Vulnerability Summary for the Week of May 22, 2023

 

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
cbot — chatbot Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 9.9 CVE-2023-2882MISC
cbot — chatbot Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 9.9 CVE-2023-2885MISC
linux — linux_kernel An issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12. 2023-05-21 9.8 CVE-2020-36694MISCMISCMISCMISC
huawei — emui Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read. 2023-05-26 9.8 CVE-2021-46887MISC
thingsforrestaurants — quick_restaurant_reservations Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin 2023-05-22 9.8 CVE-2022-44739MISC
schneider-electric — powerlogic_ion9000_firmware A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause disclosure of sensitive information, denial of service, or modification of data if an attacker
is able to intercept network traffic.
2023-05-22 9.8 CVE-2022-46680MISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163. 2023-05-19 9.8 CVE-2022-47984MISCMISC
huawei — harmonyos The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. 2023-05-26 9.8 CVE-2022-48478MISC
huawei — harmonyos The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service. 2023-05-26 9.8 CVE-2022-48479MISC
adam_retail_automation_systems — mobilmen_terminal_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3. 2023-05-23 9.8 CVE-2023-1508MISC
ipekyolu_software — auto_damage_tracking_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4. 2023-05-24 9.8 CVE-2023-2045MISC
minova_technology — etrace Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20. 2023-05-24 9.8 CVE-2023-2064MISC
wclovers — wcfm_membership The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. 2023-05-20 9.8 CVE-2023-2276MISCMISCMISC
vibethemes — bp_social_connect The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. 2023-05-19 9.8 CVE-2023-2704MISCMISCMISCMISC
rental_module_project — rental_module Unrestricted Upload of File with Dangerous Type vulnerability in “Rental Module” developed by third-party for Ideasoft’s E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15. 2023-05-20 9.8 CVE-2023-2712MISC
rental_module_project — rental_module Authorization Bypass Through User-Controlled Key vulnerability in “Rental Module” developed by third-party for Ideasoft’s E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. 2023-05-20 9.8 CVE-2023-2713MISC
cityboss — e-municipality Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05. 2023-05-24 9.8 CVE-2023-2750MISC
sourcecodester — online_jewelry_store A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability. 2023-05-19 9.8 CVE-2023-2815MISCMISCMISC
sourcecodester — class_scheduling_system A vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability. 2023-05-20 9.8 CVE-2023-2823MISCMISCMISC
snapone — orvc

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.

2023-05-22 9.8 CVE-2023-28386MISCMISC
gpac — gpac NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. 2023-05-22 9.8 CVE-2023-2840CONFIRMMISCDEBIAN
sourcecodester — theme_park_ticketing_system A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability. 2023-05-24 9.8 CVE-2023-2865MISCMISCMISC
apache — inlong Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

2023-05-22 9.8 CVE-2023-31062MISC
wcms — wcms In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. 2023-05-22 9.8 CVE-2023-31689MISC
sem-cms — semcms SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. 2023-05-19 9.8 CVE-2023-31707MISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285. 2023-05-22 9.8 CVE-2023-32336MISCMISC
linux — linux_kernel The Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c. 2023-05-21 9.8 CVE-2023-33250MISCMISC
old_age_home_management_system_project — old_age_home_management_system Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. 2023-05-23 9.8 CVE-2023-33338MISC
gpac — gpac Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. 2023-05-22 9.1 CVE-2023-2838MISCCONFIRMDEBIAN
cbot — chatbot Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 9.1 CVE-2023-2887MISC
apache — inlong Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

