jetbrains — teamcity
  JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. 2023-06-29 not yet calculated CVE-2015-1313
MISC
MISC gnu_c_library — gnu_c_library
  end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. 2023-06-25 not yet calculated CVE-2015-20109
MISC espcms — espcms
  An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. 2023-06-27 not yet calculated CVE-2020-18404
MISC cmseasy — cmseasy
  An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. 2023-06-27 not yet calculated CVE-2020-18406
MISC catfishcms — catfishcms
  Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. 2023-06-27 not yet calculated CVE-2020-18409
MISC chaoji_cms — chaoji_cms
  A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. 2023-06-27 not yet calculated CVE-2020-18410
MISC chaoji_cms — chaoji_cms
  Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. 2023-06-27 not yet calculated CVE-2020-18413
MISC chaoji_cms — chaoji_cms
  Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. 2023-06-27 not yet calculated CVE-2020-18414
MISC jymusic — jymusic
  An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. 2023-06-27 not yet calculated CVE-2020-18416
MISC feifeicms — feifeicms
  A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. 2023-06-27 not yet calculated CVE-2020-18418
MISC
MISC semcms_php — semcms_php
  File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. 2023-06-30 not yet calculated CVE-2020-18432
MISC cryptoprof_wcms — cryptoprof_wcms
  Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. 2023-06-27 not yet calculated CVE-2020-19902
MISC bludit — bludit
  Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. 2023-06-26 not yet calculated CVE-2020-20210
MISC jquery — jquery
  Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element. 2023-06-26 not yet calculated CVE-2020-23064
MISC
MISC ez_systems — as_ezpublish_platform/ez_publish_legacy
  Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf. 2023-06-26 not yet calculated CVE-2020-23065
MISC tinycme — tinycme
  Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function. 2023-06-26 not yet calculated CVE-2020-23066
MISC
MISC requests-xml — requests-xml
  requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. 2023-06-29 not yet calculated CVE-2020-26708
MISC py-xml — py-xml
  py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. 2023-06-29 not yet calculated CVE-2020-26709
MISC easy-parse — easy-parse
  easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. 2023-06-29 not yet calculated CVE-2020-26710
MISC emby — emby_server
  Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address. 2023-06-28 not yet calculated CVE-2021-25827
MISC
MISC
CONFIRM emby — emby_server
  Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web. 2023-06-28 not yet calculated CVE-2021-25828
MISC dzzoffice– dzzoffice
  A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. 2023-06-27 not yet calculated CVE-2021-30203
MISC dzzoffice — dzzoffice
  Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. 2023-06-27 not yet calculated CVE-2021-30205
MISC jfinal — jfinal
  Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. 2023-06-26 not yet calculated CVE-2021-31635
MISC google — android
  In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-194480991 2023-06-28 not yet calculated CVE-2022-20443
MISC ibm — qradar_siem
  IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403. 2023-06-27 not yet calculated CVE-2022-34352
MISC
MISC tenda — ac6_ac1200
  Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. 2023-06-26 not yet calculated CVE-2022-40010
MISC wordpress — wordpress
  The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users. 2023-06-27 not yet calculated CVE-2022-4115
MISC gitlab — gitlab
  An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization 2023-06-28 not yet calculated CVE-2022-4143
CONFIRM
MISC
MISC responsive_filemanager– responsive_filemanager
  In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. 2023-06-28 not yet calculated CVE-2022-44276
MISC ucopia — weblib
  An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. 2023-06-29 not yet calculated CVE-2022-44719
MISC
MISC ucopia — weblib
  An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. 2023-06-29 not yet calculated CVE-2022-44720
MISC
MISC ericsson — network_manager
  Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability 2023-06-29 not yet calculated CVE-2022-46407
MISC ericsson — network_manager
  Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. 2023-06-29 not yet calculated CVE-2022-46408
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48331
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48332
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48333
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48334
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48335
MISC widevine — trusted_application
  Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow. 2023-06-26 not yet calculated CVE-2022-48336
MISC apple — macos
  This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system 2023-06-28 not yet calculated CVE-2022-48505
MISC wordpress — wordpress
  The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. 2023-06-27 not yet calculated CVE-2023-0588
MISC wordpress — wordpress
  The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-27 not yet calculated CVE-2023-0873
MISC wordpress — wordpress
  The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2023-06-27 not yet calculated CVE-2023-1166
MISC linux — kernel
  A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. 2023-06-30 not yet calculated CVE-2023-1206
MISC linux — kernel
  A time-of-check to time-of-use issue exists in io_uring subsystem’s IORING_OP_CLOSE operation in the Linux kernel’s versions 5.6 – 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. 2023-06-28 not yet calculated CVE-2023-1295
MISC
MISC
MISC
MISC
MISC wordpress — wordpress
  The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting 2023-06-27 not yet calculated CVE-2023-1891
MISC cisco — cisco_adaptive_security_appliance
  A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload. 2023-06-28 not yet calculated CVE-2023-20006
CISCO cisco — cisco_web_security_appliance
  Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. 2023-06-28 not yet calculated CVE-2023-20028
CISCO tenable — multiple_products
  Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. 2023-06-26 not yet calculated CVE-2023-2005
MISC cisco — cisco_telepresence_video_communication_server
  Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory. 2023-06-28 not yet calculated CVE-2023-20105
CISCO cisco — cisco_unified_communications_manager
  A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;P users who were authenticated prior to an attack. 2023-06-28 not yet calculated CVE-2023-20108
CISCO cisco — cisco_unified_communications_manager
