ruby-saml  — ruby-saml xml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used. 2023-05-27 not yet calculated CVE-2015-20108MISCMISCMISCMISC webplus_pro — webplus_pro WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. 2023-05-23 not yet calculated CVE-2020-20012MISCMISC ingress-nginx — ingress-nginx A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2023-05-24 not yet calculated CVE-2021-25748MISCMISC kubernetes — kubernetes Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. 2023-05-24 not yet calculated CVE-2021-25749MISC abb — multiple_products Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.

An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes.

This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

2023-05-22 not yet calculated CVE-2022-0010MISC bitdefender — multiple_products Unquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.

This issue affects:

Bitdefender Total Security
versions prior to 26.0.10.45.
Bitdefender Internet Security
versions prior to 26.0.10.45.
Bitdefender Antivirus Plus
versions prior to 26.0.10.45.

2023-05-24 not yet calculated CVE-2022-0357MISC credence_analytics — ideal_wealth_and_funds SQL injection in “/Framewrk/Home.jsp” file (POST method) in tCredence Analytics iDEAL Wealth and Funds – 1.0 iallows authenticated remote attackers to inject payload via “v” parameter. 2023-05-24 not yet calculated CVE-2022-30025MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions. 2023-05-25 not yet calculated CVE-2022-38356MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions. 2023-05-25 not yet calculated CVE-2022-38716MISC matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade. 2023-05-26 not yet calculated CVE-2022-39335MISCMISCMISC matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0 2023-05-26 not yet calculated CVE-2022-39374MISCMISC opentext — archive_center_administration The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. 2023-05-24 not yet calculated CVE-2022-41221MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions. 2023-05-25 not yet calculated CVE-2022-41635MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions. 2023-05-25 not yet calculated CVE-2022-41987MISC jumpserver — jumpserver Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin’s permission. 2023-05-24 not yet calculated CVE-2022-42225MISCMISCMISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions. 2023-05-25 not yet calculated CVE-2022-43490MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions. 2023-05-24 not yet calculated CVE-2022-45364MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions. 2023-05-25 not yet calculated CVE-2022-45366MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions. 2023-05-25 not yet calculated CVE-2022-45367MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions. 2023-05-25 not yet calculated CVE-2022-45371MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions. 2023-05-25 not yet calculated CVE-2022-45815MISC dataprobe — iboot-pdu_fw The affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution. 2023-05-22 not yet calculated CVE-2022-46658MISCMISC dataprobe — iboot-pdu_fw The affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin. 2023-05-22 not yet calculated CVE-2022-46738MISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions. 2023-05-24 not yet calculated CVE-2022-46794MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions. 2023-05-25 not yet calculated CVE-2022-46800MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. 2023-05-25 not yet calculated CVE-2022-46810MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions. 2023-05-25 not yet calculated CVE-2022-46812MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions. 2023-05-23 not yet calculated CVE-2022-46813MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kodex Posts likes plugin <= 2.4.3 versions. 2023-05-25 not yet calculated CVE-2022-46814MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions. 2023-05-24 not yet calculated CVE-2022-46816MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin <= 1.3.9 versions. 2023-05-25 not yet calculated CVE-2022-46820MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions. 2023-05-25 not yet calculated CVE-2022-46856MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions. 2023-05-25 not yet calculated CVE-2022-46865MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions. 2023-05-25 not yet calculated CVE-2022-46866MISC oracle — apache A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later. 2023-05-25 not yet calculated CVE-2022-46907MISCMISC nagvis — nagvis Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php. 2023-05-26 not yet calculated CVE-2022-46945CONFIRMMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions. 2023-05-25 not yet calculated CVE-2022-47135MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. 2023-05-25 not yet calculated CVE-2022-47136MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions. 2023-05-25 not yet calculated CVE-2022-47138MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions. 2023-05-25 not yet calculated CVE-2022-47139MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. 