The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
aenrich_technology — a+hrd | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 2023-04-27 | 9.8 | CVE-2023-20852 CONFIRM |
aenrich_technology — a+hrd |
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 2023-04-27 | 9.8 | CVE-2023-20853 CONFIRM |
online_eyewear_shop_project — online_eyewear_shop | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects an unknown part of the file /admin/orders/update_status.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227229 was assigned to this vulnerability. | 2023-04-22 | 9.8 | CVE-2023-2244 MISC MISC MISC |
online_pizza_ordering_system_project — online_pizza_ordering_system | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | 2023-04-23 | 9.8 | CVE-2023-2246 MISC MISC MISC |
moxa — miineport_e1 |
Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | 2023-04-27 | 9.8 | CVE-2023-28697 CONFIRM CONFIRM |
powerjob — powerjob | PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. | 2023-04-21 | 9.8 | CVE-2023-29924 MISC MISC |
tenda — ac5_firmware | Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. | 2023-04-24 | 9.8 | CVE-2023-30368 MISC |
tenda — ac15_firmware | Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. | 2023-04-24 | 9.8 | CVE-2023-30369 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30370 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function “sub_ED14” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30371 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, The function “xkjs_ver32” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30372 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function “xian_pppoe_user” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30373 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function “getIfIp” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30375 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function “henan_pppoe_user” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30376 MISC |
tenda — ac15_firmware | In Tenda AC15 V15.03.05.19, the function “sub_8EE8” contains a stack-based buffer overflow vulnerability. | 2023-04-24 | 9.8 | CVE-2023-30378 MISC |
gipsy_project — gipsy | Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The `!ping` command when provided with an IP or hostname used to run a bash `ping |
2023-04-21 | 9.8 | CVE-2023-30621 MISC MISC MISC |
areteit — activity_reactions_for_buddypress | Cross-Site Request Forgery (CSRF) vulnerability in Paramveer Singh for Arete IT Private Limited Activity Reactions For Buddypress plugin | 2023-04-23 | 8.8 | CVE-2022-45074 MISC |
krishaweb — add_multiple_marker | Cross-Site Request Forgery (CSRF) vulnerability in KrishaWeb Add Multiple Marker plugin | 2023-04-23 | 8.8 | CVE-2022-45080 MISC |
kodcloud — kodexplorer | A vulnerability, which was classified as problematic, has been found in kalcaddle KodExplorer up to 4.49. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.50 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227000. | 2023-04-22 | 8.8 | CVE-2022-4944 MISC MISC MISC MISC MISC |
php_execution_project — php_execution | Cross-Site Request Forgery (CSRF) vulnerability in Nicolas Zeh PHP Execution plugin | 2023-04-23 | 8.8 | CVE-2023-23879 MISC |
sunnet — ctms |
SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service. | 2023-04-27 | 8.8 | CVE-2023-24836 CONFIRM |
nvidia — bmc | NVIDIA DGX-1 BMC contains a vulnerability in the SPX REST API, where an attacker with the appropriate level of authorization can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, and data tampering. | 2023-04-22 | 8.8 | CVE-2023-25507 MISC |
piwigo — piwigo | SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the admin.php?page=history&filter_image_id=&filter_user_id endpoint. | 2023-04-21 | 8.8 | CVE-2023-26876 MISC MISC MISC FULLDISC MISC |
nvidia — sbios | NVIDIA DGX-1 contains a vulnerability in Ofbd in AMI SBIOS, where a preconditioned heap can allow a user with elevated privileges to cause an access beyond the end of a buffer, which may lead to code execution, escalation of privileges, denial of service and information disclosure. The scope of the impact of this vulnerability can extend to other components. | 2023-04-22 | 8.2 | CVE-2023-25506 MISC |
microsoft — multiple_products |
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 2023-04-27 | 8.1 | CVE-2023-21712 MISC |
nvidia — sbios | NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware implant, data tampering, and SecureBoot bypass. | 2023-04-22 | 7.8 | CVE-2023-0209 MISC |
podofo_project — podofo | A vulnerability, which was classified as critical, was found in PoDoFo 0.10.0. Affected is the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a patch to fix this issue. VDB-227226 is the identifier assigned to this vulnerability. | 2023-04-22 | 7.8 | CVE-2023-2241 MISC MISC MISC MISC MISC |
churchcrm — churchcrm | ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file. | 2023-04-25 | 7.8 | CVE-2023-25348 MISC MISC |
nvidia — bmc | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler of the AMI MegaRAC BMC , where an attacker with the appropriate level of authorization can cause a buffer overflow, which may lead to denial of service, information disclosure, or arbitrary code execution. | 2023-04-22 | 7.8 | CVE-2023-25505 MISC |
nvidia — bmc | NVIDIA DGX-1 BMC contains a vulnerability in the IPMI handler, where an attacker with the appropriate level of authorization can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 2023-04-22 | 7.8 | CVE-2023-25508 MISC |
nvidia — sbios | NVIDIA DGX-1 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, and escalation of privileges. | 2023-04-22 | 7.8 | CVE-2023-25509 MISC |
mindsdb — mindsdb | mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the vulnerability is called a TarSlip or a ZipSlip variant. An attacker may leverage this vulnerability to overwrite any local file which the server process has access to. There is no risk of file exposure with this vulnerability. This issue has been addressed in release `23.2.1.0 `. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-04-21 | 7.5 | CVE-2023-30620 MISC MISC MISC |
encode — starlette | There MultipartParser usage in Encode’s Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause excessive memory usage resulting in denial of service of the HTTP service. | 2023-04-21 | 7.5 | CVE-2023-30798 MISC MISC MISC |
ltos — ltos |
In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. | 2023-04-24 | 7.2 | CVE-2023-1731 MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
nvidia — bmc | NVIDIA DGX-2 contains a vulnerability in OFBD where a user with high privileges and a pre-conditioned heap can cause an access beyond a buffers end, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. | 2023-04-22 | 6.7 | CVE-2023-0200 MISC |
nvidia — bmc | NVIDIA DGX-2 SBIOS contains a vulnerability in Bds, where a user with high privileges can cause a write beyond the bounds of an indexable resource, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 2023-04-22 | 6.7 | CVE-2023-0201 MISC |
microweber — microweber | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository microweber/microweber prior to 1.3.4. | 2023-04-22 | 6.5 | CVE-2023-2239 CONFIRM MISC |
churchcrm — churchcrm | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user’s password except for the user that is currently logged in. | 2023-04-25 | 6.5 | CVE-2023-26841 MISC MISC |
cloverdx — cloverdx | CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. The fixed versions are 5.15.4, 5.16.2, 5.17.3, and 6.0.x. | 2023-04-24 | 6.5 | CVE-2023-31056 MISC |
wpjam — wechat_robot | Reflected Cross-Site Scripting (XSS) vulnerability in Denis ???????? plugin | 2023-04-25 | 6.1 | CVE-2022-45837 MISC |
user_meta_manager_project — user_meta_manager | Reflected Cross-Site Scripting (XSS) vulnerability in Jason Lau User Meta Manager plugin | 2023-04-23 | 6.1 | CVE-2023-22718 MISC |
rarathemes — vryasage_marketing_performance | Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin | 2023-04-23 | 6.1 | CVE-2023-24404 MISC |
churchcrm — churchcrm | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. | 2023-04-25 | 6.1 | CVE-2023-25346 MISC MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-04-27 | 6.1 | CVE-2023-28261 MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-04-27 | 6.1 | CVE-2023-28286 MISC |
cesanta — mjs | Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). | 2023-04-24 | 5.5 | CVE-2023-29570 MISC MISC |
1app — 1app_business_forms | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin | 2023-04-23 | 5.4 | CVE-2022-44631 MISC |
