
MISC
google — chrome Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1816
MISC
MISC
MISC
google — chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1817
MISC
MISC
MISC
google — chrome Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1818
MISC
MISC
MISC
google — chrome Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1819
MISC
MISC
MISC
google — chrome Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1820
MISC
MISC
MISC
google — chrome Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1821
MISC
MISC
MISC
google — chrome Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1822
MISC
MISC
MISC
google — chrome Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1823
MISC
MISC
MISC
sourcecodester — centralized_covid_vaccination_records_system A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability. 2023-04-04 not yet calculated CVE-2023-1827
MISC
MISC
MISC
linux — kernel A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. 2023-04-05 not yet calculated CVE-2023-1838
MISC
wordpress — wordpress The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-04 not yet calculated CVE-2023-1840
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1845
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1846
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987. 2023-04-05 not yet calculated CVE-2023-1847
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988. 2023-04-05 not yet calculated CVE-2023-1848
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1849
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1850
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. 2023-04-05 not yet calculated CVE-2023-1851
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992. 2023-04-05 not yet calculated CVE-2023-1852
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1853
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1854
MISC
MISC
MISC
linux — kernel A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. 2023-04-05 not yet calculated CVE-2023-1855
MISC
sourcecodester — air_cargo_management_system A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995. 2023-04-05 not yet calculated CVE-2023-1856
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996. 2023-04-05 not yet calculated CVE-2023-1857
MISC
MISC
MISC
sourcecodester — earnings_and_expense_tracker_app A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1858
MISC
MISC
keysight — ixia_hawkeye A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste”> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue. 2023-04-05 not yet calculated CVE-2023-1860
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin. 2023-04-05 not yet calculated CVE-2023-1865
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin’s channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1866
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1867
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin’s cache. 2023-04-05 not yet calculated CVE-2023-1868
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-05 not yet calculated CVE-2023-1869
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1870
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1871
MISC
MISC
MISC
microweber — microweber Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1876
CONFIRM
MISC
microweber — microweber Command Injection in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1877
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1878
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1879
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1880
CONFIRM
MISC
microweber — microweber Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1881
CONFIRM
MISC
phpmyfaq — phpmyfaq
 
Cross-site Scripting (XSS) – DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1882
MISC
CONFIRM
phpmyfaq — phpmyfaq Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1883
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1884
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1885
MISC
CONFIRM
phpmyfaq — phpmyfaq Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1886
CONFIRM
MISC
phpmyfaq — phpmyfaq Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1887
MISC
CONFIRM
sourcecodester — simple_mobile_comparison_website A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability. 2023-04-06 not yet calculated CVE-2023-1908
MISC
MISC
MISC
phpgugurukul — bp_monitoring_management_system A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1909
MISC
MISC
MISC
wordpress — wordpress The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin’s settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings. 2023-04-06 not yet calculated CVE-2023-1912
MISC
MISC
wordpress — wordpress The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-06 not yet calculated CVE-2023-1913
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1918
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1919
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1920
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1921
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1922
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1923
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1924
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1925
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1926
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1927
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation. 2023-04-06 not yet calculated CVE-2023-1928
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache. 2023-04-06 not yet calculated CVE-2023-1929
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches. 2023-04-06 not yet calculated CVE-2023-1930
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion. 2023-04-06 not yet calculated CVE-2023-1931
MISC
MISC
my-blog — my-blog A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. 2023-04-07 not yet calculated CVE-2023-1937
MISC
MISC