  A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. 2023-06-28 not yet calculated CVE-2023-20116
CISCO cisco — cisco_web_security_appliance
  Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. 2023-06-28 not yet calculated CVE-2023-20119
CISCO cisco — cisco_web_security_appliance
  Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. 2023-06-28 not yet calculated CVE-2023-20120
CISCO cisco — cisco_secure_workload
  A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels. 2023-06-28 not yet calculated CVE-2023-20136
CISCO cisco — cisco_anyconnect_secure_mobility_client
  A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. 2023-06-28 not yet calculated CVE-2023-20178
CISCO cisco — cisco_small_business_smart_and_managed_switches
  A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability. 2023-06-28 not yet calculated CVE-2023-20188
CISCO cisco — cisco_telepresence_video_communication_server_expressway
  Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory. 2023-06-28 not yet calculated CVE-2023-20192
CISCO cisco — cisco_duo
  A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission. 2023-06-28 not yet calculated CVE-2023-20199
CISCO wordpress — wordpress
  The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities. 2023-06-27 not yet calculated CVE-2023-2032
MISC wordpress — wordpress
  The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. 2023-06-27 not yet calculated CVE-2023-2068
MISC google — android
  In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783635References: N/A 2023-06-28 not yet calculated CVE-2023-21158
MISC google — android
  In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783565References: N/A 2023-06-28 not yet calculated CVE-2023-21159
MISC google — android
  In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263784118References: N/A 2023-06-28 not yet calculated CVE-2023-21160
MISC google — android
  In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783702References: N/A 2023-06-28 not yet calculated CVE-2023-21161
MISC google — android
  In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-259942964 2023-06-28 not yet calculated CVE-2023-21167
MISC google — android
  In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261365944 2023-06-28 not yet calculated CVE-2023-21180
MISC google — android
  In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-264880969 2023-06-28 not yet calculated CVE-2023-21181
MISC google — android
  In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-252764175 2023-06-28 not yet calculated CVE-2023-21182
MISC google — android
  In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-235863754 2023-06-28 not yet calculated CVE-2023-21183
MISC google — android
  In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-267809568 2023-06-28 not yet calculated CVE-2023-21184
MISC google — android
  In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-266700762 2023-06-28 not yet calculated CVE-2023-21185
MISC google — android
  In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261079188 2023-06-28 not yet calculated CVE-2023-21186
MISC google — android
  In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-246542917 2023-06-28 not yet calculated CVE-2023-21187
MISC google — android
  In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-264624283 2023-06-28 not yet calculated CVE-2023-21188
MISC google — android
  In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-213942596 2023-06-28 not yet calculated CVE-2023-21189
MISC google — android
  In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251436534 2023-06-28 not yet calculated CVE-2023-21190
MISC google — android
  In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-269738057 2023-06-28 not yet calculated CVE-2023-21191
MISC google — android
  In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-227207653 2023-06-28 not yet calculated CVE-2023-21192
MISC google — android
  In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-233006499 2023-06-28 not yet calculated CVE-2023-21193
MISC google — android
  In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-260079141 2023-06-28 not yet calculated CVE-2023-21194
MISC google — android In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-233879420 2023-06-28 not yet calculated CVE-2023-21195
MISC google — android
  In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261857395 2023-06-28 not yet calculated CVE-2023-21196
MISC google — android
  In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251427561 2023-06-28 not yet calculated CVE-2023-21197
MISC google — android
  In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-245517503 2023-06-28 not yet calculated CVE-2023-21198
MISC google — android
  In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-254445961 2023-06-28 not yet calculated CVE-2023-21199
MISC google — android
  In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-236688764 2023-06-28 not yet calculated CVE-2023-21200
MISC google — android
  In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-263545186 2023-06-28 not yet calculated CVE-2023-21201
MISC google — android
  In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-260568359 2023-06-28 not yet calculated CVE-2023-21202
MISC google — android
  In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262246082 2023-06-28 not yet calculated CVE-2023-21203
MISC google — android
  In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262246231 2023-06-28 not yet calculated CVE-2023-21204
MISC google — android
  In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245376 2023-06-28 not yet calculated CVE-2023-21205
MISC google — android
  In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245630 2023-06-28 not yet calculated CVE-2023-21206
MISC google — android
  In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236670 2023-06-28 not yet calculated CVE-2023-21207
MISC google — android
  In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245254 2023-06-28 not yet calculated CVE-2023-21208
MISC google — android
  In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236273 2023-06-28 not yet calculated CVE-2023-21209
MISC google — android
  In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236331 2023-06-28 not yet calculated CVE-2023-21210
MISC google — android
  In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235998 2023-06-28 not yet calculated CVE-2023-21211
MISC google — android
  In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236031 2023-06-28 not yet calculated CVE-2023-21212
MISC google — android
  In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235951 2023-06-28 not yet calculated CVE-2023-21213
MISC google — android
  In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235736 2023-06-28 not yet calculated CVE-2023-21214
