semcms — semcms File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. 2023-08-05 not yet calculated CVE-2020-23564
MISC
MISC cisco — cisco_sd-wan_vmanage A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. 2023-08-04 not yet calculated CVE-2020-26064
MISC cisco — cisco_sd-wan_vmanage A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. 2023-08-04 not yet calculated CVE-2020-26065
MISC cisco — email_security_appliance A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. 2023-08-04 not yet calculated CVE-2020-26082
MISC octopus — octopus_server In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. 2023-08-02 not yet calculated CVE-2022-2346
MISC cybozu_inc — remote_service Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition. 2023-08-03 not yet calculated CVE-2022-26838
MISC
MISC dell — xtremio_x2_xms Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. 2023-08-03 not yet calculated CVE-2022-34453
MISC ibm — sdk_java_technology_edition IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069. 2023-08-02 not yet calculated CVE-2022-40609
MISC
MISC openrefine — openrefine OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure. 2023-08-04 not yet calculated CVE-2022-41401
MISC
MISC
MISC ngsurvey — ngsurvey Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys. 2023-08-02 not yet calculated CVE-2022-46484
MISC ngsurvey — ngsurvey Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a “Text Field”, “Comment Field” or “Contact Details”. 2023-08-02 not yet calculated CVE-2022-46485
MISC stormshield_sas — ssl_vpn_client An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine. 2023-08-05 not yet calculated CVE-2022-46782
MISC google — chrome Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-08-04 not yet calculated CVE-2022-4955
MISC
MISC keycloaks — openid_connect A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. 2023-08-04 not yet calculated CVE-2023-0264
MISC mitsubishi_electric_corporation — got2000_series Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled. 2023-08-04 not yet calculated CVE-2023-0525
MISC
MISC
MISC tel-ster — telwin_scada_webinterface External input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system. 2023-08-03 not yet calculated CVE-2023-0956
MISC
MISC
MISC advantech — webaccess/scada All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files. 2023-08-02 not yet calculated CVE-2023-1437
MISC emerson_electric — roc800-series ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition. 2023-08-02 not yet calculated CVE-2023-1935
MISC cisco — small_business_ip_phones A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2023-08-03 not yet calculated CVE-2023-20181
MISC cisco — broadworks A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 2023-08-03 not yet calculated CVE-2023-20204
MISC cisco — cisco_sd-wan_vmanage A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance. This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI. 2023-08-03 not yet calculated CVE-2023-20214
MISC cisco — secure_web_appliance A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked. This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device. 2023-08-03 not yet calculated CVE-2023-20215
MISC cisco — broadworks A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability. 2023-08-03 not yet calculated CVE-2023-20216
MISC cisco — small_business_ip_phones A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user’s browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} [“%7b%7bvalue%7d%7d”])}]] 2023-08-03 not yet calculated CVE-2023-20218
MISC axis_communications_ab — axis_license_plate_verifier A broken access control was found allowing for privileged escalation of the operator account to gain administrator privileges. 2023-08-03 not yet calculated CVE-2023-21407
MISC axis_communications_ab — axis_license_plate_verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. 2023-08-03 not yet calculated CVE-2023-21408
MISC axis_communications_ab — axis_license_plate_verifier Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. 2023-08-03 not yet calculated CVE-2023-21409
MISC axis_communications_ab — axis_license_plate_verifier User provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for arbitrary code execution. 2023-08-03 not yet calculated CVE-2023-21410
MISC axis_communications_ab — axis_license_plate_verifier User provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for arbitrary code execution. 2023-08-03 not yet calculated CVE-2023-21411
MISC axis_communications_ab — axis_license_plate_verifier User provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for SQL injections. 2023-08-03 not yet calculated CVE-2023-21412
MISC omron_corporation — cx-programmer Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314. 2023-08-03 not yet calculated CVE-2023-22277
MISC omron_corporation — cx-programmer Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317. 2023-08-03 not yet calculated CVE-2023-22314
MISC omron_corporation — cx-programmer Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314. 2023-08-03 not yet calculated CVE-2023-22317