MISC
sourcecodester — simple_and_beautiful_shopping_cart_system A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316. 2023-04-07 not yet calculated CVE-2023-1940
MISC
MISC
MISC
sourcecodester — simple_and_beautiful_shopping_cart_system A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1941
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. 2023-04-07 not yet calculated CVE-2023-1942
MISC
MISC
MISC
sourcecodester — survey_application_system A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1946
MISC
MISC
taocms — taocms A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1947
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. 2023-04-08 not yet calculated CVE-2023-1948
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336. 2023-04-08 not yet calculated CVE-2023-1949
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1950
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1951
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. 2023-04-08 not yet calculated CVE-2023-1952
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. 2023-04-08 not yet calculated CVE-2023-1953
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1954
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1955
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. 2023-04-08 not yet calculated CVE-2023-1956
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. 2023-04-08 not yet calculated CVE-2023-1957
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1958
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1959
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. 2023-04-08 not yet calculated CVE-2023-1960
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. 2023-04-08 not yet calculated CVE-2023-1961
MISC
MISC
MISC
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20021
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20022
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20023
CISCO
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials. 2023-04-05 not yet calculated CVE-2023-20030
CISCO
cisco — packet_data_network_gateway A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS). 2023-04-05 not yet calculated CVE-2023-20051
CISCO
cisco — prime_infrastructure_software A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2023-04-05 not yet calculated CVE-2023-20068
CISCO
cisco — small_business_routers A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. 2023-04-05 not yet calculated CVE-2023-20073
CISCO
cisco — unified_contact_center_express A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface. 2023-04-05 not yet calculated CVE-2023-20096
CISCO
cisco — secure_network_analytics A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user. 2023-04-05 not yet calculated CVE-2023-20102
CISCO
cisco — secure_network_analytics A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. 2023-04-05 not yet calculated CVE-2023-20103
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20117
CISCO
cisco — multiple_products Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20121
CISCO
cisco — multiple_products Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20122
CISCO
cisco — duo_two-factor_authentication A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device. 2023-04-05 not yet calculated CVE-2023-20123
CISCO
cisco — small_business_routers A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability. 2023-04-05 not yet calculated CVE-2023-20124
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20127
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20128
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20129
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20130
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20131
CISCO
cisco — webex_meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20132
CISCO
cisco — webex_meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20134
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20137
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20138
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20139
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20140
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20141
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20142
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20143
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20144
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20145
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20146
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20147
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20148
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20149
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20150
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20151
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20152
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20153
CISCO
amd — multiple_products Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. 2023-04-02 not yet calculated CVE-2023-20558
MISC
amd — multiple_products Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. 2023-04-02 not yet calculated CVE-2023-20559
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. 2023-04-06 not yet calculated CVE-2023-20652
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144. 2023-04-06 not yet calculated CVE-2023-20653
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148. 2023-04-06 not yet calculated CVE-2023-20654
MISC
mediatek — mmsdk In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. 2023-04-06 not yet calculated CVE-2023-20655
MISC
mediatek — geniezone In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494. 2023-04-06 not yet calculated CVE-2023-20656
MISC
mediatek — mtee In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485. 2023-04-06 not yet calculated CVE-2023-20657
MISC
mediatek — isp In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396. 2023-04-06 not yet calculated CVE-2023-20658