MISC google — android
  there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264698379References: N/A 2023-06-28 not yet calculated CVE-2023-21219
MISC google — android
  there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264590585References: N/A 2023-06-28 not yet calculated CVE-2023-21220
MISC google — android
  In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-266977723References: N/A 2023-06-28 not yet calculated CVE-2023-21222
MISC google — android
  In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-256047000References: N/A 2023-06-28 not yet calculated CVE-2023-21223
MISC google — android
  In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-265276966References: N/A 2023-06-28 not yet calculated CVE-2023-21224
MISC google — android
  there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270403821References: N/A 2023-06-28 not yet calculated CVE-2023-21225
MISC google — android
  In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-240728187References: N/A 2023-06-28 not yet calculated CVE-2023-21226
MISC google — android
  In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270148537References: N/A 2023-06-28 not yet calculated CVE-2023-21236
MISC google — android In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251586912 2023-06-28 not yet calculated CVE-2023-21237
MISC samsung_mobile — multiple_products
  Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. 2023-06-28 not yet calculated CVE-2023-21512
MISC samsung_mobile — multiple_products
  Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. 2023-06-28 not yet calculated CVE-2023-21513
MISC samsung_mobile — multiple_products
  Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. 2023-06-28 not yet calculated CVE-2023-21517
MISC samsung_mobile — multiple_products
  Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity. 2023-06-28 not yet calculated CVE-2023-21518
MISC wordpress — wordpress
  The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-06-27 not yet calculated CVE-2023-2178
MISC gitlab — gitlab
  An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix 2023-06-28 not yet calculated CVE-2023-2232
MISC
CONFIRM
MISC checkmk — checkmk
  User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. 2023-06-26 not yet calculated CVE-2023-22359
MISC ibm — robotic_process_automation_for_cloud_pak
  IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074. 2023-06-27 not yet calculated CVE-2023-22593
MISC
MISC western_digital — my_cloud_os
  An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. 2023-07-01 not yet calculated CVE-2023-22814
MISC western_digital — my_cloud_os
  Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300. 2023-06-30 not yet calculated CVE-2023-22815
MISC western_digital — my_cloud_os
  A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. 2023-06-30 not yet calculated CVE-2023-22816
MISC palantir — contour
  The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. 2023-06-27 not yet calculated CVE-2023-22834
MISC oracle — apache_airflow
  Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. 2023-06-29 not yet calculated CVE-2023-22886
MISC lenovo — thinkpad
  A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. 2023-06-26 not yet calculated CVE-2023-2290
MISC wordpress — wordpress The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack 2023-06-27 not yet calculated CVE-2023-2326
MISC ibm — robotic_process_automation_for_cloud_pak
  IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. 2023-06-27 not yet calculated CVE-2023-23468
MISC
MISC wordpress — wordpress
  The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. 2023-06-27 not yet calculated CVE-2023-2482
MISC autodesk — navisworks
  A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. 2023-06-27 not yet calculated CVE-2023-25001
MISC autodesk — multiple_products
  A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. 2023-06-27 not yet calculated CVE-2023-25002
MISC autodesk — multiple_products
  A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution. 2023-06-27 not yet calculated CVE-2023-25004
MISC quiltmc — quiltmc
  MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. 2023-06-26 not yet calculated CVE-2023-25306
MISC quiltmc — quiltmc
  nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. 2023-06-26 not yet calculated CVE-2023-25307
MISC
MISC libtiff — libtiff
  libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. 2023-06-29 not yet calculated CVE-2023-25433
MISC
MISC wordpress — wordpress
  The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). 2023-06-27 not yet calculated CVE-2023-2580
MISC wordpress — wordpress
  The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. 2023-06-27 not yet calculated CVE-2023-2592
MISC arm — nn
  A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. 2023-06-29 not yet calculated CVE-2023-26085
MISC
CONFIRM git-commit-info — git-commit-info
  Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content. 2023-06-28 not yet calculated CVE-2023-26134
MISC
MISC
MISC flatnest — flatnest
  All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file. 2023-06-30 not yet calculated CVE-2023-26135
MISC
MISC
MISC tough-cookie — tough-cookie
  Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. 2023-07-01 not yet calculated CVE-2023-26136
MISC
MISC
MISC
MISC hitachi_energy — txpert_hub_coretec_4
  A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. 2023-06-28 not yet calculated CVE-2023-2625
MISC ibm — qradar_siem IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134. 2023-06-27 not yet calculated CVE-2023-26273
MISC
MISC ibm — qradar_siem
  IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144. 2023-06-27 not yet calculated CVE-2023-26274
MISC
MISC ibm — qradar_siem
  IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. 2023-06-27 not yet calculated CVE-2023-26276
MISC
MISC hp_inc. — hp_pc_products_using_ami_uefi_firmware
  A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. 2023-06-30 not yet calculated CVE-2023-26299
MISC d-link — dir-823
  D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. 2023-06-29 not yet calculated CVE-2023-26612
MISC
MISC d-link — dir-823
  An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel. 2023-06-29 not yet calculated CVE-2023-26613
MISC
MISC d-link — dir-823
  D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. 2023-06-28 not yet calculated CVE-2023-26615
MISC
MISC d-link — dir-823
  D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. 2023-06-29 not yet calculated CVE-2023-26616
MISC
MISC libtiff — libtiff
  libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. 2023-06-29 not yet calculated CVE-2023-26966
MISC
MISC pluck_cms
— pluck_cms
  Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. 2023-06-26 not yet calculated CVE-2023-27082
MISC malwarebytes — anti-exploit
  Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘’ character. 2023-06-30 not yet calculated CVE-2023-27469
MISC
MISC ibm — informix_jdbc_driver
  IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. 2023-06-28 not yet calculated CVE-2023-27866
MISC
MISC wordpress — wordpress
  The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-06-27 not yet calculated CVE-2023-2795
MISC proofpoint — insider_threat_management_agent_for_windows
  An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. 2023-06-27 not yet calculated CVE-2023-2818
MISC ivanti — ivanti_endpoint_manager
  A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. 2023-07-01 not yet calculated CVE-2023-28323
MISC ivanti — ivanti_endpoint_manager
  A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. 2023-07-01 not yet calculated CVE-2023-28324
MISC brave_software — brave_browser_for_android
  An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. 2023-07-01 not yet calculated CVE-2023-28364
MISC ubiquiti_inc. — unifi_applications_for_linux
  A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. 2023-07-01 not yet calculated CVE-2023-28365
MISC newspicks_inc. — newspicks_app_for_android
  “NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. 2023-06-30 not yet calculated CVE-2023-28387
MISC
MISC
MISC wordpress — wordpress
  The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack 2023-06-27 not yet calculated CVE-2023-2842
MISC mitsuibishi_electric_corporation — melsec_iq-f_series
  Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. 2023-06-30 not yet calculated CVE-2023-2846
MISC
MISC
MISC wekan — wekan
  A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads. 2023-06-26 not yet calculated CVE-2023-28485
MISC
MISC
MISC wordpress — wordpress
  The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution. 2023-06-27 not yet calculated CVE-2023-2877
MISC apareo — cas
  Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity of the provided client certificate, X509CredentialsAuthenticationHandler performs check that this certificate is not revoked. To do so, it fetches URLs provided in the “CRL Distribution Points” extension of the certificate, which are taken from the certificate itself and therefore can be controlled by a malicious user. If the CAS server is configured to use an LDAP server for x509 authentication with a password, for example by setting a “cas.authn.x509.ldap.ldap-url” and “cas.authn.x509.ldap.bind-credential” properties, X509CredentialsAuthenticationHandler fetches revocation URLs from the certificate, which can be LDAP urls. When making requests to this LDAP urls, Apereo CAS uses the same password as for initially configured LDAP server, which can lead to a password leak. An unauthenticated user can leak the password used to LDAP connection configured on server. This issue has been addressed in version 6.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-27 not yet calculated CVE-2023-28857
MISC
MISC
MISC trend_micro_inc. — trend_micro_security
  Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. 2023-06-26 not yet calculated CVE-2023-28929
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions. 2023-06-26 not yet calculated CVE-2023-28988
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions. 2023-06-26 not yet calculated CVE-2023-28991
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions. 2023-06-26 not yet calculated CVE-2023-28992
MISC autodesk — multiple_products
  A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2023-06-27 not yet calculated CVE-2023-29068
MISC libtiff — libtiff
  A null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service. 2023-06-30 not yet calculated CVE-2023-2908
MISC
MISC
MISC
MISC wordpress — wordpress
  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions. 2023-06-26 not yet calculated CVE-2023-29093
MISC malwarebytes — edr_1.0.11_for_linux
  The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. 2023-06-30 not yet calculated CVE-2023-29145
MISC
MISC malwarebytes — edr_1.0.11_for_linux
  In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. 2023-06-30 not yet calculated CVE-2023-29147
MISC
MISC bosch — building_integration_system
  Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network 2023-06-30 not yet calculated CVE-2023-29241
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions. 2023-06-26 not yet calculated CVE-2023-29423
MISC wordpress — wordpress
  Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions. 2023-06-26 not yet calculated CVE-2023-29437
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions. 2023-06-26 not yet calculated CVE-2023-29438
MISC laola.redbull — laola.redbull_application_for_android
  The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application’s webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation. 2023-06-26 not yet calculated CVE-2023-29459
MISC
MISC lenovo — multiple_products
  An unauthenticated  denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. 2023-06-26 not yet calculated CVE-2023-2992
MISC lenovo — multiple_products
  A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. 2023-06-26 not yet calculated CVE-2023-2993
MISC wordpress — wordpress
  The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. 2023-06-27 not yet calculated CVE-2023-2996
MISC
MISC librecad — librecad
  A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. 2023-06-28 not yet calculated CVE-2023-30259
MISC openwb– openwb
  Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. 2023-06-26 not yet calculated CVE-2023-30261
MISC
MISC
MISC bkg — ntrip_professional_caster
  Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44 2023-06-28 not yet calculated CVE-2023-3034
MISC
MISC openssl — openssl
  A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. 2023-07-01 not yet calculated CVE-2023-30586
MISC node.js — node.js
  The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 2023-07-01 not yet calculated CVE-2023-30589
MISC linux — kernel
  A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. 2023-06-28 not yet calculated CVE-2023-3090
MISC
MISC palantir — multiple_products
  Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. 2023-06-26 not yet calculated CVE-2023-30945
MISC palantir — foundry
  A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry’s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. 2023-06-29 not yet calculated CVE-2023-30946
MISC palantir — foundry
  A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to ‘Developer Mode’. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0. 2023-06-29 not yet calculated CVE-2023-30955
MISC ibm — cloud_pak_for_security

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant’s account. IBM X-Force ID: 254136. 2023-06-27 not yet calculated CVE-2023-30993
MISC
MISC lenovo — xclarity_administrator