2023-05-22 9.1 CVE-2023-31065MISC
apache — inlong Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others’ sources! Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it. 2023-05-22 9.1 CVE-2023-31066MISC
netbox_project — netbox ** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter’s only query was for the schema of the API, which is public; queries for database objects would have been denied. 2023-05-24 9.1 CVE-2023-33796MISCMISC
asgaros — asgaros_forum Cross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin 2023-05-22 8.8 CVE-2022-41608MISC
webmat — flexible_elementor_panel Cross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin 2023-05-22 8.8 CVE-2022-45076MISC
loginizer — loginizer Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin 2023-05-22 8.8 CVE-2022-45079MISC
xootix — side_cart_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) 2023-05-22 8.8 CVE-2022-45376MISC
brainstormforce — starter_templates Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin 2023-05-23 8.8 CVE-2022-46851MISC
radiustheme — post_grid Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin 2023-05-23 8.8 CVE-2022-46853MISC
gallery_metabox_project — gallery_metabox Cross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin 2023-05-20 8.8 CVE-2022-47134MISC
mediamatic — media_library_folders Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin 2023-05-22 8.8 CVE-2022-47142MISC
crayon_syntax_highlighter_project — crayon_syntax_highlighter Cross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin 2023-05-22 8.8 CVE-2022-47167MISC
stylist_project — stylist Cross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin 2023-05-22 8.8 CVE-2022-47183MISC
nicearma — dnui-delete-not-used-image Cross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin 2023-05-22 8.8 CVE-2022-47609MISC
hover_image_project — hover_image Cross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin 2023-05-22 8.8 CVE-2022-47611MISC
armoli_technology — cargo_tracking_system Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 . 2023-05-24 8.8 CVE-2023-2065MISC
wp_tabs_slides_project — wp_tabs_slides Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin 2023-05-22 8.8 CVE-2023-22688MISC
autoaffiliatelinks — auto_affiliate_links Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin 2023-05-20 8.8 CVE-2023-22689MISC
name_directory_project — name_directory Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin 2023-05-22 8.8 CVE-2023-22692MISC
srs_simple_hits_counter_project — srs_simple_hits_counter Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin 2023-05-22 8.8 CVE-2023-22709MISC
supsystic — coming_soon Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin 2023-05-22 8.8 CVE-2023-22714MISC
wp_topbar_project — wp_topbar Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin 2023-05-22 8.8 CVE-2023-23680MISC
hmplugin — wordpress_books_gallery Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin 2023-05-23 8.8 CVE-2023-23705MISC
miniorange — wordpress_social_login_and_register_(discord,_google,_twitter,_linkedin) Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin 2023-05-23 8.8 CVE-2023-23706MISC
user-meta — user_meta_manager Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin 2023-05-22 8.8 CVE-2023-23712MISC
theme_tweaker_project — theme_tweaker Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin 2023-05-23 8.8 CVE-2023-23713MISC
winwar — wp_email_capture Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin 2023-05-23 8.8 CVE-2023-23724MISC
secondlinethemes — auto_youtube_importer Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin 2023-05-22 8.8 CVE-2023-23797MISC
my_calendar_project — my_calendar Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin 2023-05-22 8.8 CVE-2023-23813MISC
ljapps — wp_airbnb_review_slider Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin 2023-05-20 8.8 CVE-2023-23890MISC
robosoft — robogallery Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin 2023-05-20 8.8 CVE-2023-24414MISC
slickremix — feed_them_social Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin 2023-05-23 8.8 CVE-2023-25056MISC
inkthemes — colorway Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme 2023-05-22 8.8 CVE-2023-25447MISC
archivist_project — archivist Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin 2023-05-22 8.8 CVE-2023-25448MISC
podlove — podlove_podcast_publisher Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin 2023-05-23 8.8 CVE-2023-25472MISC
podlove — podlove_subscribe_button Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin 2023-05-23 8.8 CVE-2023-25481MISC
vikwp — vikbooking_hotel_booking_engine_&_pms Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin 2023-05-23 8.8 CVE-2023-25707MISC
finex_media — competition_management_system Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07. 2023-05-23 8.8 CVE-2023-2702MISC
weaver — e-cology A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-19 8.8 CVE-2023-2806MISCMISCMISC
cbot — chatbot Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 8.8 CVE-2023-2883MISC
pingonline — dyslexiefont_free Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin 2023-05-20 8.8 CVE-2023-32589MISC
mitsubishielectric — melsec_ws0-geth00200_firmware Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module’s configuration or rewrite the firmware. 2023-05-19 8.6 CVE-2023-1618MISCMISCMISC
teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices. 2023-05-22 8.3 CVE-2023-2587MISC
obsidian — obsidian Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. 2023-05-20 8.2 CVE-2023-33244MISCMISC
cloudfoundry — cf-deployment Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they’re aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection. 2023-05-19 8.1 CVE-2023-20881MISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the ‘ajax_edit_contact’ function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-05-20 8 CVE-2023-2736MISCMISCMISCMISC
wireshark — wireshark BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26 7.8 CVE-2023-2854MISCCONFIRMMISC
wireshark — wireshark Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26 7.8 CVE-2023-2855CONFIRMMISCMISC
wireshark — wireshark BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26 7.8 CVE-2023-2857MISCMISCCONFIRM
wireshark — wireshark NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26 7.8 CVE-2023-2858MISCMISCCONFIRM
allwaysync — allwaysync Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. 2023-05-22 7.8 CVE-2023-29838MISCMISC
luatex_project — luatex LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5. 2023-05-20 7.8 CVE-2023-32700MISCMISCMISCMISC
foxit — pdf_editor Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2. 2023-05-19 7.8 CVE-2023-33240MISC
finex_media — competition_management_system Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07. 2023-05-23 7.6 CVE-2023-2703MISC
cbot — chatbot Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 7.6 CVE-2023-2886MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46881MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46882MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46883MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46884MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46885MISC
huawei — emui The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2021-46886MISC
fastweb — fastgate_vdsl2_dga4131fwb_firmware A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. 2023-05-19 7.5 CVE-2022-30114MISCMISCMISC
huawei — emui Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality. 2023-05-26 7.5 CVE-2022-48480MISC
huawei — emui The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability. 2023-05-26 7.5 CVE-2023-0116MISC
huawei — harmonyos The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. 2023-05-20 7.5 CVE-2023-1692MISCMISC
huawei — emui The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. 2023-05-20 7.5 CVE-2023-1693MISCMISC
huawei — emui The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. 2023-05-20 7.5 CVE-2023-1694MISCMISC
huawei — harmonyos The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. 2023-05-20 7.5 CVE-2023-1696MISCMISC
sitecore — experience_platform Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx 2023-05-22 7.5 CVE-2023-27067MISCMISC
gitlab — gitlab An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. 2023-05-26 7.5 CVE-2023-2825MISCMISCCONFIRM
gpac — gpac Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. 2023-05-22 7.5 CVE-2023-2839CONFIRMMISCDEBIAN
apache — tomcat The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur. 2023-05-22 7.5 CVE-2023-28709MISCMISCMISC
wireshark — wireshark GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file 2023-05-26 7.5 CVE-2023-2879MISCCONFIRMMISC
webbax — customexporter Prestashop customexporter 2023-05-19 7.5 CVE-2023-30199MISCMISC
apache — inlong Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
‘autoDeserialize’ option filtering by adding blanks. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick 

https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.

2023-05-22 7.5 CVE-2023-31058MISC
apache — inlong Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn’t belongs to it. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it. 2023-05-22 7.5 CVE-2023-31064MISC
apache — inlong Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
2023-05-22 7.5 CVE-2023-31103MISC
apache — inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others’ subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.

[1]

https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

2023-05-22 7.5 CVE-2023-31453MISC
apache — inlong Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. 

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.[1]

https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

2023-05-22 7.5 CVE-2023-31454MISC
icecms_project — icecms IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. 2023-05-25 7.5 CVE-2023-33355MISC
bumsys_project — bumsys SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. 2023-05-22 7.2 CVE-2023-2832MISCMISC
craftcms — craft_cms Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string(”) in the View.php’s doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-05-19 7.2 CVE-2023-32679MISC
sourcecodester — faculty_evaluation_system Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. 2023-05-26 7.2 CVE-2023-33439MISC
sourcecodester — faculty_evaluation_system Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. 2023-05-26 7.2 CVE-2023-33440MISC
dell — cloudiq_collector Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data. 2023-05-19 7.1 CVE-2023-28045MISC

Back to top

 