2023-05-25 not yet calculated CVE-2022-47144MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 1.4 versions. 2023-05-25 not yet calculated CVE-2022-47149MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions. 2023-05-24 not yet calculated CVE-2022-47152MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions. 2023-05-25 not yet calculated CVE-2022-47159MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions. 2023-05-25 not yet calculated CVE-2022-47161MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. 2023-05-25 not yet calculated CVE-2022-47164MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. 2023-05-25 not yet calculated CVE-2022-47165MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. 2023-05-25 not yet calculated CVE-2022-47174MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions. 2023-05-25 not yet calculated CVE-2022-47177MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions. 2023-05-25 not yet calculated CVE-2022-47178MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions. 2023-05-24 not yet calculated CVE-2022-47180MISC dataprobe — iboot_devices A proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection. 2023-05-22 not yet calculated CVE-2022-47311MISCMISC dataprobe — iboot_devices The iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes. 2023-05-22 not yet calculated CVE-2022-47320MISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions. 2023-05-24 not yet calculated CVE-2022-47446MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions. 2023-05-24 not yet calculated CVE-2022-47447MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com – MS plugin <= 1.12.03 versions. 2023-05-24 not yet calculated CVE-2022-47448MISC hitachi_vantara — pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods.  2023-05-24 not yet calculated CVE-2022-4815MISC dataprobe — multiple_products The Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user’s cloud. 2023-05-22 not yet calculated CVE-2022-4945MISCMISC linux — kernel Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the “access_ok” check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47 2023-05-25 not yet calculated CVE-2023-0459MISCMISC the_document_foundation — libreoffice Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1. 2023-05-25 not yet calculated CVE-2023-0950MISCDEBIAN hitachi_vantara — pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list.  2023-05-24 not yet calculated CVE-2023-1158MISC minikube_for_macos — minikube_for_macos This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. 2023-05-24 not yet calculated CVE-2023-1174MISC servicenow — servicenow Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. 2023-05-23 not yet calculated CVE-2023-1209MISCMISC mitsubishi_electric_corporation — melsec_iq-f Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution. 2023-05-24 not yet calculated CVE-2023-1424MISCMISCMISCMISC keycloak — keycloak A flaw was found in Keycloak. This flaw depends on a non-default configuration “Revalidate Client Certificate” to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of “Cannot validate client certificate trust: Truststore not available”. This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use “Revalidate Client Certificate” this flaw is avoidable. 2023-05-26 not yet calculated CVE-2023-1664MISC libssh — libssh A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service. 2023-05-26 not yet calculated CVE-2023-1667MISCMISCMISCFEDORAMLIST hypr_server — hypr_server Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs) 2023-05-23 not yet calculated CVE-2023-1837MISC minikube — minikube This vulnerability enables ssh access to minikube container using a default password. 2023-05-24 not yet calculated CVE-2023-1944MISC avahi– avahi A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. 2023-05-26 not yet calculated CVE-2023-1981MISCMISCMISC linux — kernel A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication. 2023-05-26 not yet calculated CVE-2023-2002MISC nsx-t — nsx-t NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. 2023-05-26 not yet calculated CVE-2023-20868MISC cloud_foundry_routing_release — cloud_foundry_routing_release In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. 2023-05-26 not yet calculated CVE-2023-20882MISC spring_boot — spring_boot In Spring Boot versions 3.0.0 – 3.0.6, 2.7.0 – 2.7.11, 2.6.0 – 2.6.14, 2.5.0 – 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache. 2023-05-26 not yet calculated CVE-2023-20883MISC samsung_mobile — galaxy_store Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21514MISC samsung_mobile — galaxy_store InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21515MISC samsung_mobile — galaxy_store XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. 2023-05-26 not yet calculated CVE-2023-21516MISC atlassian — confluence_data_center Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