MISC ibm — robotic_process_automation IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425. 2023-08-02 not yet calculated CVE-2023-23476
MISC
MISC nvidia — omniverse_workstation_launcher NVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user’s address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure. 2023-08-03 not yet calculated CVE-2023-25524
MISC insyde_software — insydeh20 An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016. 2023-08-03 not yet calculated CVE-2023-25600
MISC
MISC xiaomi — cloud_service_application A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview’s whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account’s cookies. 2023-08-02 not yet calculated CVE-2023-26316
MISC xiaomi — multiple_products A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device. 2023-08-02 not yet calculated CVE-2023-26317
MISC ox_software — ox_app_suite Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26430
MISC
MISC
MISC
MISC ox_software — ox_app_suite External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26438
MISC
MISC
MISC
MISC ox_software — ox_app_suite The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26439
MISC
MISC
MISC
MISC ox_software — ox_app_suite The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26440
MISC
MISC
MISC
MISC ox_software — ox_app_suite Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26441
MISC
MISC
MISC
MISC ox_software — ox_app_suite In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26442
MISC
MISC
MISC
MISC ox_software — ox_app_suite Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26443
MISC
MISC
MISC
MISC ox_software — ox_app_suite Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26445
MISC
MISC
MISC
MISC ox_software — ox_app_suite The users clientID at “application passwords” was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26446
MISC
MISC
MISC
MISC ox_software — ox_app_suite The “upsell” widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26447
MISC
MISC
MISC
MISC ox_software — ox_app_suite Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26448
MISC
MISC
MISC
MISC ox_software — ox_app_suite The “OX Chat” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26449
MISC
MISC
MISC
MISC ox_software — ox_app_suite The “OX Count” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26450
MISC
MISC
MISC
MISC ox_software — ox_app_suite Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known. 2023-08-02 not yet calculated CVE-2023-26451
MISC
MISC
MISC
MISC cloudflare — warp The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. 2023-08-03 not yet calculated CVE-2023-2754
MISC
MISC
MISC insyde_software — insydeh20 An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS. 2023-08-03 not yet calculated CVE-2023-28468
MISC
MISC golang — go A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero. 2023-08-02 not yet calculated CVE-2023-29407
MISC
MISC
MISC golang — go The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU. 2023-08-02 not yet calculated CVE-2023-29408
MISC
MISC
MISC golang — go Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. 2023-08-02 not yet calculated CVE-2023-29409
MISC
MISC
MISC
MISC zoho_corp– manageengine_network_configuration_manager An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. 2023-08-04 not yet calculated CVE-2023-29505
MISC
MISC pyrocms — pyrocms PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system. 2023-08-04 not yet calculated CVE-2023-29689
MISC assman_group — digitus_plug&view_ip_camera Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. 2023-08-04 not yet calculated CVE-2023-30146
MISC
MISC n-table_technologies — n-central_server An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. 2023-08-04 not yet calculated CVE-2023-30297
MISC
MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard’s Patron Button and Widgets for Patreon plugin <= 2.1.8 versions. 2023-08-05 not yet calculated CVE-2023-30491
MISC palantir — palantir The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint 2023-08-03 not yet calculated CVE-2023-30950
MISC palantir — palantir The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). 2023-08-03 not yet calculated CVE-2023-30951
MISC palantir — palantir A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 . 2023-08-03 not yet calculated CVE-2023-30952
MISC palantir — palantir A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry’s CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0. 2023-08-03 not yet calculated CVE-2023-30958
MISC freebsd — freebsd A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet’s payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service. 2023-08-01 not yet calculated CVE-2023-3107
MISC
MISC broadcom — brocade_fabric_os Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled. 2023-08-01 not yet calculated CVE-2023-31427
MISC broadcom — brocade_fabric_os Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user’s home directory using grep. 2023-08-02 not yet calculated CVE-2023-31428
MISC broadcom — brocade_fabric_os A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service. 2023-08-02 not yet calculated CVE-2023-31430