Medium Vulnerabilities

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
tp-link — archer_vr1600v_firmware A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions 2023-05-19 6.7 CVE-2023-31756MISC
sitecore — experience_platform Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. 2023-05-22 6.5 CVE-2023-27066MISCMISC
apache — inlong Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users’ data. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it. 2023-05-22 6.5 CVE-2023-31101MISC
quest — kace_systems_deployment_appliance There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials. 2023-05-21 6.5 CVE-2023-33254MISC
nissan — sylphy_classic_2021_firmware The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. 2023-05-22 6.5 CVE-2023-33281MISCMISCMISC
cbot — chatbot Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. 2023-05-25 6.4 CVE-2023-2884MISC
3ds — 3dexperience A reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code. 2023-05-19 6.1 CVE-2023-1996MISC
sourcecodester — class_scheduling_system A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428. 2023-05-19 6.1 CVE-2023-2814MISCMISCMISC
ellucian — ethos_identity A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. 2023-05-20 6.1 CVE-2023-2822MISCMISCMISCMISC
sourcecodester — dental_clinic_appointment_reservation_system A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability. 2023-05-20 6.1 CVE-2023-2824MISCMISCMISC
mybb — mybb In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. 2023-05-22 6.1 CVE-2023-28467MISCMISC
sourcecodester — online_jewelry_store A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820. 2023-05-24 6.1 CVE-2023-2864MISCMISCMISC
silicon_project — silicon GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. 2023-05-22 6.1 CVE-2023-31584MISCMISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373. 2023-05-19 5.5 CVE-2023-22878MISCMISC
telegram — telegram Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. 2023-05-19 5.5 CVE-2023-26818MISCMISC
gpac — gpac Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. 2023-05-22 5.5 CVE-2023-2837MISCCONFIRMDEBIAN
ibm — mq IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398. 2023-05-19 5.5 CVE-2023-28514MISCMISC
wireshark — wireshark VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file 2023-05-26 5.5 CVE-2023-2856CONFIRMMISCMISC
ibm — mq IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358. 2023-05-19 5.5 CVE-2023-28950MISCMISC
libtiff — libtiff A vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values. 2023-05-19 5.5 CVE-2023-30774MISCMISCMISC
libtiff — libtiff A vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c. 2023-05-19 5.5 CVE-2023-30775MISCMISCMISC
hledger — hledger An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. 2023-05-21 5.4 CVE-2021-46888MISCMISCMISCMISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the ‘ajax_upload_file’ function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact. 2023-05-20 5.4 CVE-2023-2716MISCMISCMISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gh_form’ shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms. 2023-05-20 5.4 CVE-2023-2735MISCMISCMISCMISC
sourcecodester — class_scheduling_system A vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612. 2023-05-21 5.4 CVE-2023-2826MISCMISCMISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213. 2023-05-19 5.4 CVE-2023-28529MISCMISC
dedecms — dedecms DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters ‘edit___cfg_powerby’ and ‘edit___cfg_beian’ 2023-05-19 5.4 CVE-2023-31757MISC
jizhicms — jizhicms jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package. 2023-05-19 5.4 CVE-2023-31862MISC
icecms_project — icecms IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). 2023-05-25 5.4 CVE-2023-33356MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33785MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33786MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33787MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33788MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33789MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33790MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33791MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33792MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33793MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33794MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33795MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33797MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33798MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33799MISC
netbox_project — netbox A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. 2023-05-24 5.4 CVE-2023-33800MISC
huawei — emui The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime. 2023-05-26 5.3 CVE-2023-0117MISC
vyper_project — vyper Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. 2023-05-19 5.3 CVE-2023-32675MISCMISC
linux — linux_kernel An issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition. 2023-05-22 4.7 CVE-2023-33288MISCMISCMISCMISCMISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘check_license’ functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key. 2023-05-20 4.3 CVE-2023-2714MISCMISCMISCMISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘submit_ticket’ function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website’s data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license. 2023-05-20 4.3 CVE-2023-2715MISCMISCMISC
groundhogg — groundhogg The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the ‘enable_safe_mode’ function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled. 2023-05-20 4.3 CVE-2023-2717MISCMISCMISC
eyoucms — eyoucms A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. 2023-05-23 4.3 CVE-2023-31708MISC
hazelcast — hazelcast In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don’t mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets. 2023-05-22 4.3 CVE-2023-33264MISC

Back to top

 

Low Vulnerabilities

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
zulip — zulip Zulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don’t require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that’s not in the organization’s LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue. 2023-05-19 3.7 CVE-2023-28623MISCMISC
zulip — zulip Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to — even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams. 2023-05-19 3.1 CVE-2023-32677MISCMISCMISCMISC

Back to top

 

Severity Not Yet Assigned

PrimaryVendor — Product Description Published CVSS Score Source & Patch Info
ruby-saml  — ruby-saml xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. 2023-05-27 not yet calculated CVE-2015-20108MISCMISCMISCMISC
webplus_pro — webplus_pro WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. 2023-05-23 not yet calculated CVE-2020-20012MISCMISC
ingress-nginx — ingress-nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2023-05-24 not yet calculated CVE-2021-25748MISCMISC
kubernetes — kubernetes Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. 2023-05-24 not yet calculated CVE-2021-25749MISC
abb — multiple_products Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.

An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes.

This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

2023-05-22 not yet calculated CVE-2022-0010MISC
bitdefender — multiple_products Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.

This issue affects:

Bitdefender Total Security
versions prior to 26.0.10.45.
Bitdefender Internet Security
versions prior to 26.0.10.45.
Bitdefender Antivirus Plus
versions prior to 26.0.10.45.