The affected versions are before version 7.19.9.

This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

2023-05-25 not yet calculated CVE-2023-22504MISC the_document_foundation — libreoffice Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used “floating frames” linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3. 2023-05-25 not yet calculated CVE-2023-2255MISCDEBIAN t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user’s web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-22654MISCMISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. 2023-05-26 not yet calculated CVE-2023-22693MISC libssh — libssh A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK. 2023-05-26 not yet calculated CVE-2023-2283MISCMISCMISCFEDORA bottles/yaml — bottles/yaml Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. 2023-05-26 not yet calculated CVE-2023-22970MISCFEDORAFEDORA garmin — connect_iq The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23298MISCMISCMISC garmin — connect_iq The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others. 2023-05-23 not yet calculated CVE-2023-23299MISCMISC garmin — connect_iq The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23300MISCMISC garmin — connect_iq The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory. 2023-05-23 not yet calculated CVE-2023-23301MISC garmin — connect_iq The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23302MISCMISC garmin — connect_iq The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23303MISCMISC garmin — connect_iq The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user’s consent and disclose potentially private or sensitive information. 2023-05-23 not yet calculated CVE-2023-23304MISCMISC garmin — connect_iq The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23305MISC garmin — connect_iq The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device’s firmware. 2023-05-23 not yet calculated CVE-2023-23306MISCMISC t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-23545MISCMISCMISC dell — vxrail Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-05-23 not yet calculated CVE-2023-23693MISC dell — vxrail Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. 2023-05-23 not yet calculated CVE-2023-23694MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. 2023-05-26 not yet calculated CVE-2023-23714MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero – Tom Skroza Admin Block Country plugin <= 7.1.4 versions. 2023-05-26 not yet calculated CVE-2023-24007MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions. 2023-05-26 not yet calculated CVE-2023-24008MISC m-files — client Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications 2023-05-25 not yet calculated CVE-2023-2480MISC wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘process_postdata’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator’s privilege. 2023-05-24 not yet calculated CVE-2023-2494MISCMISC wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the ‘validate_upload’ function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site’s server which may make remote code execution possible. 2023-05-24 not yet calculated CVE-2023-2496MISCMISC wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-05-24 not yet calculated CVE-2023-2498MISCMISC wordpress — wordpress The Go Pricing – WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the ‘go_pricing’ shortcode ‘data’ parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. 2023-05-25 not yet calculated CVE-2023-2500MISCMISC wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions. 2023-05-24 not yet calculated CVE-2023-25028MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. 2023-05-26 not yet calculated CVE-2023-25029MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. 2023-05-26 not yet calculated CVE-2023-25034MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. 2023-05-26 not yet calculated CVE-2023-25038MISC birddog — multiple_products

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.

2023-05-22 not yet calculated CVE-2023-2504MISCMISC birddog — multiple_products The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. 2023-05-22 not yet calculated CVE-2023-2505MISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions. 2023-05-26 not yet calculated CVE-2023-25058MISC snap_one — ovrc_pro