blueglass — jobs_for_wordpress | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin | 2023-04-23 | 5.4 | CVE-2022-44743 MISC |
phpmyfaq — phpmyfaq | Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | 2023-04-22 | 5.4 | CVE-2023-1875 MISC CONFIRM |
devolutions — devolutions_server | Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific endpoints. | 2023-04-21 | 5.4 | CVE-2023-2118 MISC |
theme_blvd_responsive_google_maps_project — theme_blvd_responsive_google_maps | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jason Bobich Theme Blvd Responsive Google Maps plugin | 2023-04-23 | 5.4 | CVE-2023-22698 MISC |
portfolio_slideshow_project — portfolio_slideshow | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin | 2023-04-23 | 5.4 | CVE-2023-23717 MISC |
simple_pdf_viewer_project — simple_pdf_viewer | Auth. (contrinbutor+) Cross-Site Scripting (XSS) vulnerability in WebArea | Vera Nedvyzhenko Simple PDF Viewer plugin | 2023-04-23 | 5.4 | CVE-2023-23817 MISC |
google_maps_v3_shortcode_project — google_maps_v3_shortcode | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Google Maps v3 Shortcode plugin | 2023-04-23 | 5.4 | CVE-2023-23827 MISC |
ultimate_wp_query_search_filter_project — ultimate_wp_query_search_filter | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin | 2023-04-23 | 5.4 | CVE-2023-23832 MISC |
interactive_geo_maps_project — interactive_geo_maps | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Carlos Moreira Interactive Geo Maps plugin | 2023-04-25 | 5.4 | CVE-2023-23866 MISC |
fullworksplugins — quick_paypal_payments | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin | 2023-04-25 | 5.4 | CVE-2023-23889 MISC |
churchcrm — churchcrm | A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the “Title” Input Field in EventEditor.php. | 2023-04-25 | 5.4 | CVE-2023-25347 MISC MISC |
churchcrm — churchcrm | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. | 2023-04-25 | 5.4 | CVE-2023-26843 MISC MISC |
machothemes — regina_lite | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme | 2023-04-25 | 5.4 | CVE-2023-27619 MISC |
churchcrm — churchcrm | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. | 2023-04-25 | 5.3 | CVE-2023-26840 MISC MISC |
changingtec — motp |
ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | 2023-04-27 | 4.9 | CVE-2023-22901 CONFIRM |
apptivo — apptivo_business_site_crm | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin | 2023-04-23 | 4.8 | CVE-2022-44582 MISC |
codebangers — all_in_one_time_clock_lite | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin | 2023-04-23 | 4.8 | CVE-2022-44594 MISC |
0mk_shortener_project — 0mk_shortener | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin | 2023-04-23 | 4.8 | CVE-2022-45361 MISC |
wp-olivecart_project — wp-olivecart | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin | 2023-04-23 | 4.8 | CVE-2022-47435 MISC |
fullworksplugins — quick_contact_form | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin | 2023-04-25 | 4.8 | CVE-2022-47608 MISC |
miniorange — wordpress_social_login_and_register_(discord,_google,_twitter,_linkedin) | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin | 2023-04-25 | 4.8 | CVE-2023-23710 MISC |
wordpress_custom_settings_project — wordpress_custom_settings | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Davinder Singh Custom Settings plugin | 2023-04-23 | 4.8 | CVE-2023-23806 MISC |
sitemap_index_project — sitemap_index | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Twardes Sitemap Index plugin | 2023-04-23 | 4.8 | CVE-2023-23816 MISC |
tinymce_custom_styles_project — tinymce_custom_styles | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tim Reeves & David Stöckl TinyMCE Custom Styles plugin | 2023-04-25 | 4.8 | CVE-2023-23995 MISC |
winwar — inline_tweet_sharer | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media Inline Tweet Sharer – Twitter Sharing Plugin plugin | 2023-04-25 | 4.8 | CVE-2023-24005 MISC |
ai_contact_us_form_project — ai_contact_us_form | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin | 2023-04-23 | 4.8 | CVE-2023-24386 MISC |
wpchill — cpo_content_types | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill CPO Content Types plugin | 2023-04-23 | 4.8 | CVE-2023-25451 MISC |
smartlogix — wp-insert | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in namithjawahar Wp-Insert plugin | 2023-04-25 | 4.8 | CVE-2023-25461 MISC |
podlove — podlove_subscribe_button | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Subscribe button plugin | 2023-04-25 | 4.8 | CVE-2023-25479 MISC |
simple_yearly_archive_project — simple_yearly_archive | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Oliver Schlöbe Simple Yearly Archive plugin | 2023-04-25 | 4.8 | CVE-2023-25484 MISC |
json-content-importer — json_content_importer | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bernhard Kux JSON Content Importer plugin | 2023-04-25 | 4.8 | CVE-2023-25485 MISC |
archivist_-_custom_archive_templates_project — archivist_-_custom_archive_templates | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin | 2023-04-25 | 4.8 | CVE-2023-25490 MISC |
digitalblue — click_to_call_or_chat_buttons | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DIGITALBLUE Click to Call or Chat Buttons plugin | 2023-04-25 | 4.8 | CVE-2023-25710 MISC |
link_juice_keeper_project — link_juice_keeper | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in George Pattihis Link Juice Keeper plugin | 2023-04-25 | 4.8 | CVE-2023-25793 MISC |
electric_studio_client_login_project — electric_studio_client_login | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in James Irving-Swift Electric Studio Client Login plugin | 2023-04-23 | 4.8 | CVE-2023-27425 MISC |
motor_racing_league_project — motor_racing_league | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Ian Haycox Motor Racing League plugin | 2023-04-23 | 4.8 | CVE-2023-27614 MISC |
nvidia — sbios | NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM variable at runtime by executing privileged code. A successful exploit of this vulnerability may lead to denial of service. | 2023-04-22 | 4.4 | CVE-2023-0207 MISC |
churchcrm — churchcrm | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. | 2023-04-25 | 4.3 | CVE-2023-26839 MISC MISC |
microsoft — edge |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-04-28 | 4.3 | CVE-2023-29334 MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordpress — wordpress |
A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. | 2023-04-24 | not yet calculated | CVE-2012-10013 MISC MISC MISC MISC |
wordpress — wordpress |
A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232. | 2023-04-24 | not yet calculated | CVE-2012-10014 MISC MISC MISC MISC |
arc — arc |
ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | 2023-04-26 | not yet calculated | CVE-2012-5872 MISC |
arc — arc |
ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | 2023-04-26 | not yet calculated | CVE-2012-5873 MISC |
hongcms — hongcms |
Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | 2023-04-28 | not yet calculated | CVE-2020-21643 MISC |
boxbilling — boxbilling |
Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | 2023-04-28 | not yet calculated | CVE-2020-23647 MISC |
yoyager — yoyager |
Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | 2023-04-26 | not yet calculated | CVE-2020-36070 MISC |
ibm — counter_fraud_management_for_safer_payments |
IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. | 2023-04-28 | not yet calculated | CVE-2020-4729 MISC MISC |
odoo — community/enterprise |
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | 2023-04-25 | not yet calculated | CVE-2021-23166 MISC |
odoo — community/enterprise |
Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. | 2023-04-25 | not yet calculated | CVE-2021-23176 MISC |
odoo — community/enterprise |
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim’s payment method to be charged instead. | 2023-04-25 | not yet calculated | CVE-2021-23178 MISC |
odoo — community/enterprise |
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | 2023-04-25 | not yet calculated | CVE-2021-23186 MISC |
odoo — community/enterprise |
Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | 2023-04-25 | not yet calculated | CVE-2021-23203 MISC |
odoo — community/enterprise |
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 2023-04-25 | not yet calculated | CVE-2021-26263 MISC |
odoo — community/enterprise |
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | 2023-04-25 | not yet calculated | CVE-2021-26947 MISC |
ribose — rnp |
Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | 2023-04-21 | not yet calculated | CVE-2021-33589 MISC MISC |
odoo — community/enterprise |