2023-05-24 not yet calculated CVE-2022-0357MISC
credence_analytics — ideal_wealth_and_funds SQL injection in “/Framewrk/Home.jsp” file (POST method) in tCredence Analytics iDEAL Wealth and Funds – 1.0 iallows authenticated remote attackers to inject payload via “v” parameter. 2023-05-24 not yet calculated CVE-2022-30025MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin 2023-05-25 not yet calculated CVE-2022-38356MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin 2023-05-25 not yet calculated CVE-2022-38716MISC
matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. 2023-05-26 not yet calculated CVE-2022-39335MISCMISCMISC
matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 2023-05-26 not yet calculated CVE-2022-39374MISCMISC
opentext — archive_center_administration The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. 2023-05-24 not yet calculated CVE-2022-41221MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin 2023-05-25 not yet calculated CVE-2022-41635MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin 2023-05-25 not yet calculated CVE-2022-41987MISC
jumpserver — jumpserver Jumpserver 2.10.0 2023-05-24 not yet calculated CVE-2022-42225MISCMISCMISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin 2023-05-25 not yet calculated CVE-2022-43490MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin 2023-05-24 not yet calculated CVE-2022-45364MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin 2023-05-25 not yet calculated CVE-2022-45366MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin 2023-05-25 not yet calculated CVE-2022-45367MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin 2023-05-25 not yet calculated CVE-2022-45371MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin 2023-05-25 not yet calculated CVE-2022-45815MISC
dataprobe — iboot-pdu_fw The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. 2023-05-22 not yet calculated CVE-2022-46658MISCMISC
dataprobe — iboot-pdu_fw The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin. 2023-05-22 not yet calculated CVE-2022-46738MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin 2023-05-24 not yet calculated CVE-2022-46794MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin 2023-05-25 not yet calculated CVE-2022-46800MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin 2023-05-25 not yet calculated CVE-2022-46810MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin 2023-05-25 not yet calculated CVE-2022-46812MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin 2023-05-23 not yet calculated CVE-2022-46813MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kodex Posts likes plugin 2023-05-25 not yet calculated CVE-2022-46814MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin 2023-05-24 not yet calculated CVE-2022-46816MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin 2023-05-25 not yet calculated CVE-2022-46820MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin 2023-05-25 not yet calculated CVE-2022-46856MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin 2023-05-25 not yet calculated CVE-2022-46865MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin 2023-05-25 not yet calculated CVE-2022-46866MISC
oracle — apache A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later. 2023-05-25 not yet calculated CVE-2022-46907MISCMISC
nagvis — nagvis Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. 2023-05-26 not yet calculated CVE-2022-46945CONFIRMMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin 2023-05-25 not yet calculated CVE-2022-47135MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin 2023-05-25 not yet calculated CVE-2022-47136MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin 2023-05-25 not yet calculated CVE-2022-47138MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin 2023-05-25 not yet calculated CVE-2022-47139MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin 2023-05-25 not yet calculated CVE-2022-47144MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin 2023-05-25 not yet calculated CVE-2022-47149MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin 2023-05-24 not yet calculated CVE-2022-47152MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin 2023-05-25 not yet calculated CVE-2022-47159MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin 2023-05-25 not yet calculated CVE-2022-47161MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin 2023-05-25 not yet calculated CVE-2022-47164MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin 2023-05-25 not yet calculated CVE-2022-47165MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin 2023-05-25 not yet calculated CVE-2022-47174MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin 2023-05-25 not yet calculated CVE-2022-47177MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin 2023-05-25 not yet calculated CVE-2022-47178MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin 2023-05-24 not yet calculated CVE-2022-47180MISC
dataprobe — iboot_devices A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection. 2023-05-22 not yet calculated CVE-2022-47311MISCMISC
dataprobe — iboot_devices The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes. 2023-05-22 not yet calculated CVE-2022-47320MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin 2023-05-24 not yet calculated CVE-2022-47446MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin 2023-05-24 not yet calculated CVE-2022-47447MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com – MS plugin 2023-05-24 not yet calculated CVE-2022-47448MISC
hitachi_vantara — pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.  2023-05-24 not yet calculated CVE-2022-4815MISC
dataprobe — multiple_products The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user’s cloud. 2023-05-22 not yet calculated CVE-2022-4945MISCMISC
linux — kernel Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the “access_ok” check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 2023-05-25 not yet calculated CVE-2023-0459MISCMISC
the_document_foundation — libreoffice Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. 2023-05-25 not yet calculated CVE-2023-0950MISCDEBIAN
hitachi_vantara — pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.  2023-05-24 not yet calculated CVE-2023-1158MISC
minikube_for_macos — minikube_for_macos This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. 2023-05-24 not yet calculated CVE-2023-1174MISC
servicenow — servicenow Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. 2023-05-23 not yet calculated CVE-2023-1209MISCMISC
mitsubishi_electric_corporation — melsec_iq-f Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. 2023-05-24 not yet calculated CVE-2023-1424MISCMISCMISCMISC
keycloak — keycloak A flaw was found in Keycloak. This flaw depends on a non-default configuration “Revalidate Client Certificate” to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of “Cannot validate client certificate trust: Truststore not available”. This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use “Revalidate Client Certificate” this flaw is avoidable. 2023-05-26 not yet calculated CVE-2023-1664MISC
libssh — libssh A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. 2023-05-26 not yet calculated CVE-2023-1667MISCMISCMISCFEDORAMLIST
hypr_server — hypr_server Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) 2023-05-23 not yet calculated CVE-2023-1837MISC
minikube — minikube This vulnerability enables ssh access to minikube container using a default password. 2023-05-24 not yet calculated CVE-2023-1944MISC
avahi– avahi A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. 2023-05-26 not yet calculated CVE-2023-1981MISCMISCMISC
linux — kernel A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. 2023-05-26 not yet calculated CVE-2023-2002MISC
nsx-t — nsx-t NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. 2023-05-26 not yet calculated CVE-2023-20868MISC
cloud_foundry_routing_release — cloud_foundry_routing_release In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. 2023-05-26 not yet calculated CVE-2023-20882MISC
spring_boot — spring_boot In Spring Boot versions 3.0.0 – 3.0.6, 2.7.0 – 2.7.11, 2.6.0 – 2.6.14, 2.5.0 – 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. 2023-05-26 not yet calculated CVE-2023-20883MISC
samsung_mobile — galaxy_store Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21514MISC
samsung_mobile — galaxy_store InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21515MISC
samsung_mobile — galaxy_store XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21516MISC
atlassian — confluence_data_center Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

The affected versions are before version 7.19.9.

This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

2023-05-25 not yet calculated CVE-2023-22504MISC
the_document_foundation — libreoffice Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used “floating frames” linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. 2023-05-25 not yet calculated CVE-2023-2255MISCDEBIAN
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user’s web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-22654MISCMISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin 2023-05-26 not yet calculated CVE-2023-22693MISC
libssh — libssh A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. 2023-05-26 not yet calculated CVE-2023-2283MISCMISCMISCFEDORA
bottles/yaml — bottles/yaml Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. 2023-05-26 not yet calculated CVE-2023-22970MISCFEDORAFEDORA
garmin — connect_iq The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23298MISCMISCMISC
garmin — connect_iq The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. 2023-05-23 not yet calculated CVE-2023-23299MISCMISC
garmin — connect_iq The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23300MISCMISC
garmin — connect_iq The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. 2023-05-23 not yet calculated CVE-2023-23301MISC
garmin — connect_iq The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23302MISCMISC
garmin — connect_iq The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23303MISCMISC
garmin — connect_iq The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user’s consent and disclose potentially private or sensitive information. 2023-05-23 not yet calculated CVE-2023-23304MISCMISC
garmin — connect_iq The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23305MISC
garmin — connect_iq The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23306MISCMISC
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-23545MISCMISCMISC
dell — vxrail Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-05-23 not yet calculated CVE-2023-23693MISC
dell — vxrail Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-05-23 not yet calculated CVE-2023-23694MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin 2023-05-26 not yet calculated CVE-2023-23714MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero – Tom Skroza Admin Block Country plugin 2023-05-26 not yet calculated CVE-2023-24007MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin 2023-05-26 not yet calculated CVE-2023-24008MISC
m-files — client Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications 2023-05-25 not yet calculated CVE-2023-2480MISC
wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_postdata’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator’s privilege. 2023-05-24 not yet calculated CVE-2023-2494MISCMISC
wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the ‘validate_upload’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-05-24 not yet calculated CVE-2023-2496MISCMISC
wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-05-24 not yet calculated CVE-2023-2498MISCMISC
wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the ‘go_pricing’ shortcode ‘data’ parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2023-05-25 not yet calculated CVE-2023-2500MISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin 2023-05-24 not yet calculated CVE-2023-25028MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin 2023-05-26 not yet calculated CVE-2023-25029MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin 2023-05-26 not yet calculated CVE-2023-25034MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin 2023-05-26 not yet calculated CVE-2023-25038MISC
birddog — multiple_products

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.