MISC broadcom — brocade_fabric_os A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service. 2023-08-02 not yet calculated CVE-2023-31431
MISC broadcom — brocade_fabric_os Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. 2023-08-02 not yet calculated CVE-2023-31432
MISC qemu — qemu A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. 2023-08-03 not yet calculated CVE-2023-3180
MISC
MISC broadcom — brocade_fabric_os System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. 2023-08-02 not yet calculated CVE-2023-31926
MISC broadcom — brocade_fabric_os An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface. 2023-08-02 not yet calculated CVE-2023-31927
MISC broadcom — brocade_fabric_os A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application. 2023-08-02 not yet calculated CVE-2023-31928
MISC fabasoft — cloud_enterprise_client Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. 2023-08-03 not yet calculated CVE-2023-32764
MISC
MISC ininet — scada_webserver SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI’s upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition. 2023-08-02 not yet calculated CVE-2023-3329
MISC suprema_inc — biostar_2 An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers. 2023-08-03 not yet calculated CVE-2023-33363
MISC
MISC suprema_inc — biostar_2 An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server. 2023-08-03 not yet calculated CVE-2023-33364
MISC
MISC suprema_inc — biostar_2 A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server’s web server. 2023-08-03 not yet calculated CVE-2023-33365
MISC
MISC suprema_inc — biostar_2 A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands. 2023-08-03 not yet calculated CVE-2023-33366
MISC
MISC suprema_inc — biostar_2 A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server’s root directory, resulting in remote code execution. 2023-08-05 not yet calculated CVE-2023-33367
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication. 2023-08-04 not yet calculated CVE-2023-33372
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. 2023-08-04 not yet calculated CVE-2023-33373
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution. 2023-08-04 not yet calculated CVE-2023-33374
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. 2023-08-04 not yet calculated CVE-2023-33375
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. 2023-08-04 not yet calculated CVE-2023-33376
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices. 2023-08-04 not yet calculated CVE-2023-33377
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. 2023-08-04 not yet calculated CVE-2023-33378
MISC
MISC connected_io — connected_io Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO’s devices. 2023-08-04 not yet calculated CVE-2023-33379
MISC
MISC shelly — 4pm_pro Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. 2023-08-02 not yet calculated CVE-2023-33383
MISC
MISC mitsubishi_electric_corporation — cnc_series Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery. 2023-08-03 not yet calculated CVE-2023-3346
MISC
MISC
MISC cloudflare — wrangler The Wrangler command line tool (<[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim’s files present outside of the directory for the development server. 2023-08-03 not yet calculated CVE-2023-3348
MISC
MISC
MISC ai-dev — aitable ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. 2023-08-04 not yet calculated CVE-2023-33665
MISC
MISC ai-dev — aitable ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. 2023-08-03 not yet calculated CVE-2023-33666
MISC
MISC mitsubishi_electric_corporation — got2000_series Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it. 2023-08-04 not yet calculated CVE-2023-3373
MISC
MISC
MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions. 2023-08-05 not yet calculated CVE-2023-34010
MISC vmware — horizon_server VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests. 2023-08-04 not yet calculated CVE-2023-34037
MISC vmware — horizon_server VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration. 2023-08-04 not yet calculated CVE-2023-34038
MISC keyfactor — ejbca In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur. 2023-08-03 not yet calculated CVE-2023-34196
MISC
MISC wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions. 2023-08-05 not yet calculated CVE-2023-34377
MISC ezviz — multiple_products In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote). 2023-08-01 not yet calculated CVE-2023-34551
MISC
MISC ezviz — multiple_products In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. 2023-08-01 not yet calculated CVE-2023-34552
MISC
MISC ruijie_networks — multiple_products Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth. 2023-07-31 not yet calculated CVE-2023-34644
MISC freebsd — freebsd The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process’ memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process. 2023-08-01 not yet calculated CVE-2023-3494
MISC ivanti — epmm A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance. 2023-08-03 not yet calculated CVE-2023-35081