  An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA’s Common Information Model (CIM) server that could result in read-only access to specific files. 2023-06-26 not yet calculated CVE-2023-3113
MISC linux — kernel
  A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. 2023-06-30 not yet calculated CVE-2023-3117
MISC medtronic — paceart_optima_for_windows
  Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic’s Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. 2023-06-29 not yet calculated CVE-2023-31222
MISC libx11 — libx11
  A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. 2023-06-28 not yet calculated CVE-2023-3138
MISC
MISC
MISC
MISC pipreqs — pipreqs
  A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. 2023-06-30 not yet calculated CVE-2023-31543
MISC
MISC ubiquiti_inc. — unifi_os
  UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. 2023-07-01 not yet calculated CVE-2023-31997
MISC d-link — dsl-g256dg
  D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. 2023-06-28 not yet calculated CVE-2023-32222
MISC d-link — dsl-224
  D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. 2023-06-28 not yet calculated CVE-2023-32223
MISC d-link — dsl-224
  D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts 2023-06-28 not yet calculated CVE-2023-32224
MISC ibm — business_automation_workflow
  IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587. 2023-06-27 not yet calculated CVE-2023-32339
MISC
MISC
MISC implem_inc. — pleasanter
  Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. 2023-06-30 not yet calculated CVE-2023-32607
MISC
MISC implem_inc. — pleasanter
  Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. 2023-06-30 not yet calculated CVE-2023-32608
MISC
MISC synck_graphica — mailform_pro_cgi Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. 2023-06-29 not yet calculated CVE-2023-32610
MISC
MISC
MISC wavlink_technology_ltd. — wl-wn531ax2
  Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. 2023-06-30 not yet calculated CVE-2023-32612
MISC
MISC wavlink_technology_ltd. — wl-wn531ax2
  Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. 2023-06-30 not yet calculated CVE-2023-32613
MISC
MISC wavlink_technology_ltd. — wl-wn531ax2
  Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. 2023-06-30 not yet calculated CVE-2023-32620
MISC
MISC wavlink_technology_ltd. — wl-wn531ax2
  WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. 2023-06-30 not yet calculated CVE-2023-32621
MISC
MISC wavlink_technology_ltd. — wl-wn531ax2
  Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. 2023-06-30 not yet calculated CVE-2023-32622
MISC
MISC monkey_wrench_inc. — snow_monkey_forms
  Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. 2023-06-28 not yet calculated CVE-2023-32623
MISC
MISC bigbluebutton — bigbluebutton
  BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton. 2023-06-26 not yet calculated CVE-2023-33176
MISC
MISC
MISC
MISC
MISC sealos — sealos
  Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-29 not yet calculated CVE-2023-33190
MISC
MISC gira_giersiepen — gira_knx/ip-router
  The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). 2023-06-30 not yet calculated CVE-2023-33276
MISC
MISC gira_giersiepen — gira_knx/ip-router
  The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. 2023-06-29 not yet calculated CVE-2023-33277
MISC
MISC perimeter81 — perimeter81_for_macos
  com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. 2023-06-30 not yet calculated CVE-2023-33298
MISC
MISC nec_corporation — multiple_products
  Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. 2023-06-28 not yet calculated CVE-2023-3330
MISC nec_corporation — multiple_products
  Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. 2023-06-28 not yet calculated CVE-2023-3331
MISC nec_corporation — multiple_products
  Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to  execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. 2023-06-28 not yet calculated CVE-2023-3332
MISC nec_corporation — multiple_products
  Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. 2023-06-28 not yet calculated CVE-2023-3333
MISC sophos — web_appliance
  Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. 2023-06-30 not yet calculated CVE-2023-33336
MISC linux — kernel
  A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. 2023-06-30 not yet calculated CVE-2023-3338
MISC blogengine.net — blogengine.net
  An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. 2023-06-26 not yet calculated CVE-2023-33404
MISC discourse — discourse
  Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). 2023-06-29 not yet calculated CVE-2023-33466
MISC linux — kernel
  A NULL pointer dereference flaw was found in the Linux kernel’s drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. 2023-06-28 not yet calculated CVE-2023-3355
MISC ros — ros2_foxy_fitzroy
  An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. 2023-06-27 not yet calculated CVE-2023-33566
MISC ros — ros2_foxy_fitzroy
  An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. 2023-06-27 not yet calculated CVE-2023-33567
MISC linux — kernel
  A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. 2023-06-28 not yet calculated CVE-2023-3357
MISC bagisto — bagisto
  Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). 2023-06-28 not yet calculated CVE-2023-33570
MISC linux — kernel
  A null pointer dereference was found in the Linux kernel’s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. 2023-06-28 not yet calculated CVE-2023-3358
MISC linux — kernel
  An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. 2023-06-28 not yet calculated CVE-2023-3359
MISC sourcecodester — lost_and_found_information_system Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. 2023-06-28 not yet calculated CVE-2023-33592
MISC
MISC church_crm — church_crm
  Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. 2023-06-29 not yet calculated CVE-2023-33661
MISC linux — kernel
  A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). 2023-06-28 not yet calculated CVE-2023-3389
MISC
MISC
MISC
MISC
MISC
MISC linux — kernel
  A use-after-free vulnerability was found in the Linux kernel’s netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. 2023-06-28 not yet calculated CVE-2023-3390
MISC
MISC campcodes — retro_cellphone_online_store
  A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351. 2023-06-25 not yet calculated CVE-2023-3396
MISC
MISC
MISC m-files — m-files_server
  Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service 2023-06-27 not yet calculated CVE-2023-3405
MISC shopware — shopware
  Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability. 2023-06-27 not yet calculated CVE-2023-34098
MISC
MISC
MISC
MISC shopware — shopware
  Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability. 2023-06-27 not yet calculated CVE-2023-34099
MISC
MISC
MISC