2023-05-22 not yet calculated CVE-2023-2504MISCMISC
birddog — multiple_products The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. 2023-05-22 not yet calculated CVE-2023-2505MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin 2023-05-26 not yet calculated CVE-2023-25058MISC
snap_one — ovrc_pro

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

2023-05-22 not yet calculated CVE-2023-25183MISCMISC
square_pig_llc — fusioninvoice Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. 2023-05-25 not yet calculated CVE-2023-25439MISC
civicrm — civicrm Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. 2023-05-23 not yet calculated CVE-2023-25440MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin 2023-05-26 not yet calculated CVE-2023-25467MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin 2023-05-26 not yet calculated CVE-2023-25470MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin 2023-05-23 not yet calculated CVE-2023-25474MISC
dell — poweredge_14g_bios/precision_bios Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 2023-05-22 not yet calculated CVE-2023-25537MISC
mitel — mivoice_connect A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. 2023-05-24 not yet calculated CVE-2023-25598MISCMISC
mitel — mivoice_connect A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. 2023-05-24 not yet calculated CVE-2023-25599MISCMISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin  2023-05-26 not yet calculated CVE-2023-25781MISC
teltonika — remote_management_system Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the “RMS management feature” enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user’s devices, including remote code execution with ‘root’ privileges (using the ‘Task Manager’ feature on RMS). 2023-05-22 not yet calculated CVE-2023-2586MISC
teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device. 2023-05-22 not yet calculated CVE-2023-2588MISC
qrio,_inc. — qrio_lock_(q-sl2) Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product’s communication data and conduct an arbitrary operation under certain conditions. 2023-05-23 not yet calculated CVE-2023-25946MISCMISC
works_mobile_japan_corp. — drive_explorer_for_macos Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. 2023-05-23 not yet calculated CVE-2023-25953MISCMISC
eclipse — openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. 2023-05-22 not yet calculated CVE-2023-2597CONFIRM
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin 2023-05-26 not yet calculated CVE-2023-25971MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin 2023-05-26 not yet calculated CVE-2023-25976MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin 2023-05-23 not yet calculated CVE-2023-26011MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin 2023-05-23 not yet calculated CVE-2023-26014MISC
n158 — n158 All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports’ function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26127MISCMISC
keep-module-latest — keep-module-latest All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26128MISCMISC
bmw-ng — bmw-ng All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the ‘check’ function in the bwm-ng.js file.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26129MISC
tibco_software_inc. — tibco_ebx The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. 2023-05-25 not yet calculated CVE-2023-26215MISC
tibco_software_inc. — tibco_ebx The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. 2023-05-25 not yet calculated CVE-2023-26216MISC
cybozu,_inc. — cybozu_garoon Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. 2023-05-23 not yet calculated CVE-2023-26595MISCMISC
sitecore — experience_platform/sitecore_xp Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. 2023-05-23 not yet calculated CVE-2023-27068MISCMISCMISC
cybozu,_inc. — cybozu_garoon Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. 2023-05-23 not yet calculated CVE-2023-27304MISCMISC
netapp — bluexp_connector NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue – obtaining the fix requires redeploying a fresh Connector. 2023-05-26 not yet calculated CVE-2023-27311MISC
wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2732MISCMISCMISC
wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2733MISCMISCMISC
wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2734MISCMISCMISC
cybozu,_inc. — cybozu_garoon Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. 2023-05-23 not yet calculated CVE-2023-27384MISCMISC
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-27387MISCMISCMISC
t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-27388MISCMISCMISC
microengine — mailform Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. 2023-05-23 not yet calculated CVE-2023-27397MISCMISC
microengine — mailform MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. 2023-05-23 not yet calculated CVE-2023-27507MISCMISC
contec_co_ltd. — solarview_compact_sv-cpt-mc310 Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. 2023-05-23 not yet calculated CVE-2023-27512MISCMISCMISC
contec_co_ltd. — solarview_compact_sv-cpt-mc310 OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-27514MISCMISCMISC
contec_co_ltd. — solarview_compact_sv-cpt-mc310 Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. 2023-05-23 not yet calculated CVE-2023-27518MISCMISCMISC
contec_co_ltd. — solarview_compact_sv-cpt-mc310 OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-27521MISCMISCMISC
wacom — wacom_tablet_driver_installer Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. 2023-05-25 not yet calculated CVE-2023-27529MISCMISC
contec_co_ltd. — solarview_compact_sv-cpt-mc310 Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. 2023-05-23 not yet calculated CVE-2023-27920MISCMISCMISC
jins — meme_core JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. 2023-05-23 not yet calculated CVE-2023-27921MISCMISC
wordpress — wordpress Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27922MISCMISC
wordpress — wordpress Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27923MISCMISC
wordpress — wordpress Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27925MISCMISC
wordpress — wordpress Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27926MISCMISC
htmlunit — htmlunit Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. 2023-05-25 not yet calculated CVE-2023-2798MISCMISC
hclsoftware — domino_appdeck_pack The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users. 2023-05-23 not yet calculated CVE-2023-28015MISC
libjpeg-turbo — libjpeg-turbo A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. 2023-05-25 not yet calculated CVE-2023-2804MISCMISCMISCMISCMISC
craft_cms — craft_cms A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions 2023-05-26 not yet calculated CVE-2023-2817MISCMISC
curl/curl — libcurl A use after free vulnerability exists in curl

2023-05-26 not yet calculated CVE-2023-28319MISC
curl/curl — libcurl A denial of service vulnerability exists in curl