MISC supermicro — motherboards A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. 2023-07-31 not yet calculated CVE-2023-35861
MISC
MISC
MISC gatesair — flexiva_fm_transmitter/exciter Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. 2023-08-02 not yet calculated CVE-2023-36081
MISC
MISC
MISC gatesair — flexiva_fm_transmitter/exciter An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials. 2023-08-03 not yet calculated CVE-2023-36082
MISC
MISC
MISC langchain — langchain An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method. 2023-08-05 not yet calculated CVE-2023-36095
MISC
MISC
MISC phpjabbers_ltd. — class_scheduling_system In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. 2023-08-04 not yet calculated CVE-2023-36134
MISC
MISC phpjabbers_ltd. — class_scheduling_system User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. 2023-08-04 not yet calculated CVE-2023-36135
MISC
MISC phpjabbers_ltd. — class_scheduling_system There is a Cross Site Scripting (XSS) vulnerability in the “theme” parameter of preview.php in PHPJabbers Class Scheduling System 1.0. 2023-08-04 not yet calculated CVE-2023-36137
MISC
MISC phpjabbers_ltd. — class_scheduling_system User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. 2023-08-04 not yet calculated CVE-2023-36141
MISC
MISC sourcecodester — toll_tax_management_system Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. 2023-08-04 not yet calculated CVE-2023-36158
MISC
MISC
MISC
MISC sourcecodester — lost_and_found_information_system Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. 2023-08-04 not yet calculated CVE-2023-36159
MISC
MISC motocms — motocms SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function. 2023-08-03 not yet calculated CVE-2023-36213
MISC
MISC xoops_cms — xoops_cms Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function. 2023-08-03 not yet calculated CVE-2023-36217
MISC
MISC dedecms — dedecms DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE). 2023-08-03 not yet calculated CVE-2023-36298
MISC typecho — typecho A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php. 2023-08-03 not yet calculated CVE-2023-36299
MISC
MISC aerospike — aerospike_java_client The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to version 7.0.0, some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Version 7.0.0 contains a patch for this issue. 2023-08-04 not yet calculated CVE-2023-36480
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions. 2023-08-05 not yet calculated CVE-2023-36678
MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions. 2023-08-05 not yet calculated CVE-2023-36686
MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions. 2023-08-05 not yet calculated CVE-2023-36689
MISC hewlett_packard_enterprise — aruba An authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX. 2023-08-01 not yet calculated CVE-2023-3718
MISC ws-inc — j_wbem_server In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152. 2023-08-03 not yet calculated CVE-2023-37364
MISC
MISC metabase — metabase Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one’s Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite. 2023-08-04 not yet calculated CVE-2023-37470
MISC sensormatic_electronics_johnson_controls_inc. — videoedge A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. 2023-08-03 not yet calculated CVE-2023-3749
MISC
MISC hcl_software — hcl_unica_platform The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service. 2023-08-03 not yet calculated CVE-2023-37497
MISC hcl_software — hcl_unica_platform A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.  It is possible that an attacker could potentially escalate their privileges. 2023-08-03 not yet calculated CVE-2023-37498
MISC hcl_software — hcl_unica_platform A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user’s session and perform other attacks. 2023-08-03 not yet calculated CVE-2023-37499
MISC hcl_software — hcl_unica_platform A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user’s session and perform other attacks. 2023-08-03 not yet calculated CVE-2023-37500
MISC hcl_software — hcl_unica_campaign A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user’s session and perform other attacks. 2023-08-03 not yet calculated CVE-2023-37501
MISC cloudflare — odoh-rs A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. 2023-08-03 not yet calculated CVE-2023-3766
MISC
MISC nextgen_healthcare — mirth_connect A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server. 2023-08-03 not yet calculated CVE-2023-37679
MISC
MISC
MISC wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. 2023-08-05 not yet calculated CVE-2023-37873
MISC wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions. 2023-08-05 not yet calculated CVE-2023-37874
MISC projectdiscovery — nuclei Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network. 2023-08-04 not yet calculated CVE-2023-37896
MISC
MISC
MISC openssl — openssl Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the “-check” option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. 2023-07-31 not yet calculated CVE-2023-3817