MISC cloudexplorer-dev — cloudexplorer-lite
  Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. 2023-06-27 not yet calculated CVE-2023-3423
MISC
MISC cloudexplorer-dev — cloudexplorer-lite
  Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-27 not yet calculated CVE-2023-34240
MISC plantuml — plantum
  Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. 2023-06-27 not yet calculated CVE-2023-3431
MISC
MISC plantuml — plantum
  Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. 2023-06-27 not yet calculated CVE-2023-3432
MISC
MISC xpdf — xpdf
  Xpdf 4.04 will deadlock on a PDF object stream whose “Length” field is itself in another object stream. 2023-06-27 not yet calculated CVE-2023-3436
MISC linux — kernel
  A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device’s relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service. 2023-06-28 not yet calculated CVE-2023-3439
MISC
MISC
MLIST oracle — apache_airflow
  Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0. 2023-06-27 not yet calculated CVE-2023-34395
MISC
MISC lenovo — xclarity_administrator
  A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. 2023-06-26 not yet calculated CVE-2023-34418
MISC lenovo — xclarity_administrator
  A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. 2023-06-26 not yet calculated CVE-2023-34420
MISC lenovo — xclarity_administrator
  A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. 2023-06-26 not yet calculated CVE-2023-34421
MISC lenovo — xclarity_administrator
  A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. 2023-06-26 not yet calculated CVE-2023-34422
MISC spinacms — spinacms
  Cross-site Scripting (XSS) – Stored in GitHub repository spinacms/spina prior to 2.15.1. 2023-06-28 not yet calculated CVE-2023-3445
MISC
MISC dataease — dataease
  DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-26 not yet calculated CVE-2023-34463
MISC itsourcecode — online_hotel_management_system_project
  itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box. 2023-06-29 not yet calculated CVE-2023-34486
MISC itsourcecode — online_hotel_management_system_project
  itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. 2023-06-29 not yet calculated CVE-2023-34487
MISC ibos — oa
  A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-28 not yet calculated CVE-2023-3449
MISC
MISC
MISC ruijie — rg-bcr860
  A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-28 not yet calculated CVE-2023-3450
MISC
MISC
MISC sourcecodester — shopping_website
  A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability. 2023-06-29 not yet calculated CVE-2023-3457
MISC
MISC
MISC sourcecodester — shopping_website
  A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675. 2023-06-29 not yet calculated CVE-2023-3458
MISC
MISC
MISC gibbon — gibbon
  Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it’s possible to include the content of several files present in the installation folder in the server’s response. 2023-06-29 not yet calculated CVE-2023-34598
MISC gibbon — gibbon
  Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. 2023-06-29 not yet calculated CVE-2023-34599
MISC simplephpscripts — classified_ads_script
  A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability. 2023-06-29 not yet calculated CVE-2023-3464
MISC
MISC
MISC phpgurukl — hostel_management_system
  PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). 2023-06-28 not yet calculated CVE-2023-34647
MISC phpgurukl — user_registration_login_and_management_system
  A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. 2023-06-29 not yet calculated CVE-2023-34648
MISC simplephpscripts — classified_ads_script
  A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711. 2023-06-29 not yet calculated CVE-2023-3465
MISC
MISC
MISC phpgurukl — small_crm
  PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). 2023-06-28 not yet calculated CVE-2023-34650
MISC
MISC phpgurukl — hospital_management_system
  PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). 2023-06-28 not yet calculated CVE-2023-34651
MISC
MISC phpgurukl — hostel_management_system
  PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. 2023-06-28 not yet calculated CVE-2023-34652
MISC
MISC xiamen_si_xin_communication_technology — video_management_system
  An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. 2023-06-29 not yet calculated CVE-2023-34656
MISC telegram — telegram
  Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. 2023-06-29 not yet calculated CVE-2023-34658
MISC thorsten — thorsten
  Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. 2023-06-30 not yet calculated CVE-2023-3469
MISC
MISC campcodes — retro_cellphone_online_store
  A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752. 2023-06-30 not yet calculated CVE-2023-3473
MISC
MISC
MISC annet — ac_centralized_management_platform
  Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . 2023-06-29 not yet calculated CVE-2023-34734
MISC property_cloud_platform_management_center — property_cloud_platform_management_center
  Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. 2023-06-29 not yet calculated CVE-2023-34735
MISC guantang_equipment_management_system — guantang_equipment_management_system
  Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. 2023-06-28 not yet calculated CVE-2023-34736
MISC chemex — chemex
  Chemex through 3.7.1 is vulnerable to arbitrary file upload. 2023-06-29 not yet calculated CVE-2023-34738
MISC simplephpscripts — simple_blog
  A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability. 2023-06-30 not yet calculated CVE-2023-3474
MISC
MISC simplephpscripts — event_script
  A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability. 2023-06-30 not yet calculated CVE-2023-3475
MISC
MISC simplephpscripts — guestbook_script
  A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755. 2023-06-30 not yet calculated CVE-2023-3476
MISC
MISC 7-eleven — led_message_cup,_hello_cup_for_android
  An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application’s client-side chat censor filter. 2023-06-28 not yet calculated CVE-2023-34761
MISC
MISC rocketsoft — rocket_lms
  A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756. 2023-06-30 not yet calculated CVE-2023-3477
MISC
MISC ibos — oa
  A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-06-30 not yet calculated CVE-2023-3478
MISC
MISC
MISC hestiacp — hestiacp
  Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. 2023-06-30 not yet calculated CVE-2023-3479
MISC
MISC i-doit — i-doit
  i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. 2023-06-27 not yet calculated CVE-2023-34830
MISC
MISC turnitin — lti_tool
  The “Submission Web Form” of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form (“id” and “title” HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks. 2023-06-29 not yet calculated CVE-2023-34831