2023-05-26 not yet calculated CVE-2023-28320MISC
curl/curl — libcurl An improper certificate validation vulnerability exists in curl

2023-05-26 not yet calculated CVE-2023-28321MISC
curl/curl — libcurl An information disclosure vulnerability exists in curl

2023-05-26 not yet calculated CVE-2023-28322MISC
wordpress — wordpress Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-28367MISCMISC
tornadoweb — tornado Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. 2023-05-25 not yet calculated CVE-2023-28370MISCMISC
encourage_technologies_co.,ltd. — ess_rec_agent_server_edition_series Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 2023-05-26 not yet calculated CVE-2023-28382MISCMISC
icom_inc. — sr-7100vn Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. 2023-05-23 not yet calculated CVE-2023-28390MISCMISC
inaba_denki_sangyo_co.,_ltd. — wi-fi_ap_unit Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-28392MISCMISC
beekeeper_studio,_inc. — beekeeper_studio Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. 2023-05-23 not yet calculated CVE-2023-28394MISCMISCMISC
wordpress — wordpress Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. 2023-05-23 not yet calculated CVE-2023-28408MISCMISC
wordpress — wordpress Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. 2023-05-23 not yet calculated CVE-2023-28409MISCMISC
snap_one — ovrc_pro

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.

2023-05-22 not yet calculated CVE-2023-28412MISCMISC
wordpress — wordpress Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. 2023-05-23 not yet calculated CVE-2023-28413MISCMISC
cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. 2023-05-23 not yet calculated CVE-2023-2844CONFIRMMISC
cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. 2023-05-23 not yet calculated CVE-2023-2845CONFIRMMISC
nilsteampassnet — nilsteampassnet/teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 2023-05-24 not yet calculated CVE-2023-2859CONFIRMMISC
siteserver — cms A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. 2023-05-24 not yet calculated CVE-2023-2862MISCMISCMISC
simple_design — daily_journal A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. 2023-05-24 not yet calculated CVE-2023-2863MISCMISCMISC
snap_one — ovrc_pro The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. 2023-05-22 not yet calculated CVE-2023-28649MISCMISC
barracuda_networks — email_security_gateway A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. 2023-05-24 not yet calculated CVE-2023-2868MISCMISC
entech — monitor_asset_manager A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2870MISCMISCMISCMISC
fabulatech — usb_for_remote_desktop A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2871MISCMISCMISCMISC
flexihub — flexihub A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2872MISCMISCMISCMISC
twister — antivirus A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2873MISCMISCMISCMISC
twister — antivirus A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2874MISCMISCMISCMISC
escan — antivirus A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2875MISCMISCMISCMISC
pimcore — pimcore/customer-data-framework Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. 2023-05-25 not yet calculated CVE-2023-2881CONFIRMMISC
phpok — phpok A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. 2023-05-25 not yet calculated CVE-2023-2888MISCMISCMISC
linux — kernel There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. 2023-05-26 not yet calculated CVE-2023-2898MISC
nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2900MISCMISCMISC
nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2901MISCMISCMISC
nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2902MISCMISCMISC
nfine — rapid_development_platform A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2903MISCMISCMISC
artistscope — copysafe_pdf_reader Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin 2023-05-26 not yet calculated CVE-2023-29098MISC
sourcecodester — comment_system A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. 2023-05-27 not yet calculated CVE-2023-2922MISCMISCMISC
tenda — ac6 A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2923MISCMISCMISC
supcon — simfield A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2924MISCMISCMISC
webkul — krayin_crm A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2925MISCMISCMISC
seacms — seacms A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. 2023-05-27 not yet calculated CVE-2023-2926MISCMISCMISC
jizhicms — jizhicms A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. 2023-05-27 not yet calculated CVE-2023-2927MISCMISCMISC
dedecms — dedecms A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. 2023-05-27 not yet calculated CVE-2023-2928MISCMISCMISC
openemr — openemr/openemr Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2942MISCCONFIRM
openemr — openemr/openemr Code Injection in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2943MISCCONFIRM
openemr — openemr/openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2944MISCCONFIRM
openemr — openemr/openemr Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2945CONFIRMMISC
openemr — openemr/openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2946CONFIRMMISC
openemr — openemr/openemr Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2947MISCCONFIRM
sofawiki_cms — sofawiki_cms SofaWiki 2023-05-24 not yet calculated CVE-2023-29721MISCMISC
contec_co_ltd. — solarview_compact SolarView Compact 2023-05-23 not yet calculated CVE-2023-29919MISCMISC
camaleon_cms — camaleon_cms Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. 2023-05-26 not yet calculated CVE-2023-30145MISCMISCMISCMISCMISC
valve — half-life A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. 2023-05-23 not yet calculated CVE-2023-30382MISC
ibm — powervm_hypervisor IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. 2023-05-23 not yet calculated CVE-2023-30440MISCMISC
hitachi — ops_center_analyzier Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. 2023-05-23 not yet calculated CVE-2023-30469MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin 2023-05-25 not yet calculated CVE-2023-30484MISC
iris_software_inc. — iris Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. 2023-05-25 not yet calculated CVE-2023-30615MISCMISC
cilium — cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. 2023-05-25 not yet calculated CVE-2023-30851MISCMISCMISCMISC
oracle — apache_inlong Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. 

When users change their password to a simple password (with any character or
symbol), attackers can easily guess the user’s password and access the account.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.

2023-05-22 not yet calculated CVE-2023-31098MISC
c-ares — c-ares c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-31124MISCMISCMISCMISC
nextcloud — cookbook NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz”;echo${IFS}”hello”;#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. 2023-05-26 not yet calculated CVE-2023-31128MISCMISCMISCMISCMISC
c-ares — c-ares c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. 2023-05-25 not yet calculated CVE-2023-31130MISCMISCMISCMISC
c-ares — c-ares c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-31147MISCMISCMISCMISC
snap_one — ovrc_pro

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

2023-05-22 not yet calculated CVE-2023-31193MISCMISC
oracle — apache_inlong Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.