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

2023-05-22 not yet calculated CVE-2023-25183MISCMISC square_pig_llc — fusioninvoice Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details. 2023-05-25 not yet calculated CVE-2023-25439MISC civicrm — civicrm Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. 2023-05-23 not yet calculated CVE-2023-25440MISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions. 2023-05-26 not yet calculated CVE-2023-25467MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. 2023-05-26 not yet calculated CVE-2023-25470MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. 2023-05-23 not yet calculated CVE-2023-25474MISC dell — poweredge_14g_bios/precision_bios Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege. 2023-05-22 not yet calculated CVE-2023-25537MISC mitel — mivoice_connect A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts. 2023-05-24 not yet calculated CVE-2023-25598MISCMISC mitel — mivoice_connect A vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts. 2023-05-24 not yet calculated CVE-2023-25599MISCMISC wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions. 2023-05-26 not yet calculated CVE-2023-25781MISC teltonika — remote_management_system Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the “RMS management feature” enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user’s devices, including remote code execution with ‘root’ privileges (using the ‘Task Manager’ feature on RMS). 2023-05-22 not yet calculated CVE-2023-2586MISC teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device. 2023-05-22 not yet calculated CVE-2023-2588MISC qrio,_inc. — qrio_lock_(q-sl2) Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product’s communication data and conduct an arbitrary operation under certain conditions. 2023-05-23 not yet calculated CVE-2023-25946MISCMISC works_mobile_japan_corp. — drive_explorer_for_macos Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges. 2023-05-23 not yet calculated CVE-2023-25953MISCMISC eclipse — openj9 In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer. 2023-05-22 not yet calculated CVE-2023-2597CONFIRM wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. 2023-05-26 not yet calculated CVE-2023-25971MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. 2023-05-26 not yet calculated CVE-2023-25976MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. 2023-05-23 not yet calculated CVE-2023-26011MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. 2023-05-23 not yet calculated CVE-2023-26014MISC n158 — n158 All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports’ function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26127MISCMISC keep-module-latest — keep-module-latest All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26128MISCMISC bmw-ng — bmw-ng All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the ‘check’ function in the bwm-ng.js file.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27 not yet calculated CVE-2023-26129MISC tibco_software_inc. — tibco_ebx The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. 2023-05-25 not yet calculated CVE-2023-26215MISC tibco_software_inc. — tibco_ebx The server component of TIBCO Software Inc.’s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.’s TIBCO EBX Add-ons: versions 4.5.16 and below. 2023-05-25 not yet calculated CVE-2023-26216MISC cybozu,_inc. — cybozu_garoon Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. 2023-05-23 not yet calculated CVE-2023-26595MISCMISC sitecore — experience_platform/sitecore_xp Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. 2023-05-23 not yet calculated CVE-2023-27068MISCMISCMISC cybozu,_inc. — cybozu_garoon Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. 2023-05-23 not yet calculated CVE-2023-27304MISCMISC netapp — bluexp_connector NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue – obtaining the fix requires redeploying a fresh Connector. 2023-05-26 not yet calculated CVE-2023-27311MISC wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2732MISCMISCMISC wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2733MISCMISCMISC wordpress — wordpress The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id. 2023-05-25 not yet calculated CVE-2023-2734MISCMISCMISC cybozu,_inc. — cybozu_garoon Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. 2023-05-23 not yet calculated CVE-2023-27384MISCMISC t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-27387MISCMISCMISC t&d_corporation_and_espec_mic_corp. — t&d_corporation_and_espec_mic_corp._data_logger_products Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions). 2023-05-23 not yet calculated CVE-2023-27388MISCMISCMISC microengine — mailform Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. 2023-05-23 not yet calculated CVE-2023-27397MISCMISC microengine — mailform MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product’s file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it. 2023-05-23 not yet calculated CVE-2023-27507MISCMISC contec_co_ltd. — solarview_compact_sv-cpt-mc310 Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation. 2023-05-23 not yet calculated CVE-2023-27512MISCMISCMISC contec_co_ltd. — solarview_compact_sv-cpt-mc310 OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-27514MISCMISCMISC contec_co_ltd. — solarview_compact_sv-cpt-mc310 Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code. 2023-05-23 not yet calculated CVE-2023-27518MISCMISCMISC contec_co_ltd. — solarview_compact_sv-cpt-mc310 OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-27521MISCMISCMISC wacom — wacom_tablet_driver_installer Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege. 2023-05-25 not yet calculated CVE-2023-27529MISCMISC contec_co_ltd. — solarview_compact_sv-cpt-mc310 Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product. 2023-05-23 not yet calculated CVE-2023-27920MISCMISCMISC jins — meme_core JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker. 2023-05-23 not yet calculated CVE-2023-27921MISCMISC wordpress — wordpress Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27922MISCMISC wordpress — wordpress Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27923MISCMISC wordpress — wordpress Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27925MISCMISC wordpress — wordpress Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-27926MISCMISC htmlunit — htmlunit Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0. 2023-05-25 not yet calculated CVE-2023-2798MISCMISC hclsoftware — domino_appdeck_pack The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users. 2023-05-23 not yet calculated CVE-2023-28015MISC libjpeg-turbo — libjpeg-turbo A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash. 2023-05-25 not yet calculated CVE-2023-2804MISCMISCMISCMISCMISC craft_cms — craft_cms A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. 2023-05-26 not yet calculated CVE-2023-2817MISCMISC curl/curl — libcurl A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server’s public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. 2023-05-26 not yet calculated CVE-2023-28319MISC curl/curl — libcurl A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. 2023-05-26 not yet calculated CVE-2023-28320MISC curl/curl — libcurl An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as “Subject Alternative Name” in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. 2023-05-26 not yet calculated CVE-2023-28321MISC curl/curl — libcurl An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. 2023-05-26 not yet calculated CVE-2023-28322MISC wordpress — wordpress Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. 2023-05-23 not yet calculated CVE-2023-28367MISCMISC tornadoweb — tornado Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL. 2023-05-25 not yet calculated CVE-2023-28370MISCMISC encourage_technologies_co.,ltd. — ess_rec_agent_server_edition_series Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1 2023-05-26 not yet calculated CVE-2023-28382MISCMISC icom_inc. — sr-7100vn Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed. 2023-05-23 not yet calculated CVE-2023-28390MISCMISC inaba_denki_sangyo_co.,_ltd. — wi-fi_ap_unit Wi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. 2023-05-23 not yet calculated CVE-2023-28392MISCMISC beekeeper_studio,_inc. — beekeeper_studio Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well. 2023-05-23 not yet calculated CVE-2023-28394MISCMISCMISC wordpress — wordpress Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings. 2023-05-23 not yet calculated CVE-2023-28408MISCMISC wordpress — wordpress Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. 2023-05-23 not yet calculated CVE-2023-28409MISCMISC snap_one — ovrc_pro

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.