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | 2023-04-25 | not yet calculated | CVE-2021-44460 MISC |
odoo — community/enterprise |
Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim. | 2023-04-25 | not yet calculated | CVE-2021-44461 MISC |
odoo — community/enterprise |
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | 2023-04-25 | not yet calculated | CVE-2021-44465 MISC |
odoo — community/enterprise |
A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | 2023-04-25 | not yet calculated | CVE-2021-44476 MISC |
odoo — community/enterprise |
A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | 2023-04-25 | not yet calculated | CVE-2021-44547 MISC |
odoo — community/enterprise |
Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 2023-04-25 | not yet calculated | CVE-2021-44775 MISC |
odoo — community/enterprise |
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | 2023-04-25 | not yet calculated | CVE-2021-45071 MISC |
odoo — community/enterprise |
Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | 2023-04-25 | not yet calculated | CVE-2021-45111 MISC |
pingid — pingid |
PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 2023-04-25 | not yet calculated | CVE-2022-23721 MISC |
infopop_ultimate_bulletin_board — infopop_ultimate_bulletin_board |
Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. | 2023-04-27 | not yet calculated | CVE-2022-25091 MISC MISC MISC MISC MISC |
drupal — core |
Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | 2023-04-26 | not yet calculated | CVE-2022-25273 CONFIRM |
drupal — core |
Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal’s revision system. | 2023-04-26 | not yet calculated | CVE-2022-25274 CONFIRM |
drupal — core |
In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the “private” file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config[‘image.settings’][‘allow_insecure_derivatives’] or (Drupal 7) $conf[‘image_allow_insecure_derivatives’] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. | 2023-04-26 | not yet calculated | CVE-2022-25275 CONFIRM |
drupal — core |
The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | 2023-04-26 | not yet calculated | CVE-2022-25276 CONFIRM |
drupal — core |
Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files’ filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core’s default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads. | 2023-04-26 | not yet calculated | CVE-2022-25277 CONFIRM |
drupal — core |
Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected. | 2023-04-26 | not yet calculated | CVE-2022-25278 CONFIRM |
tooljet — tooljet |
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | 2023-04-26 | not yet calculated | CVE-2022-27978 MISC MISC |
tooljet — tooljet |
A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | 2023-04-26 | not yet calculated | CVE-2022-27979 MISC MISC |
mybb — mybb |
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. | 2023-04-24 | not yet calculated | CVE-2022-28354 MISC MISC |
nokia — onends |
Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | 2023-04-25 | not yet calculated | CVE-2022-31244 MISC MISC |
hp — bios |
A potential security vulnerability has been identified in the system BIOS for certain HP PC products which may allow loss of integrity. HP is releasing firmware updates to mitigate the potential vulnerability. | 2023-04-28 | not yet calculated | CVE-2022-31643 MISC |
docker_desktop_for_windows — docker_desktop_for_windows |
Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | 2023-04-27 | not yet calculated | CVE-2022-31647 MISC MISC |
docker_desktop_for_windows — docker_desktop_for_windows |
Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | 2023-04-27 | not yet calculated | CVE-2022-34292 MISC MISC |
ibm — cloud_pak_for_data |
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product’s environment. IBM X-Force ID: 232034. | 2023-04-26 | not yet calculated | CVE-2022-36769 MISC MISC |
solarwinds_platform — solarwinds_platform |
The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. | 2023-04-21 | not yet calculated | CVE-2022-36963 MISC MISC |
docker_desktop_for_windows — docker_desktop_for_windows |
Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | 2023-04-27 | not yet calculated | CVE-2022-37326 MISC MISC |
sage_300 — sage_300 |
On versions of Sage 300 2017 – 2022 (6.4.x – 6.9.x) which are setup in a “Windows Peer-to-Peer Network” or “Client Server Network” configuration, a low-privileged Sage 300 workstation user could abuse their access to the “SharedData” folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | 2023-04-28 | not yet calculated | CVE-2022-38583 MISC MISC |
docker — desktop |
Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..dataRootnetworkfileslocal-kv.db because of a TOCTOU race condition. | 2023-04-27 | not yet calculated | CVE-2022-38730 MISC MISC |
fighting_cock_information_system — fighting_cock_information_system |
An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | 2023-04-26 | not yet calculated | CVE-2022-39989 MISC MISC MISC |
laravel — laravel |
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the IlluminateAuthSessionGuard class when a user is found to not exist. | 2023-04-25 | not yet calculated | CVE-2022-40482 CONFIRM CONFIRM MISC MISC |
pingidentity — multiple_products |
A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | 2023-04-25 | not yet calculated | CVE-2022-40722 MISC MISC |
pingidentity — radius |
The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 2023-04-25 | not yet calculated | CVE-2022-40723 MISC |
pingidentity — pingfederate |
The PingFederate Local Identity Profiles ‘/pf/idprofile.ping’ endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 2023-04-25 | not yet calculated | CVE-2022-40724 MISC |
pingidentity — desktop |
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | 2023-04-25 | not yet calculated | CVE-2022-40725 MISC |
sage — 300 |
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key (“LandlordPassKey”) to encrypt and decrypt secrets stored in configuration files and in database tables. | 2023-04-28 | not yet calculated | CVE-2022-41397 MISC |
sage — 300 |
The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | 2023-04-28 | not yet calculated | CVE-2022-41398 MISC |
sage — 300 |
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key (“PASS_KEY”) to encrypt and decrypt the database connection string for the PORTAL database found in the “dbconfig.xml”. This issue could allow attackers to obtain access to the SQL database. | 2023-04-28 | not yet calculated | CVE-2022-41399 MISC |
sage — 300 |
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | 2023-04-28 | not yet calculated | CVE-2022-41400 MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin | 2023-04-24 | not yet calculated | CVE-2022-41612 MISC |
ibm — spectrum_scale |
IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0 contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. | 2023-04-29 | not yet calculated | CVE-2022-41736 MISC MISC |
ibm — spectrum_scale |
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. | 2023-04-26 | not yet calculated | CVE-2022-41739 MISC MISC |
xen — x86 |
x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. | 2023-04-25 | not yet calculated | CVE-2022-42335 MISC CONFIRM MLIST FEDORA |
ibm — financial_transaction_manager |
IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | 2023-04-29 | not yet calculated | CVE-2022-43871 MISC MISC |
ming — libming |
libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427. | 2023-04-26 | not yet calculated | CVE-2022-44232 MISC |
wordpress — wordpress |
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin | 2023-04-24 | not yet calculated | CVE-2022-45084 MISC |
pws_dashboard — pws_dashboard |
PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. | 2023-04-25 | not yet calculated | CVE-2022-45291 MISC MISC |
acronis — agent |
Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. | 2023-04-26 | not yet calculated | CVE-2022-45456 MISC |
visam — vbase |
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | 2023-04-26 | not yet calculated | CVE-2022-45876 MISC MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin | 2023-04-24 | not yet calculated | CVE-2022-47158 MISC |
solarwinds — platform |
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. | 2023-04-21 | not yet calculated | CVE-2022-47505 MISC MISC |
solarwinds — platform |
The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. | 2023-04-21 | not yet calculated | CVE-2022-47509 MISC MISC |
wordpress — wordpress |
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin | 2023-04-24 | not yet calculated | CVE-2022-47598 MISC |
nanoleaf — firmware |
Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack. | 2023-04-27 | not yet calculated | CVE-2022-47758 MISC MISC |
Io.finnet — tss-lib |
An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. | 2023-04-21 | not yet calculated | CVE-2022-47930 MISC MISC |
shopware — shopware |
Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | 2023-04-21 | not yet calculated | CVE-2022-48150 MISC |
jetbrains — ktor |
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible | 2023-04-24 | not yet calculated | CVE-2022-48476 MISC |
jetbrains — hub |
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing | 2023-04-24 | not yet calculated | CVE-2022-48477 MISC |
jetbrains — toolbox |
In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | 2023-04-28 | not yet calculated | CVE-2022-48481 MISC |
linux — kernel |
The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 | 2023-04-25 | not yet calculated | CVE-2023-0045 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 2023-04-22 | not yet calculated | CVE-2023-0184 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. | 2023-04-22 | not yet calculated | CVE-2023-0190 MISC |
nvidia — gpu_display_driver |
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | 2023-04-22 | not yet calculated | CVE-2023-0199 MISC |
nvidia — dgx_a100_sbios |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | 2023-04-22 | not yet calculated | CVE-2023-0202 MISC |
nvidia — connectx |
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 2023-04-22 | not yet calculated | CVE-2023-0203 MISC |
nvidia — connectx |
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. | 2023-04-22 | not yet calculated | CVE-2023-0204 MISC |
nvidia — connectx |
NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. | 2023-04-22 | not yet calculated | CVE-2023-0205 MISC |
nvidia — dgx_a100_sbios |
NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. | 2023-04-22 | not yet calculated | CVE-2023-0206 MISC |
wordpress — wordpress |
The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-04-24 | not yet calculated | CVE-2023-0276 MISC |
wordpress — wordpress |
The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | 2023-04-24 | not yet calculated | CVE-2023-0388 MISC |
wordpress — wordpress |
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-04-24 | not yet calculated | CVE-2023-0418 MISC |
wordpress — wordpress |
The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF | 2023-04-24 | not yet calculated | CVE-2023-0420 MISC |
wordpress — wordpress |
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks | 2023-04-24 | not yet calculated | CVE-2023-0424 MISC |
linux — kernel |
A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the ‘rlim’ variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | 2023-04-26 | not yet calculated | CVE-2023-0458 MISC MISC |
hypr — workforce_access |
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1. | 2023-04-28 | not yet calculated | CVE-2023-0834 MISC |
wordpress — wordpress |
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. | 2023-04-24 | not yet calculated | CVE-2023-0899 MISC |
wordpress — wordpress |
The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 2023-04-24 | not yet calculated | CVE-2023-1020 MISC |
wordpress — wordpress |
The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks | 2023-04-24 | not yet calculated | CVE-2023-1126 MISC |
wordpress — wordpress |
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. | 2023-04-24 | not yet calculated | CVE-2023-1129 MISC |
wordpress — wordpress |
The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-04-24 | not yet calculated | CVE-2023-1324 MISC |
grafana — grafana |
Grafana is an open-source platform for monitoring and observability. Starting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. By enabling the “url_login” configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana. | 2023-04-26 | not yet calculated | CVE-2023-1387 MISC MISC |
wordpress — wordpress |
The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours | 2023-04-24 | not yet calculated | CVE-2023-1414 MISC |
wordpress — wordpress |
The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-04-24 | not yet calculated | CVE-2023-1420 MISC |
wordpress — wordpress |
The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-04-24 | not yet calculated | CVE-2023-1435 MISC |
hypr — keycloak_authenticator |
Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3. | 2023-04-28 | not yet calculated | CVE-2023-1477 MISC |
hp — multiple_products |
Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. | 2023-04-28 | not yet calculated | CVE-2023-1526 MISC |
wordpress — wordpress |
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack. | 2023-04-24 | not yet calculated | CVE-2023-1623 MISC |
wordpress — wordpress |
The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders | 2023-04-24 | not yet calculated | CVE-2023-1624 MISC |
gajshield — data_security_firewall |
This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems. The vulnerability has been addressed by forcing the user to change their default password to a new non-default password. | 2023-04-27 | not yet calculated | CVE-2023-1778 MISC |
canonical — cloud_init |
Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | 2023-04-26 | not yet calculated | CVE-2023-1786 MISC MISC MISC |
sidekiq — sidekiq |
Cross-site Scripting (XSS) – Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. | 2023-04-21 | not yet calculated | CVE-2023-1892 MISC CONFIRM |
illumina — universal_copy_service | Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product. | 2023-04-28 | not yet calculated | CVE-2023-1966 MISC MISC |
keysight — n8844a_data_analytics_web_service |
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 2023-04-27 | not yet calculated | CVE-2023-1967 MISC |
illumina — universal_copy_service |
Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. | 2023-04-28 | not yet calculated | CVE-2023-1968 MISC MISC |
linux — kernel |
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. | 2023-04-21 | not yet calculated | CVE-2023-1998 MISC MISC MISC |
linux — kernel |
A race condition was found in the Linux kernel’s RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. | 2023-04-24 | not yet calculated | CVE-2023-2006 MISC MISC MISC |
linux — dpt_I2O_controller_driver |
The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | 2023-04-24 | not yet calculated | CVE-2023-2007 MISC |
linux — kernel |
A flaw was found in the Linux kernel’s netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | 2023-04-24 | not yet calculated | CVE-2023-2019 MISC MISC MISC |
vmware — multiple_products |
VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 2023-04-25 | not yet calculated | CVE-2023-20869 MISC |
vmware — multiple_products |
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 2023-04-25 | not yet calculated | CVE-2023-20870 MISC |
vmware — fusion |
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | 2023-04-25 | not yet calculated | CVE-2023-20871 MISC |
vmware — multiple_products |
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | 2023-04-25 | not yet calculated | CVE-2023-20872 MISC |
dassault — delmia_apriso |
A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. | 2023-04-21 | not yet calculated | CVE-2023-2139 MISC |
dassault systèmes — delmia_apriso |
A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application. | 2023-04-21 | not yet calculated | CVE-2023-2140 MISC |
dassault systèmes — delmia_apriso |
An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution. | 2023-04-21 | not yet calculated | CVE-2023-2141 MISC |
dassault systèmes — delmia_apriso |
Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user’s account by crafting a custom “Remember Me” token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C | 2023-04-27 | not yet calculated | CVE-2023-2158 MISC |
synopsys — code_dx |
Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. | 2023-04-21 | not yet calculated | CVE-2023-2202 MISC CONFIRM |
rosariosis — rosariosis |
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2204 MISC MISC MISC |
campcodes — retro_basketball_shoes_online_store |
A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2205 MISC MISC MISC |
campcodes — retro_basketball_shoes_online_store |
A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971. | 2023-04-21 | not yet calculated | CVE-2023-2206 MISC MISC MISC |
campcodes — retro_basketball_shoes_online_store |
A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972. | 2023-04-21 | not yet calculated | CVE-2023-2207 MISC MISC MISC |
campcodes — retro_basketball_shoes_online_store |
A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2208 MISC MISC MISC |
campcodes — retro_basketball_shoes_online_store |