[1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891

2023-05-22 not yet calculated CVE-2023-31206MISC
huawei — harmonyos The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. 2023-05-26 not yet calculated CVE-2023-31225MISC
huawei — harmonyos The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. 2023-05-26 not yet calculated CVE-2023-31226MISC
huawei — harmonyos The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. 2023-05-26 not yet calculated CVE-2023-31227MISC
snap_one — ovrc_pro

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

2023-05-22 not yet calculated CVE-2023-31240MISCMISC
snap_one — ovrc_pro

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

2023-05-22 not yet calculated CVE-2023-31241MISC
snap_one — ovrc_pro

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

2023-05-22 not yet calculated CVE-2023-31245MISCMISC
mitel — mivoice_connect A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. 2023-05-24 not yet calculated CVE-2023-31457MISCMISC
mitel — mivoice_connect A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. 2023-05-24 not yet calculated CVE-2023-31458MISCMISC
mitel — mivoice_connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. 2023-05-24 not yet calculated CVE-2023-31459MISCMISC
mitel — mivoice_connect A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. 2023-05-24 not yet calculated CVE-2023-31460MISCMISC
teeworlds — teeworlds Teeworlds v0.7.5 was discovered to contain memory leaks. 2023-05-23 not yet calculated CVE-2023-31517MISCMISC
teeworlds — teeworlds A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. 2023-05-23 not yet calculated CVE-2023-31518MISCMISCMISC
ic_realtime — icip-p2012t IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. 2023-05-25 not yet calculated CVE-2023-31594MISCMISC
ic_realtime — icip-p2012t IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. 2023-05-24 not yet calculated CVE-2023-31595MISCMISC
wso2 — api_manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. 2023-05-23 not yet calculated CVE-2023-31664CONFIRMCONFIRMMISC
webassembly — wat2wasm WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting ‘@’ before a quote (“). 2023-05-23 not yet calculated CVE-2023-31669MISC
webassembly — webassembly An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. 2023-05-23 not yet calculated CVE-2023-31670MISC
alist_3.15.1 — alist_3.15.1 AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. 2023-05-23 not yet calculated CVE-2023-31726MISCMISC
linksys — e2000 There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. 2023-05-23 not yet calculated CVE-2023-31740MISCMISC
linksys — e2000 There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. 2023-05-23 not yet calculated CVE-2023-31741MISCMISC
linksys — wrt54gl There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. 2023-05-22 not yet calculated CVE-2023-31742MISCMISC
wondershare — filmora_12 Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. 2023-05-23 not yet calculated CVE-2023-31747MISCMISCMISC
wondershare — mobiletrans Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. 2023-05-24 not yet calculated CVE-2023-31748MISCMISC
sourcecodester — employee_and_visitor_gate_pass_logging_system SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. 2023-05-23 not yet calculated CVE-2023-31752MISC
kerui — w18_alarm_system Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31759MISC
blitzwolf — bw-is22_smart_home_security_alarm Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31761MISC
digoo — dg-hamb_smart_home_security_system Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31762MISC
agshome — smart_alarm Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31763MISC
wekan — wekan Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in “Reaction to comment” feature. 2023-05-22 not yet calculated CVE-2023-31779MISCMISC
d-link — dir-300 D-Link DIR-300 firmware 2023-05-23 not yet calculated CVE-2023-31814MISCMISC
it_sourcecode — content_management_system  IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. 2023-05-22 not yet calculated CVE-2023-31816MISC
skyscreamer/nevado — skyscreamer/nevado Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. 2023-05-23 not yet calculated CVE-2023-31826MISCMISCMISCMISC
wuzhi_cms — wuzhi_cms Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. 2023-05-23 not yet calculated CVE-2023-31860MISC
zlmediakit — zlmediakit ZLMediaKit 4.0 is vulnerable to Directory Traversal. 2023-05-25 not yet calculated CVE-2023-31861MISCMISC
suprema_inc. — biostar_2 Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with “User Operator” privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. 2023-05-22 not yet calculated CVE-2023-31923MISC
hanwha — multiple_products Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. 2023-05-23 not yet calculated CVE-2023-31994MISCMISC
hanwha — ip_camera_ane-l7012r Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). 2023-05-23 not yet calculated CVE-2023-31995MISC
hanwha — ip_camera_ane-l7012r Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. 2023-05-23 not yet calculated CVE-2023-31996MISCMISC
c-ares — c-ares c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-32067MISCMISCMISCMISC
nextcloud — user_oidc_app user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2 2023-05-25 not yet calculated CVE-2023-32074MISCMISCMISC
sofia-sip — sofia-sip Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.
2023-05-26 not yet calculated CVE-2023-32307MISC
cloudexplorer_lite — cloudexplorer_lite CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2023-05-26 not yet calculated CVE-2023-32311MISC
openfire — openfire Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. 2023-05-26 not yet calculated CVE-2023-32315MISC
cloudexplorer_lite — cloudexplorer_lite CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-32316MISC
autolab_project — autolab_project Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both “Base File Tar” and “Additional file archive” can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. 2023-05-26 not yet calculated CVE-2023-32317MISCMISC
nextcloud — nextcloud_server Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. 2023-05-26 not yet calculated CVE-2023-32318MISCMISC
nextcloud — nextcloud_server Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-32319MISCMISC
ckan — ckan CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker’s session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don’t have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don’t have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker’s insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. 2023-05-26 not yet calculated CVE-2023-32321MISC
matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. 2023-05-26 not yet calculated CVE-2023-32323MISCMISCMISC
posthog-js — posthog-js PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. 2023-05-27 not yet calculated CVE-2023-32325MISCMISC
teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. 2023-05-22 not yet calculated CVE-2023-32346MISC
teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices. 2023-05-22 not yet calculated CVE-2023-32347MISC
teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. 2023-05-22 not yet calculated CVE-2023-32348MISC
teltonika — rut Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. 2023-05-22 not yet calculated CVE-2023-32349MISC
teltonika — rut Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. 2023-05-22 not yet calculated CVE-2023-32350MISC
autolab_project — autolab_project Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. 2023-05-26 not yet calculated CVE-2023-32676MISCMISC
psf/requests — psf/requests Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. 2023-05-26 not yet calculated CVE-2023-32681MISCMISCMISCMISC
kiwi_tcms — kiwi_tcms Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. 2023-05-27 not yet calculated CVE-2023-32686MISCMISC
parse-server-push-adapter — parse-server-push-adapter parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. 2023-05-27 not yet calculated CVE-2023-32688MISCMISCMISC
saleor — core Saleor Core is a composable, headless commerce API. Saleor’s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. 2023-05-25 not yet calculated CVE-2023-32694MISCMISC
socket.io — socket.io socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. 2023-05-27 not yet calculated CVE-2023-32695MISCMISCMISCMISC
sqlite — jdbc SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. 2023-05-23 not yet calculated CVE-2023-32697MISCMISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin 2023-05-26 not yet calculated CVE-2023-32964MISC
zyxel — atp_series A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 2023-05-24 not yet calculated CVE-2023-33009CONFIRM
zyxel — atp_series A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 2023-05-24 not yet calculated CVE-2023-33010CONFIRM
nextcloud — nextcloud_mail Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. 2023-05-27 not yet calculated CVE-2023-33184MISCMISCMISC
django — django-ses Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. 2023-05-26 not yet calculated CVE-2023-33185MISCMISCMISC
highlight.io — highlight.io Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=”text”` via a javascript “Show Password” button. This differs from the expected behavior which always obfuscates `type=”password”` inputs. A customer may assume that switching to `type=”text”` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0.
This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type=”password”` continues to be obfuscated.
2023-05-26 not yet calculated CVE-2023-33187MISCMISC
omni-notes — omni-notes Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note’s attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. 2023-05-27 not yet calculated CVE-2023-33188MISC
rust — ntpd-rs ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. 2023-05-27 not yet calculated CVE-2023-33192MISCMISC
craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. 2023-05-26 not yet calculated CVE-2023-33194MISCMISCMISC
craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. 2023-05-27 not yet calculated CVE-2023-33195MISCMISC
craft_cms — craft_cms Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. 2023-05-26 not yet calculated CVE-2023-33196MISCMISCMISC
craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. 2023-05-26 not yet calculated CVE-2023-33197MISCMISCMISC
rekor — rekor Rekor’s goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-33199MISCMISC
moxa — mxsecurity MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. 2023-05-22 not yet calculated CVE-2023-33235MISC
moxa — mxsecurity MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. 2023-05-22 not yet calculated CVE-2023-33236MISC
oracle — apache_rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. 