2023-05-22 not yet calculated CVE-2023-28412MISCMISC wordpress — wordpress Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition. 2023-05-23 not yet calculated CVE-2023-28413MISCMISC cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. 2023-05-23 not yet calculated CVE-2023-2844CONFIRMMISC cloudexplorer-dev — cloudexplorer-dev/cloudexplorer-lite Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. 2023-05-23 not yet calculated CVE-2023-2845CONFIRMMISC nilsteampassnet — nilsteampassnet/teampass Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. 2023-05-24 not yet calculated CVE-2023-2859CONFIRMMISC siteserver — cms A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability. 2023-05-24 not yet calculated CVE-2023-2862MISCMISCMISC simple_design — daily_journal A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819. 2023-05-24 not yet calculated CVE-2023-2863MISCMISCMISC snap_one — ovrc_pro The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. 2023-05-22 not yet calculated CVE-2023-28649MISCMISC barracuda_networks — email_security_gateway A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances. 2023-05-24 not yet calculated CVE-2023-2868MISCMISC entech — monitor_asset_manager A vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2870MISCMISCMISCMISC fabulatech — usb_for_remote_desktop A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2871MISCMISCMISCMISC flexihub — flexihub A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2872MISCMISCMISCMISC twister — antivirus A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2873MISCMISCMISCMISC twister — antivirus A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2874MISCMISCMISCMISC escan — antivirus A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-24 not yet calculated CVE-2023-2875MISCMISCMISCMISC pimcore — pimcore/customer-data-framework Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. 2023-05-25 not yet calculated CVE-2023-2881CONFIRMMISC phpok — phpok A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability. 2023-05-25 not yet calculated CVE-2023-2888MISCMISCMISC linux — kernel There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. 2023-05-26 not yet calculated CVE-2023-2898MISC nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2900MISCMISCMISC nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2901MISCMISCMISC nfine — rapid_development_platform A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2902MISCMISCMISC nfine — rapid_development_platform A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-25 not yet calculated CVE-2023-2903MISCMISCMISC artistscope — copysafe_pdf_reader Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions. 2023-05-26 not yet calculated CVE-2023-29098MISC sourcecodester — comment_system A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076. 2023-05-27 not yet calculated CVE-2023-2922MISCMISCMISC tenda — ac6 A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2923MISCMISCMISC supcon — simfield A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2924MISCMISCMISC webkul — krayin_crm A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-05-27 not yet calculated CVE-2023-2925MISCMISCMISC seacms — seacms A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability. 2023-05-27 not yet calculated CVE-2023-2926MISCMISCMISC jizhicms — jizhicms A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability. 2023-05-27 not yet calculated CVE-2023-2927MISCMISCMISC dedecms — dedecms A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083. 2023-05-27 not yet calculated CVE-2023-2928MISCMISCMISC openemr — openemr/openemr Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2942MISCCONFIRM openemr — openemr/openemr Code Injection in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2943MISCCONFIRM openemr — openemr/openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2944MISCCONFIRM openemr — openemr/openemr Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2945CONFIRMMISC openemr — openemr/openemr Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2946CONFIRMMISC openemr — openemr/openemr Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1. 2023-05-27 not yet calculated CVE-2023-2947MISCCONFIRM sofawiki_cms — sofawiki_cms SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. 2023-05-24 not yet calculated CVE-2023-29721MISCMISC contec_co_ltd. — solarview_compact SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. 2023-05-23 not yet calculated CVE-2023-29919MISCMISC camaleon_cms — camaleon_cms Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. 2023-05-26 not yet calculated CVE-2023-30145MISCMISCMISCMISCMISC valve — half-life A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. 2023-05-23 not yet calculated CVE-2023-30382MISC ibm — powervm_hypervisor IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175. 2023-05-23 not yet calculated CVE-2023-30440MISCMISC hitachi — ops_center_analyzier Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00. 2023-05-23 not yet calculated CVE-2023-30469MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. 2023-05-25 not yet calculated CVE-2023-30484MISC iris_software_inc. — iris Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web. 2023-05-25 not yet calculated CVE-2023-30615MISCMISC cilium — cilium Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. 2023-05-25 not yet calculated CVE-2023-30851MISCMISCMISCMISC oracle — apache_inlong Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. 

When users change their password to a simple password (with any character or
symbol), attackers can easily guess the user’s password and access the account.

Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.

2023-05-22 not yet calculated CVE-2023-31098MISC c-ares — c-ares c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-31124MISCMISCMISCMISC nextcloud — cookbook NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz”;echo${IFS}”hello”;#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar. 2023-05-26 not yet calculated CVE-2023-31128MISCMISCMISCMISCMISC c-ares — c-ares c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular “0::00:00:00/2” was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. 2023-05-25 not yet calculated CVE-2023-31130MISCMISCMISCMISC c-ares — c-ares c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-31147MISCMISCMISCMISC snap_one — ovrc_pro

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

2023-05-22 not yet calculated CVE-2023-31193MISCMISC oracle — apache_inlong Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong’s 1.7.0 or cherry-pick [1] to solve it.