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413. 2023-04-06 not yet calculated CVE-2023-20659
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383. 2023-04-06 not yet calculated CVE-2023-20660
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. 2023-04-06 not yet calculated CVE-2023-20661
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765. 2023-04-06 not yet calculated CVE-2023-20662
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741. 2023-04-06 not yet calculated CVE-2023-20663
MISC
mediatek — gz In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952. 2023-04-06 not yet calculated CVE-2023-20664
MISC
mediatek — ril In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604. 2023-04-06 not yet calculated CVE-2023-20665
MISC
mediatek — display_drm In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173. 2023-04-06 not yet calculated CVE-2023-20666
MISC
mediatek — audio In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710. 2023-04-06 not yet calculated CVE-2023-20670
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552. 2023-04-06 not yet calculated CVE-2023-20674
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569. 2023-04-06 not yet calculated CVE-2023-20675
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518. 2023-04-06 not yet calculated CVE-2023-20676
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436. 2023-04-06 not yet calculated CVE-2023-20677
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453. 2023-04-06 not yet calculated CVE-2023-20679
MISC
mediatek — adsp In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. 2023-04-06 not yet calculated CVE-2023-20680
MISC
mediatek — adsp In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134. 2023-04-06 not yet calculated CVE-2023-20681
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605. 2023-04-06 not yet calculated CVE-2023-20682
MISC
mediatek — vdec In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069. 2023-04-06 not yet calculated CVE-2023-20684
MISC
mediatek — vdec In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575. 2023-04-06 not yet calculated CVE-2023-20685
MISC
mediatek — display_drm In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826. 2023-04-06 not yet calculated CVE-2023-20686
MISC
mediatek — display_drm In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772. 2023-04-06 not yet calculated CVE-2023-20687
MISC
mediatek — power In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821. 2023-04-06 not yet calculated CVE-2023-20688
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2023-22291
MISC
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. 2023-04-05 not yet calculated CVE-2023-22660
MISC
MISC
sourcecodester — simple_guestbook_management_system Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments. 2023-04-06 not yet calculated CVE-2023-22985
MISC
MISC
sato – cl4nx_plus_printer An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. 2023-03-31 not yet calculated CVE-2023-23594
MISC
MISC
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin 2023-04-04 not yet calculated CVE-2023-23685
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin 2023-04-04 not yet calculated CVE-2023-23686
MISC
github — enterprise_server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users’ secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 not yet calculated CVE-2023-23761
MISC
MISC
MISC
MISC
MISC
github — enterprise_server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 not yet calculated CVE-2023-23762
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin 2023-04-07 not yet calculated CVE-2023-23799
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin 2023-04-06 not yet calculated CVE-2023-23801
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin 2023-04-06 not yet calculated CVE-2023-23815
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin 2023-04-04 not yet calculated CVE-2023-23821
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin 2023-04-04 not yet calculated CVE-2023-23870
MISC
wordpress — wordpress Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin 2023-04-04 not yet calculated CVE-2023-23878
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin 2023-04-07 not yet calculated CVE-2023-23885
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin 2023-04-06 not yet calculated CVE-2023-23891
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin 2023-04-06 not yet calculated CVE-2023-23898
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin 2023-04-06 not yet calculated CVE-2023-23971
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin 2023-04-06 not yet calculated CVE-2023-23972
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin 2023-04-04 not yet calculated CVE-2023-23977
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin 2023-04-06 not yet calculated CVE-2023-23979
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin 2023-04-06 not yet calculated CVE-2023-23980
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin 2023-04-06 not yet calculated CVE-2023-23981
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin 2023-04-06 not yet calculated CVE-2023-23982
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin 2023-04-06 not yet calculated CVE-2023-23987
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin 2023-04-07 not yet calculated CVE-2023-23994
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin 2023-04-06 not yet calculated CVE-2023-23996
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin 2023-04-06 not yet calculated CVE-2023-23998
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin 2023-04-06 not yet calculated CVE-2023-24001
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin 2023-04-06 not yet calculated CVE-2023-24002
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin 2023-04-06 not yet calculated CVE-2023-24003