A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2209 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226975. | 2023-04-21 | not yet calculated | CVE-2023-2210 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976. | 2023-04-21 | not yet calculated | CVE-2023-2211 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2212 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226978 is the identifier assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2213 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226979. | 2023-04-21 | not yet calculated | CVE-2023-2214 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980. | 2023-04-21 | not yet calculated | CVE-2023-2215 MISC MISC MISC |
campcodes — coffee_shop_pos_system |
A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2216 MISC MISC MISC |
sourcecodester — task_reminder_system |
A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983. | 2023-04-21 | not yet calculated | CVE-2023-2217 MISC MISC MISC |
sourcecodester — task_reminder_system |
A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226984. | 2023-04-21 | not yet calculated | CVE-2023-2218 MISC MISC MISC |
sourcecodester — task_reminder_system |
A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2219 MISC MISC MISC |
dream_technology — mica |
A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-2220 MISC MISC MISC |
rapid7 — velociraptor |
Due to insufficient validation in the PE and OLE parsers in Rapid7’s Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts. | 2023-04-21 | not yet calculated | CVE-2023-2226 MISC |
modoboa — modoboa |
Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | 2023-04-21 | not yet calculated | CVE-2023-2227 MISC CONFIRM |
modoboa — modoboa |
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. | 2023-04-21 | not yet calculated | CVE-2023-2228 CONFIRM MISC |
maxtech — max_g866ac |
A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-21 | not yet calculated | CVE-2023-2231 MISC MISC MISC |
microweber — microweber |
Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. | 2023-04-22 | not yet calculated | CVE-2023-2240 CONFIRM MISC |
sourcecodester — online_computer_and_laptop_store |
A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227. | 2023-04-22 | not yet calculated | CVE-2023-2242 MISC MISC MISC |
sourcecodester — complaint_management_system |
A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228. | 2023-04-22 | not yet calculated | CVE-2023-2243 MISC MISC MISC |
hansuncms — hansuncms |
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. | 2023-04-22 | not yet calculated | CVE-2023-2245 MISC MISC MISC |
hansuncms — hansuncms |
A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | 2023-04-24 | not yet calculated | CVE-2023-2250 MISC |
eemeli — eemeli_yaml |
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-4. | 2023-04-24 | not yet calculated | CVE-2023-2251 MISC CONFIRM |
devolutions — workspace_desktop |
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented “Force Login” security feature. This vulnerability occurs only if “Force Login” feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. | 2023-04-24 | not yet calculated | CVE-2023-2257 MISC |
cern — white_rabbit_switch |
Within White Rabbit Switch it’s possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. | 2023-04-24 | not yet calculated | CVE-2023-22577 MISC MISC |
alf.io — alfio_event |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 2023-04-24 | not yet calculated | CVE-2023-2258 CONFIRM MISC |
cern — white_rabbit_switch |
White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user). | 2023-04-24 | not yet calculated | CVE-2023-22581 MISC MISC |
alf.io — alfio_event |
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 2023-04-24 | not yet calculated | CVE-2023-2259 CONFIRM MISC |
alf.io — alfio_event |
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 2023-04-24 | not yet calculated | CVE-2023-2260 MISC CONFIRM |
apache_software_foundation — apache_jena |
There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | 2023-04-25 | not yet calculated | CVE-2023-22665 MISC |
trinitronic — nice_paypal_button_lite |
Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin | 2023-04-23 | not yet calculated | CVE-2023-22686 MISC |
linux — kernel |
A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | 2023-04-25 | not yet calculated | CVE-2023-2269 MISC |
silverstripe — silverstripe_framework |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | 2023-04-26 | not yet calculated | CVE-2023-22728 MISC MISC |
silverstripe — silverstripe_framework |
Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | 2023-04-26 | not yet calculated | CVE-2023-22729 MISC MISC |
rapid7 — insight_agent |
Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. | 2023-04-26 | not yet calculated | CVE-2023-2273 MISC |
mattermost — mattermost |
When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team. | 2023-04-25 | not yet calculated | CVE-2023-2281 MISC |
devolutions — remote_desktop_manager |
Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. | 2023-04-25 | not yet calculated | CVE-2023-2282 MISC |
postgresql — zoho_manageengine_multiple_products |
Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | 2023-04-26 | not yet calculated | CVE-2023-2291 MISC |
zyxel — usg_flex_series_firmware |
A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. | 2023-04-24 | not yet calculated | CVE-2023-22913 CONFIRM |
zyxel — usg_flex_series_firmware |
A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | 2023-04-24 | not yet calculated | CVE-2023-22914 CONFIRM |
zyxel — usg_flex_series_firmware |
A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. | 2023-04-24 | not yet calculated | CVE-2023-22915 CONFIRM |
zyxel — atp_series_firmware |
The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. | 2023-04-24 | not yet calculated | CVE-2023-22916 CONFIRM |
zyxel — atp_series_firmware |
A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. | 2023-04-24 | not yet calculated | CVE-2023-22917 CONFIRM |
zyxel — atp_series_firmware |
A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | 2023-04-24 | not yet calculated | CVE-2023-22918 CONFIRM |
sourcecodester — purchase_order_management_system |
A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463. | 2023-04-25 | not yet calculated | CVE-2023-2293 MISC MISC MISC |
ucms — ucms |
A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability. | 2023-04-26 | not yet calculated | CVE-2023-2294 MISC MISC MISC |
wordpress — wordpress |
The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability. | 2023-04-27 | not yet calculated | CVE-2023-2297 MISC MISC MISC MISC |
builderio — qwik |
Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | 2023-04-26 | not yet calculated | CVE-2023-2307 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2322 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2323 CONFIRM MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2327 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2328 CONFIRM MISC |
pimcore — pimcore |
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0. | 2023-04-27 | not yet calculated | CVE-2023-2331 MISC |
pimcore — pimcore |
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0. | 2023-04-27 | not yet calculated | CVE-2023-2335 MISC |
pimcore — pimcore |
Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2336 MISC CONFIRM |
pimcore — pimcore |
SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2338 CONFIRM MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2339 CONFIRM MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2340 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2341 MISC CONFIRM |
pimcore — pimcore |
Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2342 CONFIRM MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-27 | not yet calculated | CVE-2023-2343 MISC CONFIRM |
sourcecodester — service_provider_management_system |
A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587. | 2023-04-27 | not yet calculated | CVE-2023-2344 MISC MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | 2023-04-27 | not yet calculated | CVE-2023-2345 MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. | 2023-04-27 | not yet calculated | CVE-2023-2346 MISC MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability. | 2023-04-27 | not yet calculated | CVE-2023-2347 MISC MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591. | 2023-04-27 | not yet calculated | CVE-2023-2348 MISC MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592. | 2023-04-27 | not yet calculated | CVE-2023-2349 MISC MISC MISC |
sourcecodester — service_provider_management_system |