[1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891

2023-05-22 not yet calculated CVE-2023-31206MISC huawei — harmonyos The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. 2023-05-26 not yet calculated CVE-2023-31225MISC huawei — harmonyos The SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality. 2023-05-26 not yet calculated CVE-2023-31226MISC huawei — harmonyos The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. 2023-05-26 not yet calculated CVE-2023-31227MISC snap_one — ovrc_pro

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

2023-05-22 not yet calculated CVE-2023-31240MISCMISC snap_one — ovrc_pro

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

2023-05-22 not yet calculated CVE-2023-31241MISC snap_one — ovrc_pro

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

2023-05-22 not yet calculated CVE-2023-31245MISCMISC mitel — mivoice_connect A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control. 2023-05-24 not yet calculated CVE-2023-31457MISCMISC mitel — mivoice_connect A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. 2023-05-24 not yet calculated CVE-2023-31458MISCMISC mitel — mivoice_connect A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands. 2023-05-24 not yet calculated CVE-2023-31459MISCMISC mitel — mivoice_connect A vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters. 2023-05-24 not yet calculated CVE-2023-31460MISCMISC teeworlds — teeworlds Teeworlds v0.7.5 was discovered to contain memory leaks. 2023-05-23 not yet calculated CVE-2023-31517MISCMISC teeworlds — teeworlds A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. 2023-05-23 not yet calculated CVE-2023-31518MISCMISCMISC ic_realtime — icip-p2012t IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. 2023-05-25 not yet calculated CVE-2023-31594MISCMISC ic_realtime — icip-p2012t IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. 2023-05-24 not yet calculated CVE-2023-31595MISCMISC wso2 — api_manager A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. 2023-05-23 not yet calculated CVE-2023-31664CONFIRMCONFIRMMISC webassembly — wat2wasm WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting ‘@’ before a quote (“). 2023-05-23 not yet calculated CVE-2023-31669MISC webassembly — webassembly An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. 2023-05-23 not yet calculated CVE-2023-31670MISC alist_3.15.1 — alist_3.15.1 AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. 2023-05-23 not yet calculated CVE-2023-31726MISCMISC linksys — e2000 There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges. 2023-05-23 not yet calculated CVE-2023-31740MISCMISC linksys — e2000 There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. 2023-05-23 not yet calculated CVE-2023-31741MISCMISC linksys — wrt54gl There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges. 2023-05-22 not yet calculated CVE-2023-31742MISCMISC wondershare — filmora_12 Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges. 2023-05-23 not yet calculated CVE-2023-31747MISCMISCMISC wondershare — mobiletrans Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. 2023-05-24 not yet calculated CVE-2023-31748MISCMISC sourcecodester — employee_and_visitor_gate_pass_logging_system SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. 2023-05-23 not yet calculated CVE-2023-31752MISC kerui — w18_alarm_system Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31759MISC blitzwolf — bw-is22_smart_home_security_alarm Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31761MISC digoo — dg-hamb_smart_home_security_system Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31762MISC agshome — smart_alarm Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. 2023-05-24 not yet calculated CVE-2023-31763MISC wekan — wekan Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in “Reaction to comment” feature. 2023-05-22 not yet calculated CVE-2023-31779MISCMISC d-link — dir-300 D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. 2023-05-23 not yet calculated CVE-2023-31814MISCMISC it_sourcecode — content_management_system  IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. 2023-05-22 not yet calculated CVE-2023-31816MISC skyscreamer/nevado — skyscreamer/nevado Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data. 2023-05-23 not yet calculated CVE-2023-31826MISCMISCMISCMISC wuzhi_cms — wuzhi_cms Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. 2023-05-23 not yet calculated CVE-2023-31860MISC zlmediakit — zlmediakit ZLMediaKit 4.0 is vulnerable to Directory Traversal. 2023-05-25 not yet calculated CVE-2023-31861MISCMISC suprema_inc. — biostar_2 Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with “User Operator” privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system. 2023-05-22 not yet calculated CVE-2023-31923MISC hanwha — multiple_products Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. 2023-05-23 not yet calculated CVE-2023-31994MISCMISC hanwha — ip_camera_ane-l7012r Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). 2023-05-23 not yet calculated CVE-2023-31995MISC hanwha — ip_camera_ane-l7012r Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. 2023-05-23 not yet calculated CVE-2023-31996MISCMISC c-ares — c-ares c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. 2023-05-25 not yet calculated CVE-2023-32067MISCMISCMISCMISC nextcloud — user_oidc_app user_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.2 2023-05-25 not yet calculated CVE-2023-32074MISCMISCMISC sofia-sip — sofia-sip Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade. 2023-05-26 not yet calculated CVE-2023-32307MISC cloudexplorer_lite — cloudexplorer_lite CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. 