MISC
MISC mcl_technologies — mcl-net
  A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the “/file” endpoint. 2023-06-29 not yet calculated CVE-2023-34834
MISC
MISC microworld_technologies — escan_management_console
  A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. 2023-06-27 not yet calculated CVE-2023-34835
MISC microworld_technologies — escan_management_console
  A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. 2023-06-27 not yet calculated CVE-2023-34836
MISC microworld_technologies — escan_management_console
  A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. 2023-06-27 not yet calculated CVE-2023-34837
MISC microworld_technologies — escan_management_console
  A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. 2023-06-27 not yet calculated CVE-2023-34838
MISC issabel-pbx — issabel-pbx
  A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. 2023-06-27 not yet calculated CVE-2023-34839
MISC angular-ui-notification — angular-ui-notification
  angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. 2023-06-30 not yet calculated CVE-2023-34840
MISC
MISC
MISC traggo_server — traggo_server
  Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request. 2023-06-29 not yet calculated CVE-2023-34843
MISC play_with_docker — play_with_docker
  Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. 2023-06-29 not yet calculated CVE-2023-34844
MISC ikuai — router_os
  An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. 2023-06-29 not yet calculated CVE-2023-34849
MISC temporal_technologies_inc. — temporal_server
  Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace. 2023-06-30 not yet calculated CVE-2023-3485
MISC fossbilling — fossbilling
  SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 not yet calculated CVE-2023-3490
MISC
MISC fossbilling — fossbilling
  Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 not yet calculated CVE-2023-3491
MISC
MISC h3c — magic_b1stv100r012
  H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-26 not yet calculated CVE-2023-34924
MISC h3c — magic_b1stv100r012
  A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34928
MISC h3c — magic_b1stv100r012
  A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34929
MISC fossbilling — fossbilling
  Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. 2023-06-30 not yet calculated CVE-2023-3493
MISC
MISC h3c — magic_b1stv100r012
  A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34930
MISC h3c — magic_b1stv100r012
  A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34931
MISC h3c — magic_b1stv100r012
  A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34932
MISC h3c — magic_b1stv100r012
  A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34933
MISC h3c — magic_b1stv100r012
  A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34934
MISC h3c — magic_b1stv100r012
  A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34935
MISC h3c — magic_b1stv100r012
  A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34936
MISC h3c — magic_b1stv100r012
  A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. 2023-06-28 not yet calculated CVE-2023-34937
MISC dataease — dataease
  DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-26 not yet calculated CVE-2023-35164
MISC dataease — dataease
  DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. 2023-06-26 not yet calculated CVE-2023-35168
MISC hp_inc. — hp_laserjet_pro
  Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. 2023-06-30 not yet calculated CVE-2023-35175
MISC hp_inc. — hp_laserjet_pro
  Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. 2023-06-30 not yet calculated CVE-2023-35176
MISC hp_inc. — hp_laserjet_pro
  Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. 2023-06-30 not yet calculated CVE-2023-35177
MISC hp_inc. — hp_laserjet_pro
  Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. 2023-06-30 not yet calculated CVE-2023-35178
MISC oracle — apache_airflow
  Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected 2023-06-27 not yet calculated CVE-2023-35798
MISC
MISC stormshield — endpoint_security_evolution
  Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. 2023-06-27 not yet calculated CVE-2023-35799
CONFIRM
MISC stormshield — endpoint_security_evolution
  Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. 2023-06-27 not yet calculated CVE-2023-35800
CONFIRM
MISC stw_mobile_machines — tensor-technik_wiedmann_tcg-4_connectivity_module_deploymentpackage
  STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS. 2023-06-29 not yet calculated CVE-2023-35830
MISC
MISC spicedb — spicedb
  SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn’t have access may. Generally, `LookupResources` is not and should not be to gate access in this way – that’s what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release. Users are advised to upgrade to version 1.22.2. Users unable to upgrade should avoid using `LookupResources` for negative authorization decisions. 2023-06-26 not yet calculated CVE-2023-35930
MISC
MISC openfga — openfga
  OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected. 2023-06-26 not yet calculated CVE-2023-35933
MISC
MISC
MISC
MISC tuleap — tuleap
  Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue. 2023-06-29 not yet calculated CVE-2023-35938
MISC
MISC
MISC
MISC gradle — gradle
  Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit. 2023-06-30 not yet calculated CVE-2023-35946
MISC
MISC
MISC
MISC gradle — gradle
  Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability) 2023-06-30 not yet calculated CVE-2023-35947
MISC
MISC
MISC proofpoint — insider_threat_management_agent
  A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. 2023-06-27 not yet calculated CVE-2023-35998
MISC proofpoint — insider_threat_management_agent
  A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. 2023-06-27 not yet calculated CVE-2023-36000
MISC proofpoint — insider_threat_management_agent
  A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. 2023-06-27 not yet calculated CVE-2023-36002
MISC maxprint — maxlink_1200g
  Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device. 2023-06-30 not yet calculated CVE-2023-36143
MISC
MISC intelbras — switch_sg_2404_mr
  An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. 2023-06-30 not yet calculated CVE-2023-36144
MISC
MISC multilaser — re_170
  A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. 2023-06-30 not yet calculated CVE-2023-36146
MISC
MISC ateme — flamingo_xl
  An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function. 2023-06-26 not yet calculated CVE-2023-36252
MISC talend — data_catalog
  Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. 2023-06-26 not yet calculated CVE-2023-36301
MISC codekop — codekop
  A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. 2023-06-30 not yet calculated CVE-2023-36347