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin 2023-04-06 not yet calculated CVE-2023-24004
MISC
wordpress — wordpress Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin 2023-04-06 not yet calculated CVE-2023-24006
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin 2023-04-06 not yet calculated CVE-2023-24374
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin 2023-04-06 not yet calculated CVE-2023-24378
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin 2023-04-06 not yet calculated CVE-2023-24383
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin 2023-04-06 not yet calculated CVE-2023-24387
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin 2023-04-06 not yet calculated CVE-2023-24396
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin 2023-04-07 not yet calculated CVE-2023-24398
MISC
wordpress — wordpress Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin 2023-04-07 not yet calculated CVE-2023-24402
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin 2023-04-06 not yet calculated CVE-2023-24403
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin 2023-04-06 not yet calculated CVE-2023-24411
MISC
go — go HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. 2023-04-06 not yet calculated CVE-2023-24534
MISC
MISC
MISC
MISC
go — go Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. 2023-04-06 not yet calculated CVE-2023-24536
MISC
MISC
MISC
MISC
MISC
MISC
go — go Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. 2023-04-06 not yet calculated CVE-2023-24537
MISC
MISC
MISC
MISC
go — go Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. “var a = {{.}}”), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. 2023-04-06 not yet calculated CVE-2023-24538
MISC
MISC
MISC
MISC
gnu_screen — gnu_screen socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. 2023-04-08 not yet calculated CVE-2023-24626
CONFIRM
MISC
MISC
readium_js — readium_js An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. 2023-04-05 not yet calculated CVE-2023-24720
MISC
sas — sasadmin A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3. 2023-04-03 not yet calculated CVE-2023-24724
MISC
MISC
CONFIRM
jfinal_cms — jfinal_cms Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. 2023-04-05 not yet calculated CVE-2023-24747
MISC
d_link — dir878_dir_878_fw120b05 D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24797
MISC
MISC
d_link — dir878_dir_878_fw120b05 D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24798
MISC
MISC
d_link — dir878_dir_878_fw120b05
 
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24799
MISC
MISC
d_link — dir878_dir_878_fw120b05
 
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24800
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin 2023-04-07 not yet calculated CVE-2023-25020
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin 2023-04-07 not yet calculated CVE-2023-25022
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin 2023-04-07 not yet calculated CVE-2023-25023
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin 2023-04-07 not yet calculated CVE-2023-25024
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin 2023-04-07 not yet calculated CVE-2023-25027
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin 2023-04-07 not yet calculated CVE-2023-25031
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme 2023-04-07 not yet calculated CVE-2023-25041
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin 2023-04-07 not yet calculated CVE-2023-25046
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin 2023-04-07 not yet calculated CVE-2023-25049
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin 2023-04-07 not yet calculated CVE-2023-25059
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin 2023-04-07 not yet calculated CVE-2023-25061
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin 2023-04-06 not yet calculated CVE-2023-25062
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25210
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25211
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25212
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25213
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25214
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25215
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25216
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25217
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25218
MISC
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25219
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25220
MISC
MISC
atlauncher — atlauncher ATLauncher 2023-04-04 not yet calculated CVE-2023-25303
MISC
MISC
polymc_launcher — polymc_launcher PolyMC Launcher 2023-04-04 not yet calculated CVE-2023-25305
MISC
MISC
mybatis_plus — mybaties_plus A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. 2023-04-05 not yet calculated CVE-2023-25330
MISC
coredial — sipxcom CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. 2023-04-04 not yet calculated CVE-2023-25355
MISC
coredial — sipxcom CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. 2023-04-04 not yet calculated CVE-2023-25356
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin 2023-04-07 not yet calculated CVE-2023-25442
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin 2023-04-07 not yet calculated CVE-2023-25464
MISC
dell — trusted_device_agent Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. 2023-04-06 not yet calculated CVE-2023-25542
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin 2023-04-07 not yet calculated CVE-2023-25702
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin 2023-04-07 not yet calculated CVE-2023-25705
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin 2023-04-07 not yet calculated CVE-2023-25711
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin 2023-04-07 not yet calculated CVE-2023-25712