2023-05-26 not yet calculated CVE-2023-32311MISC openfire — openfire Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice. 2023-05-26 not yet calculated CVE-2023-32315MISC cloudexplorer_lite — cloudexplorer_lite CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-32316MISC autolab_project — autolab_project Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both “Base File Tar” and “Additional file archive” can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade. 2023-05-26 not yet calculated CVE-2023-32317MISCMISC nextcloud — nextcloud_server Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. 2023-05-26 not yet calculated CVE-2023-32318MISCMISC nextcloud — nextcloud_server Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-32319MISCMISC ckan — ckan CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker’s session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don’t have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don’t have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker’s insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. 2023-05-26 not yet calculated CVE-2023-32321MISC matrix-org — synapse Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently. 2023-05-26 not yet calculated CVE-2023-32323MISCMISCMISC posthog-js — posthog-js PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place. 2023-05-27 not yet calculated CVE-2023-32325MISCMISC teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. 2023-05-22 not yet calculated CVE-2023-32346MISC teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices. 2023-05-22 not yet calculated CVE-2023-32347MISC teltonika — remote_management_system Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN. 2023-05-22 not yet calculated CVE-2023-32348MISC teltonika — rut Versions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution. 2023-05-22 not yet calculated CVE-2023-32349MISC teltonika — rut Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload. 2023-05-22 not yet calculated CVE-2023-32350MISC autolab_project — autolab_project Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade. 2023-05-26 not yet calculated CVE-2023-32676MISCMISC psf/requests — psf/requests Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0. 2023-05-26 not yet calculated CVE-2023-32681MISCMISCMISCMISC kiwi_tcms — kiwi_tcms Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3. 2023-05-27 not yet calculated CVE-2023-32686MISCMISC parse-server-push-adapter — parse-server-push-adapter parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. 2023-05-27 not yet calculated CVE-2023-32688MISCMISCMISC saleor — core Saleor Core is a composable, headless commerce API. Saleor’s `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. 2023-05-25 not yet calculated CVE-2023-32694MISCMISC socket.io — socket.io socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. 2023-05-27 not yet calculated CVE-2023-32695MISCMISCMISCMISC sqlite — jdbc SQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2. 2023-05-23 not yet calculated CVE-2023-32697MISCMISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. 2023-05-26 not yet calculated CVE-2023-32964MISC zyxel — atp_series A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 2023-05-24 not yet calculated CVE-2023-33009CONFIRM zyxel — atp_series A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. 2023-05-24 not yet calculated CVE-2023-33010CONFIRM nextcloud — nextcloud_mail Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3. 2023-05-27 not yet calculated CVE-2023-33184MISCMISCMISC django — django-ses Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0. 2023-05-26 not yet calculated CVE-2023-33185MISCMISCMISC highlight.io — highlight.io Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type=”text”` via a javascript “Show Password” button. This differs from the expected behavior which always obfuscates `type=”password”` inputs. A customer may assume that switching to `type=”text”` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0.
This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type=”password”` continues to be obfuscated. 2023-05-26 not yet calculated CVE-2023-33187MISCMISC omni-notes — omni-notes Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note’s attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. 2023-05-27 not yet calculated CVE-2023-33188MISC rust — ntpd-rs ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3. 2023-05-27 not yet calculated CVE-2023-33192MISCMISC craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. 2023-05-26 not yet calculated CVE-2023-33194MISCMISCMISC craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6. 2023-05-27 not yet calculated CVE-2023-33195MISCMISC craft_cms — craft_cms Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7. 2023-05-26 not yet calculated CVE-2023-33196MISCMISCMISC craft_cms — craft_cms Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6. 2023-05-26 not yet calculated CVE-2023-33197MISCMISCMISC rekor — rekor Rekor’s goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-05-26 not yet calculated CVE-2023-33199MISCMISC moxa — mxsecurity MXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code. 2023-05-22 not yet calculated CVE-2023-33235MISC moxa — mxsecurity MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs. 2023-05-22 not yet calculated CVE-2023-33236MISC oracle — apache_rocketmq For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. 

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. 