A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability. | 2023-04-27 | not yet calculated | CVE-2023-2350 MISC MISC MISC |
acronis — snap_deploy |
Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | 2023-04-27 | not yet calculated | CVE-2023-2355 MISC |
mlflow — mlflow |
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | 2023-04-28 | not yet calculated | CVE-2023-2356 MISC CONFIRM |
acronis — cyber_infrastructure |
Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | 2023-04-28 | not yet calculated | CVE-2023-2360 MISC |
pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 2023-04-28 | not yet calculated | CVE-2023-2361 CONFIRM MISC |
sourcecodester — resort_reservation_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. | 2023-04-28 | not yet calculated | CVE-2023-2363 MISC MISC MISC |
sourcecodester — resort_reservation_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. | 2023-04-28 | not yet calculated | CVE-2023-2364 MISC MISC MISC |
sourcecodester — faculty_evaluation_system |
A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2365 MISC MISC MISC |
sourcecodester — faculty_evaluation_system |
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2366 MISC MISC MISC |
sourcecodester — faculty_evaluation_system |
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. | 2023-04-28 | not yet calculated | CVE-2023-2367 MISC MISC MISC |
sourcecodester — faculty_evaluation_system |
A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. | 2023-04-28 | not yet calculated | CVE-2023-2368 MISC MISC MISC |
sourcecodester — faculty_evaluation_system | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2369 MISC MISC MISC |
sourcecodester — online_dj_management_ system |
A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2370 MISC MISC MISC |
sourcecodester — online_dj_management_system |
A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. | 2023-04-28 | not yet calculated | CVE-2023-2371 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. | 2023-04-28 | not yet calculated | CVE-2023-2372 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2373 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2374 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651. | 2023-04-28 | not yet calculated | CVE-2023-2375 MISC MISC MISC |
vi-solutions — visforms_base_package_for_joomla_3 |
The ‘Visforms Base Package for Joomla 3’ extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it. | 2023-04-23 | not yet calculated | CVE-2023-23753 MISC MISC |
uniquiti — edgerouter_x |
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652. | 2023-04-28 | not yet calculated | CVE-2023-2376 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2377 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2378 MISC MISC MISC |
uniquiti — edgerouter_x |
A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655. | 2023-04-28 | not yet calculated | CVE-2023-2379 MISC MISC MISC |
netgear — srx5308 |
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2380 MISC MISC MISC |
netgear — srx5308 |
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2381 MISC MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2382 MISC MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2383 MISC MISC MISC |
solarwinds — database_performance_analyzer |
No exception handling vulnerability which revealed sensitive or excessive information to users. | 2023-04-25 | not yet calculated | CVE-2023-23837 MISC MISC |
solarwinds — database_performance_analyzer |
Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 2023-04-25 | not yet calculated | CVE-2023-23838 MISC MISC |
solarwinds — solarwinds_platform |
The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | 2023-04-25 | not yet calculated | CVE-2023-23839 MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2384 MISC MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2385 MISC MISC MISC |
netgear — srx5308 |
A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2386 MISC MISC MISC |
netgear — srx5308 |
A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2387 MISC MISC MISC |
netgear — srx5308 |
A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2388 MISC MISC MISC |
netgear — srx5308 |
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2389 MISC MISC MISC |
jamie_poitra — m_chart |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin | 2023-04-24 | not yet calculated | CVE-2023-23892 MISC |
netgear — srx5308 |
A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2390 MISC MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2391 MISC MISC MISC |
netgear — srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2392 MISC MISC MISC |
netgear – srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2393 MISC MISC MISC |
netgear – srx5308 |
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2394 MISC MISC MISC |
netgear – srx5308 |
A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2395 MISC MISC MISC |
netgear – srx5308 |
A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-28 | not yet calculated | CVE-2023-2396 MISC MISC MISC |
sourcecodester — simple_mobile_comparison_website |
A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. | 2023-04-28 | not yet calculated | CVE-2023-2397 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2408 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. | 2023-04-28 | not yet calculated | CVE-2023-2409 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | 2023-04-28 | not yet calculated | CVE-2023-2410 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. | 2023-04-28 | not yet calculated | CVE-2023-2411 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2412 MISC MISC MISC |
sourcecodester — ac_repair_and_services_system |
A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. | 2023-04-29 | not yet calculated | CVE-2023-2413 MISC MISC MISC |
ks-soft — advanced_host_monitor |
A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:Program Files (x86)HostMonitorRMA-Winrma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2417 MISC MISC |
konga — konga |
A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. | 2023-04-29 | not yet calculated | CVE-2023-2418 MISC MISC MISC |
zhong_bang — crmeb |
A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file crmebappservicessystemattachmentSystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | 2023-04-29 | not yet calculated | CVE-2023-2419 MISC MISC MISC |
mlecms — mlecms |
A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file uploadincincludecommon.func.php. The manipulation of the argument $_SERVER[‘REQUEST_URI’] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2420 MISC MISC MISC |
control_id — rhid |
A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-04-29 | not yet calculated | CVE-2023-2421 MISC MISC MISC |
dedecms — dedecms |
A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | 2023-04-29 | not yet calculated | CVE-2023-2424 MISC MISC MISC |
sourcecodester — simple_student_information_system |
A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. | 2023-04-29 | not yet calculated | CVE-2023-2425 MISC MISC MISC |
vim — vim |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | 2023-04-29 | not yet calculated | CVE-2023-2426 CONFIRM MISC |
textpattern — textpattern |
An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | 2023-04-28 | not yet calculated | CVE-2023-24269 MISC |
arista_networks — terminattr |
On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | 2023-04-25 | not yet calculated | CVE-2023-24512 MISC |
vinga — wr-ac1200 |
Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints. | 2023-04-26 | not yet calculated | CVE-2023-24796 MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 2023-04-24 | not yet calculated | CVE-2023-24818 MISC MISC MISC MISC MISC MISC MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 2023-04-24 | not yet calculated | CVE-2023-24819 MISC MISC MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually. | 2023-04-24 | not yet calculated | CVE-2023-24820 MISC MISC MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 2023-04-24 | not yet calculated | CVE-2023-24821 MISC MISC MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | 2023-04-24 | not yet calculated | CVE-2023-24822 MISC MISC MISC |
riot-os — riot |
RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | 2023-04-24 | not yet calculated | CVE-2023-24823 MISC MISC MISC |
ibm — websphere_application_server |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | 2023-04-27 | not yet calculated | CVE-2023-24966 MISC MISC |
cyberpower — powerpanel_business_local_remote |
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the ‘admin’ password. | 2023-04-24 | not yet calculated | CVE-2023-25131 MISC MISC MISC MISC MISC |