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. 

To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

2023-05-24 not yet calculated CVE-2023-33246MISC
talend — data_catalog Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) 2023-05-26 not yet calculated CVE-2023-33247MISC
amazon — alexa Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. 2023-05-24 not yet calculated CVE-2023-33248MISCMISCMISCMISCMISCMISC
akka_http — akka_http When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. 2023-05-21 not yet calculated CVE-2023-33251CONFIRM
iden3_snarkjs — iden3_snarkjs iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. 2023-05-21 not yet calculated CVE-2023-33252MISCMISC
papaya_viewer — papaya_viewer An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application 2023-05-26 not yet calculated CVE-2023-33255MISCMISC
softonic — wftpd_server In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. 2023-05-25 not yet calculated CVE-2023-33263MISC
prestashop — prestashop In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33278MISCMISC
prestashop — prestashop In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33279MISC
prestashop — prestashop In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33280MISCMISC
qt-project — qt An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. 2023-05-22 not yet calculated CVE-2023-33285MISC
kaios — kaios An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. 2023-05-22 not yet calculated CVE-2023-33293MISC
kaios — kaios An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it’s accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user’s installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions. 2023-05-22 not yet calculated CVE-2023-33294MISC
bitcoin_core — bitcoin_core Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. 2023-05-22 not yet calculated CVE-2023-33297MISCMISCMISCMISCMISC
piwigo — piwigo Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the “add tags” function. 2023-05-23 not yet calculated CVE-2023-33359MISC
piwigo — piwigo Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. 2023-05-23 not yet calculated CVE-2023-33361MISC
piwigo — piwigo Piwigo 13.6.0 is vulnerable to SQL Injection via in the “profile” function. 2023-05-23 not yet calculated CVE-2023-33362MISC
skycaiji — skycaiji skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. 2023-05-26 not yet calculated CVE-2023-33394MISC
easyimages2.0 — easyimages2.0 EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. 2023-05-23 not yet calculated CVE-2023-33599MISC
parks — fiberlinks_210 An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. 2023-05-23 not yet calculated CVE-2023-33617MISC
mp4v2 — mp4v2 mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. 2023-05-26 not yet calculated CVE-2023-33720MISC
mipjz — mipjz A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. 2023-05-25 not yet calculated CVE-2023-33750MISC
mipjz — mipjz A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. 2023-05-25 not yet calculated CVE-2023-33751MISC
xxl-job — xxl-job A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user’s account via a crafted POST request to the component /jobinfo/. 2023-05-26 not yet calculated CVE-2023-33779MISCMISCMISC
tfdi_design — smartcars A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. 2023-05-26 not yet calculated CVE-2023-33780MISC
cloudogu_gmbh_scm_manager — cloudogu_gmbh_scm_manager A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. 2023-05-24 not yet calculated CVE-2023-33829MISCMISCMISC
liferay — portal/dxp Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form’s `name` field. 2023-05-24 not yet calculated CVE-2023-33937MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the App Builder module’s custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object’s `Name` field. 2023-05-24 not yet calculated CVE-2023-33938MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label. 2023-05-24 not yet calculated CVE-2023-33939MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App’s IFrame URL. 2023-05-24 not yet calculated CVE-2023-33940MISC
liferay — portal/dxp Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module’s OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. 2023-05-24 not yet calculated CVE-2023-33941MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Web Content Display widget’s article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article’s `Title` field. 2023-05-24 not yet calculated CVE-2023-33942MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field. 2023-05-24 not yet calculated CVE-2023-33943MISC
liferay — portal/dxp Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment’s `URL` text field. 2023-05-24 not yet calculated CVE-2023-33944MISC
liferay — portal/dxp SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table’s primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. 2023-05-24 not yet calculated CVE-2023-33945MISC
liferay — portal/dxp The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. 2023-05-24 not yet calculated CVE-2023-33946MISC
liferay — portal/dxp The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. 2023-05-24 not yet calculated CVE-2023-33947MISC
liferay — portal/dxp The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. 2023-05-24 not yet calculated CVE-2023-33948MISC
liferay — portal/dxp In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don’t control. The portal property `company.security.strangers.verify` should be set to true. 2023-05-24 not yet calculated CVE-2023-33949MISC
liferay — portal/dxp Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. 2023-05-24 not yet calculated CVE-2023-33950MISC
briar_project — briar Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. 2023-05-24 not yet calculated CVE-2023-33980MISCMISC
briar_project — briar Briar before 1.4.22 allows attackers to spoof other users’ messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. 2023-05-24 not yet calculated CVE-2023-33981MISCMISC
briar_project — briar Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. 2023-05-24 not yet calculated CVE-2023-33982MISCMISC
briar_project — briar The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. 2023-05-24 not yet calculated CVE-2023-33983MISC

Back to top