To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

2023-05-24 not yet calculated CVE-2023-33246MISC talend — data_catalog Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) 2023-05-26 not yet calculated CVE-2023-33247MISC amazon — alexa Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. 2023-05-24 not yet calculated CVE-2023-33248MISCMISCMISCMISCMISCMISC akka_http — akka_http When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946. 2023-05-21 not yet calculated CVE-2023-33251CONFIRM iden3_snarkjs — iden3_snarkjs iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus. 2023-05-21 not yet calculated CVE-2023-33252MISCMISC papaya_viewer — papaya_viewer An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application 2023-05-26 not yet calculated CVE-2023-33255MISCMISC softonic — wftpd_server In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006. 2023-05-25 not yet calculated CVE-2023-33263MISC prestashop — prestashop In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33278MISCMISC prestashop — prestashop In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33279MISC prestashop — prestashop In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. 2023-05-25 not yet calculated CVE-2023-33280MISCMISC qt-project — qt An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server. 2023-05-22 not yet calculated CVE-2023-33285MISC kaios — kaios An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version. 2023-05-22 not yet calculated CVE-2023-33293MISC kaios — kaios An issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it’s accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user’s installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions. 2023-05-22 not yet calculated CVE-2023-33294MISC bitcoin_core — bitcoin_core Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. 2023-05-22 not yet calculated CVE-2023-33297MISCMISCMISCMISCMISC piwigo — piwigo Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the “add tags” function. 2023-05-23 not yet calculated CVE-2023-33359MISC piwigo — piwigo Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. 2023-05-23 not yet calculated CVE-2023-33361MISC piwigo — piwigo Piwigo 13.6.0 is vulnerable to SQL Injection via in the “profile” function. 2023-05-23 not yet calculated CVE-2023-33362MISC skycaiji — skycaiji skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data. 2023-05-26 not yet calculated CVE-2023-33394MISC easyimages2.0 — easyimages2.0 EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. 2023-05-23 not yet calculated CVE-2023-33599MISC parks — fiberlinks_210 An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. 2023-05-23 not yet calculated CVE-2023-33617MISC mp4v2 — mp4v2 mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. 2023-05-26 not yet calculated CVE-2023-33720MISC mipjz — mipjz A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd. 2023-05-25 not yet calculated CVE-2023-33750MISC mipjz — mipjz A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php. 2023-05-25 not yet calculated CVE-2023-33751MISC xxl-job — xxl-job A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user’s account via a crafted POST request to the component /jobinfo/. 2023-05-26 not yet calculated CVE-2023-33779MISCMISCMISC tfdi_design — smartcars A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article. 2023-05-26 not yet calculated CVE-2023-33780MISC cloudogu_gmbh_scm_manager — cloudogu_gmbh_scm_manager A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field. 2023-05-24 not yet calculated CVE-2023-33829MISCMISCMISC liferay — portal/dxp Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form’s `name` field. 2023-05-24 not yet calculated CVE-2023-33937MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the App Builder module’s custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object’s `Name` field. 2023-05-24 not yet calculated CVE-2023-33938MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label. 2023-05-24 not yet calculated CVE-2023-33939MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App’s IFrame URL. 2023-05-24 not yet calculated CVE-2023-33940MISC liferay — portal/dxp Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module’s OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. 2023-05-24 not yet calculated CVE-2023-33941MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Web Content Display widget’s article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article’s `Title` field. 2023-05-24 not yet calculated CVE-2023-33942MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field. 2023-05-24 not yet calculated CVE-2023-33943MISC liferay — portal/dxp Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment’s `URL` text field. 2023-05-24 not yet calculated CVE-2023-33944MISC liferay — portal/dxp SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table’s primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded. 2023-05-24 not yet calculated CVE-2023-33945MISC liferay — portal/dxp The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page. 2023-05-24 not yet calculated CVE-2023-33946MISC liferay — portal/dxp The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. 2023-05-24 not yet calculated CVE-2023-33947MISC liferay — portal/dxp The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. 2023-05-24 not yet calculated CVE-2023-33948MISC liferay — portal/dxp In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don’t control. The portal property `company.security.strangers.verify` should be set to true. 2023-05-24 not yet calculated CVE-2023-33949MISC liferay — portal/dxp Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. 2023-05-24 not yet calculated CVE-2023-33950MISC briar_project — briar Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. 2023-05-24 not yet calculated CVE-2023-33980MISCMISC briar_project — briar Briar before 1.4.22 allows attackers to spoof other users’ messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. 2023-05-24 not yet calculated CVE-2023-33981MISCMISC briar_project — briar Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. 2023-05-24 not yet calculated CVE-2023-33982MISCMISC briar_project — briar The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. 2023-05-24 not yet calculated CVE-2023-33983MISC