cyberpower — powerpanel_business_local_remote |
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | 2023-04-24 | not yet calculated | CVE-2023-25132 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
cyberpower — powerpanel_business_local_remote |
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. | 2023-04-24 | not yet calculated | CVE-2023-25133 MISC MISC MISC MISC MISC |
intermesh — group-office |
Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | 2023-04-27 | not yet calculated | CVE-2023-25292 MISC MISC MISC |
world_wide_broadcast_network — avideo |
OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | 2023-04-25 | not yet calculated | CVE-2023-25313 MISC |
world_wide_broadcast_network — avideo |
Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | 2023-04-25 | not yet calculated | CVE-2023-25314 MISC |
vtech – vcs754 |
An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. | 2023-04-27 | not yet calculated | CVE-2023-25437 MISC MISC |
lenovo — xclarity_controller |
A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | 2023-04-28 | not yet calculated | CVE-2023-25495 MISC |
nvidia — cuda_toolkit |
A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | 2023-04-28 | not yet calculated | CVE-2023-25496 MISC |
nvidia — cuda_toolkit |
NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. | 2023-04-22 | not yet calculated | CVE-2023-25510 MISC |
nvidia — cuda_toolkit |
NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service. | 2023-04-22 | not yet calculated | CVE-2023-25511 MISC |
nvidia — cuda_toolkit |
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 2023-04-22 | not yet calculated | CVE-2023-25512 MISC |
nvidia — cuda_toolkit |
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 2023-04-22 | not yet calculated | CVE-2023-25513 MISC |
nvidia — cuda_toolkit |
NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. | 2023-04-22 | not yet calculated | CVE-2023-25514 MISC |
git — git |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply –reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `–reject` when applying patches from an untrusted source. Use `git apply –stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | 2023-04-25 | not yet calculated | CVE-2023-25652 MISC MISC MISC MISC MISC MISC |
git — git |
In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function’s implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:mingw64sharelocale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:` (and since `C:mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:`. | 2023-04-25 | not yet calculated | CVE-2023-25815 MISC MISC MISC MISC MISC MISC MISC MISC |
ibm – db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | 2023-04-28 | not yet calculated | CVE-2023-25930 MISC MISC |
ibm – db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | 2023-04-28 | not yet calculated | CVE-2023-26021 MISC MISC |
ibm – db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | 2023-04-28 | not yet calculated | CVE-2023-26022 MISC MISC |
nokia — netact |
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 2023-04-25 | not yet calculated | CVE-2023-26057 MISC MISC |
nokia — netact |
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 2023-04-25 | not yet calculated | CVE-2023-26058 MISC MISC |
nokia — netact |
An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | 2023-04-24 | not yet calculated | CVE-2023-26059 MISC MISC |
nokia — netact |
An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 2023-04-24 | not yet calculated | CVE-2023-26060 MISC MISC |
nokia — netact |
An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 2023-04-24 | not yet calculated | CVE-2023-26061 MISC MISC |
telindus — apsal | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | 2023-04-24 | not yet calculated | CVE-2023-26097 MISC MISC |
telindus — apsal |
An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | 2023-04-25 | not yet calculated | CVE-2023-26098 MISC MISC |
telindus — apsal |
An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. | 2023-04-24 | not yet calculated | CVE-2023-26099 MISC MISC |
progress — flowmon_os |
In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user’s web browser. | 2023-04-21 | not yet calculated | CVE-2023-26100 MISC MISC |
progress — flowmon_packet_investigator |
In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance’s local filesystem. | 2023-04-21 | not yet calculated | CVE-2023-26101 MISC MISC |
hyundai — gen5w_l_in-vehicle_infotainment_system |
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi. | 2023-04-27 | not yet calculated | CVE-2023-26243 MISC MISC MISC |
hyundai — gen5w_l_in-vehicle_infotainment_system |
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | 2023-04-27 | not yet calculated | CVE-2023-26244 MISC MISC MISC |
hyundai — gen5w_l_in-vehicle_infotainment_system |
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | 2023-04-27 | not yet calculated | CVE-2023-26245 MISC MISC MISC |
hyundai — gen5w_l_in-vehicle_infotainment_system |
An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | 2023-04-27 | not yet calculated | CVE-2023-26246 MISC MISC MISC |
ibm — multiple_products |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. | 2023-04-26 | not yet calculated | CVE-2023-26286 MISC MISC |
lorawan — lorawan-stack |
lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | 2023-04-24 | not yet calculated | CVE-2023-26494 MISC MISC MISC MISC MISC |
io_finnet — tss-lib |
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | 2023-04-21 | not yet calculated | CVE-2023-26556 MISC MISC MISC MISC |
io_finnet — tss-lib |
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) | 2023-04-21 | not yet calculated | CVE-2023-26557 MISC MISC MISC MISC |
northern.tech — cfengine_enterprise |
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | 2023-04-26 | not yet calculated | CVE-2023-26560 MISC MISC |
sangoma — freepbx |
Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | 2023-04-26 | not yet calculated | CVE-2023-26567 MISC MISC MISC |
mccms — mccms |
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | 2023-04-28 | not yet calculated | CVE-2023-26781 MISC |
mccms — mccms |
An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | 2023-04-28 | not yet calculated | CVE-2023-26782 MISC |
jfinal_cms — jfinal_cms |
Command execution vulnerability in the ActionEnter Class ins jfinal CMS version 5.1.0 allows attackers to execute arbitrary code via a created json file to the ueditor route. | 2023-04-28 | not yet calculated | CVE-2023-26812 MISC |
prestashop — bdroppy |
SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. | 2023-04-28 | not yet calculated | CVE-2023-26813 MISC |
xpdf — xpdf |
SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | 2023-04-24 | not yet calculated | CVE-2023-26865 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. | 2023-04-26 | not yet calculated | CVE-2023-26930 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function. | 2023-04-26 | not yet calculated | CVE-2023-26931 MISC MISC |
xpdf — xpdf |
An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter. | 2023-04-26 | not yet calculated | CVE-2023-26934 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc. | 2023-04-26 | not yet calculated | CVE-2023-26935 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc | 2023-04-26 | not yet calculated | CVE-2023-26936 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc | 2023-04-26 | not yet calculated | CVE-2023-26937 MISC MISC |
xpdf — xpdf |
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc. | 2023-04-26 | not yet calculated | CVE-2023-26938 MISC MISC |
shanling — mtouch_os |
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | 2023-04-25 | not yet calculated | CVE-2023-27105 MISC MISC |
myq — multiple_products |
Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | 2023-04-26 | not yet calculated | CVE-2023-27107 MISC |
apache — superset |
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. | 2023-04-24 | not yet calculated | CVE-2023-27524 MISC MISC |
ibm– db2 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | 2023-04-28 | not yet calculated | CVE-2023-27555 MISC MISC |
ibm — counter_fraud_management_for_safer_payments |
IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. | 2023-04-28 | not yet calculated | CVE-2023-27556 MISC MISC |
ibm — counter_fraud_management_for_safer_payments |
IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | 2023-04-28 | not yet calculated | CVE-2023-27557 MISC MISC |
ibm — db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. | 2023-04-26 | not yet calculated | CVE-2023-27559 MISC MISC |
prestashop — askforaquote |
SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. | 2023-04-26 | not yet calculated | CVE-2023-27843 MISC MISC |