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin 2023-04-07 not yet calculated CVE-2023-25713
MISC
wordpress — wordpress Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin 2023-04-07 not yet calculated CVE-2023-25716
MISC
dell — powerscale_onefs Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. 2023-04-04 not yet calculated CVE-2023-25940
MISC
dell — powerscale_onefs Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. 2023-04-04 not yet calculated CVE-2023-25941
MISC
dell — powerscale_onefs Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. 2023-04-04 not yet calculated CVE-2023-25942
MISC
arm_developer — mali_gpu_kernel_driver Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. 2023-04-06 not yet calculated CVE-2023-26083
MISC
MISC
CONFIRM
configobj — configobj All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file. 2023-04-03 not yet calculated CVE-2023-26112
MISC
MISC
apache — james_server
 
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. 2023-04-03 not yet calculated CVE-2023-26269
MISC
powerdns — recursor Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. 2023-04-04 not yet calculated CVE-2023-26437
MISC
wordpress — wordpress Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin 2023-04-05 not yet calculated CVE-2023-26536
MISC
tinytiff – tinytiffreader Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. 2023-04-04 not yet calculated CVE-2023-26733
MISC
MISC
yiisoft — yii_framework SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows a remote attacker to execute arbitrary code via the runAction function. 2023-04-04 not yet calculated CVE-2023-26750
MISC
monitorr — monitorr
 
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. 2023-04-04 not yet calculated CVE-2023-26775
MISC
MISC
MISC
MISC
monitorr — monitorr Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. 2023-04-04 not yet calculated CVE-2023-26776
MISC
MISC
MISC
MISC
MISC
uptime_kuma — uptime_kuma Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint. 2023-04-04 not yet calculated CVE-2023-26777
MISC
MISC
veritas — netbackup_opscenter Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user’s browser. 2023-04-05 not yet calculated CVE-2023-26789
MISC
MISC
codefever — codefever codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. 2023-04-07 not yet calculated CVE-2023-26817
MISC
siteproxy — siteproxy siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. 2023-04-07 not yet calculated CVE-2023-26820
MISC
totolink — a7100ru TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. 2023-04-07 not yet calculated CVE-2023-26848
MISC
churchcrm — churchcrm The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. 2023-04-04 not yet calculated CVE-2023-26855
MISC
sourcecodester — dynamic_transaction_queuing_system Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. 2023-04-05 not yet calculated CVE-2023-26856
MISC
sourcecodester — dynamic_transaction_queuing_system An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2023-04-05 not yet calculated CVE-2023-26857
MISC
greenpacket — oh736 GreenPacket OH736’s WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. 2023-04-04 not yet calculated CVE-2023-26866
MISC
quectel — ag550qcn OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. 2023-04-04 not yet calculated CVE-2023-26921
MISC
infranview — infranview Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. 2023-04-04 not yet calculated CVE-2023-26974
MISC
totolink — a7100ru TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. 2023-04-07 not yet calculated CVE-2023-26978
MISC
swftools — swftools SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. 2023-04-04 not yet calculated CVE-2023-26991
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27012
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27013
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27014
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27015
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27016
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27017
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27018
MISC
tenda — ac10
 
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27019
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27020
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27021
MISC
prestashop — cdesigner Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). 2023-04-07 not yet calculated CVE-2023-27033
MISC
MISC
ehuacui — bbs Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. 2023-04-04 not yet calculated CVE-2023-27089
MISC
MISC
xiaobingby — teacms An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). 2023-04-04 not yet calculated CVE-2023-27091
MISC
MISC
gdidees — cms GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. 2023-04-07 not yet calculated CVE-2023-27180
MISC
MISC
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue. 2023-04-04 not yet calculated CVE-2023-27487
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with “failure_mode_allow: true“, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`. 2023-04-04 not yet calculated CVE-2023-27488
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. 2023-04-04 not yet calculated CVE-2023-27491
MISC
MISC
MISC
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter. 2023-04-04 not yet calculated CVE-2023-27492
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties. 2023-04-04 not yet calculated CVE-2023-27493
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). 2023-04-04 not yet calculated CVE-2023-27496
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin 2023-04-07 not yet calculated CVE-2023-27620
MISC
edb-debugger — edb-debugger An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. 2023-04-04 not yet calculated CVE-2023-27734
MISC
wondershare_technology — edrawmind An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. 2023-04-04 not yet calculated CVE-2023-27759
MISC