MISC
MISC meldekarten_generator — meldekarten_generator
  Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn’t (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-27 not yet calculated CVE-2023-36463
MISC
MISC pypdf — pypdf
  pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b”r”, b”n”)` in `pypdf/generic/_data_structures.py` to `while peek not in (b”r”, b”n”, b””)`. 2023-06-27 not yet calculated CVE-2023-36464
MISC
MISC
MISC aws_data.all — aws_data.all
  AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around. 2023-06-28 not yet calculated CVE-2023-36467
MISC
MISC
MISC
MISC xwiki — xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it’s still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example – it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn’t affect freshly installed versions of XWiki. Further, this vulnerability doesn’t affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents. 2023-06-29 not yet calculated CVE-2023-36468
MISC
MISC
MISC
MISC xwiki — xwiki
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar. 2023-06-29 not yet calculated CVE-2023-36469
MISC
MISC
MISC
MISC
MISC xwiki — xwiki
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set’s HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-29 not yet calculated CVE-2023-36470
MISC
MISC
MISC
MISC
MISC xwiki — xwiki
  Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type=”hidden” name=”content” value=”{{groovy}}println(&quot;Hello from Groovy!&quot;)” />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file. 2023-06-29 not yet calculated CVE-2023-36471
MISC
MISC
MISC interactsh — interactsh
  Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user’s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default. 2023-06-28 not yet calculated CVE-2023-36474
MISC
MISC
MISC
MISC parse_server — parse_server
  Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1. 2023-06-28 not yet calculated CVE-2023-36475
MISC
MISC
MISC
MISC
MISC
MISC
MISC nixos — nixos
  calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves. 2023-06-29 not yet calculated CVE-2023-36476
MISC
MISC
MISC xwiki — xwiki
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details. 2023-06-30 not yet calculated CVE-2023-36477
MISC
MISC
MISC
MISC ilias — ilias
  ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). 2023-06-29 not yet calculated CVE-2023-36484
MISC
MISC ilias — ilias
  The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. 2023-06-29 not yet calculated CVE-2023-36487
MISC
MISC ilias — ilias
  ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). 2023-06-29 not yet calculated CVE-2023-36488
MISC
MISC zoom — zoom
  Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. 2023-06-30 not yet calculated CVE-2023-36539
MISC ovarro — tbox_rm2
  The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents. 2023-06-29 not yet calculated CVE-2023-36607
MISC ruby — ruby
  A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. 2023-06-29 not yet calculated CVE-2023-36617
MISC cloudplanel — cloudplanel
  In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. 2023-06-25 not yet calculated CVE-2023-36630
MISC
MISC nettle — libnettle
  The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. 2023-06-25 not yet calculated CVE-2023-36660
MISC
MISC
MISC jira — atlassian
  Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) 2023-06-25 not yet calculated CVE-2023-36661
MISC
DEBIAN jira — atlassian
  The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24. 2023-06-26 not yet calculated CVE-2023-36662
MISC it-novum — open_it_cockpit
  it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. 2023-06-25 not yet calculated CVE-2023-36663
MISC
MISC artifex_software — ghostscript
  Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). 2023-06-25 not yet calculated CVE-2023-36664
MISC
MISC
MISC inex — Ixp-manager
  INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected. 2023-06-25 not yet calculated CVE-2023-36666
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. 2023-06-26 not yet calculated CVE-2023-36675
MISC pypdf — pypdf
  pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. 2023-06-30 not yet calculated CVE-2023-36807
MISC
MISC
MISC pypdf — pypdf
  pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-06-30 not yet calculated CVE-2023-36810
MISC
MISC
MISC opentsdb– opentsdb
  OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`. 2023-06-30 not yet calculated CVE-2023-36812
MISC
MISC
MISC veritas — netbackup_appliance
  In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. 2023-06-29 not yet calculated CVE-2023-37237
MISC mediawiki — mediawiki
  An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. 2023-06-29 not yet calculated CVE-2023-37251
MISC mediawiki — mediawiki
  An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. 2023-06-29 not yet calculated CVE-2023-37254
MISC mediawiki — mediawiki
  An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the “get edits” type is vulnerable to HTML injection through the User-Agent HTTP request header. 2023-06-29 not yet calculated CVE-2023-37255
MISC mediawiki — mediawiki
  An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. 2023-06-29 not yet calculated CVE-2023-37256
MISC joplin — joplin
  Joplin before 2.11.5 allows XSS via a USE element in an SVG document. 2023-06-30 not yet calculated CVE-2023-37298
MISC
MISC
MISC joplin — joplin
  Joplin before 2.11.5 allows XSS via an AREA element of an image map. 2023-06-30 not yet calculated CVE-2023-37299
MISC
MISC
MISC mediawiki — mediawiki
  An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. 2023-06-30 not yet calculated CVE-2023-37300
MISC
MISC mediawiki — mediawiki
  An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. 2023-06-30 not yet calculated CVE-2023-37301
MISC
MISC mediawiki — mediawiki
  An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). 2023-06-30 not yet calculated CVE-2023-37302
MISC
MISC
MISC mediawiki — mediawiki
  An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. 2023-06-30 not yet calculated CVE-2023-37303
MISC
MISC mediawiki — mediawiki
  An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. 2023-06-30 not yet calculated CVE-2023-37304
MISC
MISC mediawiki — mediawiki
  An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. 2023-06-30 not yet calculated CVE-2023-37305
MISC
MISC misp — misp
  MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. 2023-06-30 not yet calculated CVE-2023-37306
MISC
MISC misp — misp
  In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. 2023-06-30 not yet calculated CVE-2023-37307
MISC
MISC pacparser — pacparser
  pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). 2023-06-30 not yet calculated CVE-2023-37360
MISC hnswlib — hnswlib
  Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. 2023-06-30 not yet calculated CVE-2023-37365
MISC