broccoli-compass — broccoli-compass |
broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 2023-04-24 | not yet calculated | CVE-2023-27848 MISC MISC |
rails-routes-to-json — rails-routes-to-json |
rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 2023-04-24 | not yet calculated | CVE-2023-27849 MISC MISC |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. | 2023-04-27 | not yet calculated | CVE-2023-27860 MISC MISC |
ibm — maximo_asset_management |
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site. IBM X-Force ID: 249327. | 2023-04-28 | not yet calculated | CVE-2023-27864 MISC MISC |
hp — laserjet_pro |
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. | 2023-04-28 | not yet calculated | CVE-2023-27971 MISC |
hp — laserjet_pro |
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. | 2023-04-28 | not yet calculated | CVE-2023-27972 MISC |
hp — laserjet_pro |
Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. | 2023-04-28 | not yet calculated | CVE-2023-27973 MISC |
zyxel — multiple_products |
The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | 2023-04-24 | not yet calculated | CVE-2023-27990 CONFIRM |
zyxel — multiple_products |
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | 2023-04-24 | not yet calculated | CVE-2023-27991 CONFIRM |
hcl — workload_automation |
HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2023-04-26 | not yet calculated | CVE-2023-28008 MISC |
hcl — workload_automation |
HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | 2023-04-26 | not yet calculated | CVE-2023-28009 MISC |
hewlett_packard_enterprise — multiple_products |
HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | 2023-04-25 | not yet calculated | CVE-2023-28084 MISC MISC |
hewlett_packard_enterprise — hpe_oneview |
An HPE OneView appliance dump may expose proxy credential settings | 2023-04-25 | not yet calculated | CVE-2023-28086 MISC |
hewlett_packard_enterprise — hpe_oneview |
An HPE OneView appliance dump may expose OneView user accounts | 2023-04-25 | not yet calculated | CVE-2023-28087 MISC |
hewlett_packard_enterprise — hpe_oneview |
An HPE OneView appliance dump may expose SAN switch administrative credentials | 2023-04-25 | not yet calculated | CVE-2023-28088 MISC |
hewlett_packard_enterprise — hpe_oneview |
An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | 2023-04-25 | not yet calculated | CVE-2023-28089 MISC |
hewlett_packard_enterprise — hpe_oneview |
An HPE OneView appliance dump may expose SNMPv3 read credentials | 2023-04-25 | not yet calculated | CVE-2023-28090 MISC |
expo.io — expo_authsession_module |
A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the “Expo AuthSession Redirect Proxy” for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). | 2023-04-24 | not yet calculated | CVE-2023-28131 MISC |
myscada_technologies — myscada_mypro |
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 2023-04-27 | not yet calculated | CVE-2023-28384 MISC |
myscada_technologies — myscada_mypro |
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 2023-04-27 | not yet calculated | CVE-2023-28400 MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. | 2023-04-28 | not yet calculated | CVE-2023-28471 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 2023-04-28 | not yet calculated | CVE-2023-28472 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. | 2023-04-28 | not yet calculated | CVE-2023-28473 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. | 2023-04-28 | not yet calculated | CVE-2023-28474 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 2023-04-28 | not yet calculated | CVE-2023-28475 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. | 2023-04-28 | not yet calculated | CVE-2023-28476 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. | 2023-04-28 | not yet calculated | CVE-2023-28477 MISC MISC |
libxml2 — libxml2 |
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | 2023-04-24 | not yet calculated | CVE-2023-28484 MISC MISC MLIST |
ibm — aix |
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | 2023-04-28 | not yet calculated | CVE-2023-28528 MISC MISC |
myscada_technologies — myscada_mypro |
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 2023-04-27 | not yet calculated | CVE-2023-28716 MISC |
zyxel — dx5401-b0_firmware |
The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 2023-04-27 | not yet calculated | CVE-2023-28769 CONFIRM |
zyxel — dx5401-b0_firmware |
The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | 2023-04-27 | not yet calculated | CVE-2023-28770 CONFIRM |
zyxel — zywall/usg_series_firmware |
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. | 2023-04-25 | not yet calculated | CVE-2023-28771 CONFIRM |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. | 2023-04-28 | not yet calculated | CVE-2023-28819 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | 2023-04-28 | not yet calculated | CVE-2023-28820 MISC MISC |
concrete_cms — concrete_cms |
Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 2023-04-28 | not yet calculated | CVE-2023-28821 MISC MISC |
nextcloud — security-advisories |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available. | 2023-04-25 | not yet calculated | CVE-2023-28847 MISC MISC MISC |
trustwave — modsecurity |
Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | 2023-04-28 | not yet calculated | CVE-2023-28882 CONFIRM |
git — git |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user’s `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | 2023-04-25 | not yet calculated | CVE-2023-29007 MISC MISC MISC MISC MISC |
git-for-windows — git |
Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`’s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:etcconnectrc`. Since `C:etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious ` |
2023-04-25 | not yet calculated | CVE-2023-29011 MISC MISC |
git-for-windows — git |
Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | 2023-04-25 | not yet calculated | CVE-2023-29012 MISC MISC |
fastify — fastify-passport |
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim’s session by tossing a valid `sessionId` cookie in the victim’s browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-04-21 | not yet calculated | CVE-2023-29019 MISC MISC MISC |
fastify — fastify-passport |
@fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user’s session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim’s browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: [‘passport’, ‘session’])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`. | 2023-04-21 | not yet calculated | CVE-2023-29020 MISC MISC MISC MISC |
lenovo — xclarity_controller |
A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | 2023-04-28 | not yet calculated | CVE-2023-29056 MISC |
lenovo — xclarity_controller |
A valid XCC user’s local account permissions overrides their active directory permissions under specific configurations. This could lead to a privilege escalation. To be vulnerable, LDAP must be configured for authentication/authorization and logins configured as “Local First, then LDAP”. | 2023-04-28 | not yet calculated | CVE-2023-29057 MISC |
lenovo — xclarity_controller |
A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | 2023-04-28 | not yet calculated | CVE-2023-29058 MISC |
myscada_technologies — myscada_mypro |
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 2023-04-27 | not yet calculated | CVE-2023-29150 MISC |
myscada_technologies — myscada_mypro |
mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 2023-04-27 | not yet calculated | CVE-2023-29169 MISC |
contao — contao |
Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds. | 2023-04-25 | not yet calculated | CVE-2023-29200 MISC MISC MISC |
ibm — db2_for_linux,_unix_and_windows |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. | 2023-04-27 | not yet calculated | CVE-2023-29255 MISC MISC |
ibm — db2_for_linux,_unix_and_windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. | 2023-04-26 | not yet calculated | CVE-2023-29257 MISC MISC |
tibco_software_inc. — tibco_spotfire_statistics_services |
The Splus Server component of TIBCO Software Inc.’s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0. | 2023-04-26 | not yet calculated | CVE-2023-29268 MISC |
zoho — manageengine_applications_manager |
Zoho ManageEngine Applications Manager through 16390 allows DOM XSS. | 2023-04-26 | not yet calculated | CVE-2023-29442 MISC |
zoho — manageengine_servicedesk_plus |
Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. | 2023-04-26 | not yet calculated | CVE-2023-29443 MISC |
libxml2 — libxml2 |
An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the ‘ |