wondershare_technology — filmora An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. 2023-04-04 not yet calculated CVE-2023-27760
MISC
wondershare_technology — uniconverter An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. 2023-04-04 not yet calculated CVE-2023-27761
MISC
wondershare_technology — democreator An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. 2023-04-04 not yet calculated CVE-2023-27762
MISC
wondershare_technology — mobiletrans An issue found in Wondershare Technology Co., Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. 2023-04-04 not yet calculated CVE-2023-27763
MISC
wondershare_technology — repairit An issue found in Wondershare Technology Co., Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. 2023-04-04 not yet calculated CVE-2023-27764
MISC
wondershare_technology — recoverit An issue found in Wondershare Technology Co., Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. 2023-04-04 not yet calculated CVE-2023-27765
MISC
wondershare_technology — anireel An issue found in Wondershare Technology Co., Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. 2023-04-04 not yet calculated CVE-2023-27766
MISC
wondershare_technology — dr.fone An issue found in Wondershare Technology Co., Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. 2023-04-04 not yet calculated CVE-2023-27767
MISC
wondershare_technology — pdfelement An issue found in Wondershare Technology Co., Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. 2023-04-04 not yet calculated CVE-2023-27768
MISC
wondershare_technology — pdf_reader An issue found in Wondershare Technology Co., Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. 2023-04-04 not yet calculated CVE-2023-27769
MISC
wondershare_technology — edraw-max An issue found in Wondershare Technology Co., Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. 2023-04-04 not yet calculated CVE-2023-27770
MISC
wondershare_technology — creative_centerr An issue found in Wondershare Technology Co., Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. 2023-04-04 not yet calculated CVE-2023-27771
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27801
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27802
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27803
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27804
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27805
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27806
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27807
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27808
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27810
MISC
ibm — tritiga_application_platform IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. 2023-04-07 not yet calculated CVE-2023-27876
MISC
MISC
dell — diplay_manager Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. 2023-04-06 not yet calculated CVE-2023-28046
MISC
dell — power_manager Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. 2023-04-07 not yet calculated CVE-2023-28051
MISC
dell — streaming_data_platform Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks. 2023-04-05 not yet calculated CVE-2023-28069
MISC
zoho — manageengine Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. 2023-04-05 not yet calculated CVE-2023-28342
MISC
MISC
samsung — multiple_products An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. 2023-04-04 not yet calculated CVE-2023-28613
MISC
MISC
MISC
openidc — mod_auth_openidc mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. 2023-04-03 not yet calculated CVE-2023-28625
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the “forgotten password” feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails. 2023-04-05 not yet calculated CVE-2023-28632
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28633
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28634
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. 2023-04-05 not yet calculated CVE-2023-28636
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7. 2023-04-05 not yet calculated CVE-2023-28639
MISC
CONFIRM
MISC
apache — airflow_hive_provider Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider: before 6.0.0. 2023-04-07 not yet calculated CVE-2023-28706
MISC
MISC
MISC
apache — airflow_drill_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. This issue affects Apache Airflow Drill Provider: before 2.3.2. 2023-04-07 not yet calculated CVE-2023-28707
MISC
MISC
MISC
apache — airflow_spark_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider. This issue affects Apache Airflow Spark Provider: before 4.0.1. 2023-04-07 not yet calculated CVE-2023-28710
MISC
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin 2023-04-07 not yet calculated CVE-2023-28781
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin 2023-04-07 not yet calculated CVE-2023-28789
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin 2023-04-07 not yet calculated CVE-2023-28792
MISC
nextcloud — server/enterprise_server Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds. 2023-04-03 not yet calculated CVE-2023-28834
MISC
MISC
MISC
MISC
wagtail — wagtail Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user’s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the “Choose a parent page” ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality. 2023-04-03 not yet calculated CVE-2023-28836
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wagtail — wagtail Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail’s handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files. 2023-04-03 not yet calculated CVE-2023-28837
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, remove `Assistance > Statistics` and `Tools > Reports` read rights from every user. 2023-04-05 not yet calculated CVE-2023-28838
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. 2023-04-04 not yet calculated CVE-2023-28840
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. 2023-04-04 not yet calculated CVE-2023-28841
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. 2023-04-04 not yet calculated CVE-2023-28842
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28848
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory. 2023-04-05 not yet calculated CVE-2023-28849
MISC
MISC
pimcore — pimcore Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually. 2023-04-03 not yet calculated CVE-2023-28850
MISC
MISC
MISC
silverstripe — silverstripe Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability. 2023-04-03 not yet calculated CVE-2023-28851
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28852
MISC
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2. 2023-04-04 not yet calculated CVE-2023-28853
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nophp — nophp nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as `env_patchsample230330.php` to env.php. 2023-04-03 not yet calculated CVE-2023-28854
MISC
MISC
MISC
glpi-project — glpi Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28855
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin 2023-04-07 not yet calculated CVE-2023-28993
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28997
MISC
MISC
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28998
MISC
MISC
MISC
nextcloud — desktop_client Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28999
MISC
MISC
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-29000
MISC
MISC
MISC
sveltekit — sveltekit SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-Type` header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on `PUT`, `PATCH` and `DELETE` methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method= override` feature themselves in their `handle` hook, so that the request that resolve sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request. 2023-04-04 not yet calculated CVE-2023-29003
MISC
MISC
MISC
glpi-project — glpi The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin. 2023-04-05 not yet calculated CVE-2023-29006
MISC
MISC
sveltekit — sveltekit The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn’t set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner. 2023-04-06 not yet calculated CVE-2023-29008
MISC
MISC
budibase — budibase Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed. 2023-04-06 not yet calculated CVE-2023-29010
MISC
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user’s browser. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29014
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user’s browser when displaying the comment. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29015
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile’s nickname, resulting in the execution in the user’s browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29016
MISC
MISC
vm2_sandbox — vm2_sandbox vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. 2023-04-06 not yet calculated CVE-2023-29017
MISC
MISC
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin 2023-04-07 not yet calculated CVE-2023-29094
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. 2023-03-31 not yet calculated CVE-2023-29141
MISC
MISC
FEDORA
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin 2023-04-07 not yet calculated CVE-2023-29170
MISC
wordpress — wordpress Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin 2023-04-07 not yet calculated CVE-2023-29171
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin 2023-04-07 not yet calculated CVE-2023-29172
MISC
twitter — twitter_recommendation_algorithm The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. 2023-04-03 not yet calculated CVE-2023-29218
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme 2023-04-07 not yet calculated CVE-2023-29236
MISC
openbsd — openbsd ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. 2023-04-04 not yet calculated CVE-2023-29323
MISC
MISC
MISC
MISC
MISC
MISC
MISC
langchain — langchain In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. 2023-04-05 not yet calculated CVE-2023-29374
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin 2023-04-07 not yet calculated CVE-2023-29388
MISC
toyota — rav4_2021 Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged “Key is validated” messages via CAN Injection, as exploited in the wild in (for example) July 2022. 2023-04-05 not yet calculated CVE-2023-29389
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. 2023-04-06 not yet calculated CVE-2023-29415
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. 2023-04-06 not yet calculated CVE-2023-29416
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. 2023-04-06 not yet calculated CVE-2023-29418
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. 2023-04-06 not yet calculated CVE-2023-29419
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. 2023-04-06 not yet calculated CVE-2023-29420
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. 2023-04-06 not yet calculated CVE-2023-29421
MISC
MISC
sagemath — flintqs SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS). 2023-04-06 not yet calculated CVE-2023-29465
MISC
MISC
atos_unify — openscape_4000_platform webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710. 2023-04-06 not yet calculated CVE-2023-29473
MISC
MISC
atos_unify — openscape_4000_platform inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552. 2023-04-06 not yet calculated CVE-2023-29474
MISC
MISC
atos_unify — openscape_4000_platform inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543. 2023-04-06 not yet calculated CVE-2023-29475
MISC
MISC
bibliocraft — bibliocraft BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. 2023-04-07 not yet calculated CVE-2023-29478
MISC
redpanda — redpanda rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. 2023-04-08 not yet calculated CVE-2023-30450
MISC
MISC
MISC
MISC
MISC

Back to top