MISC
MISC
MISC
MISC
MISC
MISC
MISC oxid_esales_ag — eshop_enterprise_edition OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack. 2023-08-02 not yet calculated CVE-2023-38330
CONFIRM
MISC zoho_corp — manageengine_admanager_plus Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user’s account via sensitive information disclosure. 2023-08-04 not yet calculated CVE-2023-38332
MISC
MISC hedgedoc — hedgedoc HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`. 2023-08-04 not yet calculated CVE-2023-38487
MISC
MISC metersphere — metersphere MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue. 2023-08-04 not yet calculated CVE-2023-38494
MISC
MISC rust-lang — cargo Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one’s system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`. 2023-08-04 not yet calculated CVE-2023-38497
MISC
MISC
MISC
MISC
MISC
MISC seiko_epson_corporation — printer_web_config Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. 2023-08-02 not yet calculated CVE-2023-38556
MISC
MISC matrix — matrix/sydent Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers’ certificates. This makes Sydent’s emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent’s emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one’s control which does not have a listening SMTP server. 2023-08-04 not yet calculated CVE-2023-38686
MISC
MISC
MISC
MISC
MISC
MISC
MISC twitch — twitch-tui twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue. 2023-08-04 not yet calculated CVE-2023-38688
MISC
MISC
MISC rs485 — logistics_pipes Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java’s `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks. 2023-08-04 not yet calculated CVE-2023-38689
MISC
MISC
MISC matrix — matrix/appservice matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist. 2023-08-04 not yet calculated CVE-2023-38690
MISC
MISC
MISC matrix — matrix/appservice matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user’s MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user’s *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API. 2023-08-04 not yet calculated CVE-2023-38691
MISC
MISC cloudexplorer_lite — cloudexplorer_lite CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading. 2023-08-04 not yet calculated CVE-2023-38692
MISC
MISC
MISC cypress-image-snapshot — cypress-image-snapshot cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it’s possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2. 2023-08-04 not yet calculated CVE-2023-38695
MISC
MISC
MISC
MISC socketry — protocol-http1 protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn’t contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds. 2023-08-04 not yet calculated CVE-2023-38697
MISC
MISC
MISC
MISC ensodomains — ens-contracts Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action. 2023-08-04 not yet calculated CVE-2023-38698
MISC
MISC
MISC mindsdb — mindsdb MindsDB’s AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior. 2023-08-04 not yet calculated CVE-2023-38699
MISC
MISC
MISC matrix — matrix/appservice matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance. 2023-08-04 not yet calculated CVE-2023-38700
MISC
MISC
MISC knowage_labs — knowage_server Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8. 2023-08-04 not yet calculated CVE-2023-38702
MISC pimcore — pimcore Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service—key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted. 2023-08-04 not yet calculated CVE-2023-38708
MISC
MISC omron_corporation — cj2m_cpu_unit Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier. 2023-08-03 not yet calculated CVE-2023-38744
MISC
MISC omron_corporation — cx-programmer Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. 2023-08-03 not yet calculated CVE-2023-38746
MISC
MISC omron_corporation — cx-programmer Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. 2023-08-03 not yet calculated CVE-2023-38747
MISC
MISC omron_corporation — cx-programmer Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. 2023-08-03 not yet calculated CVE-2023-38748
MISC
MISC django — django/django-sspanel django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. 2023-08-04 not yet calculated CVE-2023-38941
MISC django — django/django-translator Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json. 2023-08-03 not yet calculated CVE-2023-38942
MISC
MISC shuize_0x727 — shuize_0x727 ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini. 2023-08-05 not yet calculated CVE-2023-38943
MISC
MISC wbce_cms — wbce_cms An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file. 2023-08-03 not yet calculated CVE-2023-38947
MISC jizhi_cms — jizhi_cms An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin. 2023-08-03 not yet calculated CVE-2023-38948
MISC zkteco — biotime An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request. 2023-08-03 not yet calculated CVE-2023-38949
MISC
MISC zkteco — biotime A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. 2023-08-03 not yet calculated CVE-2023-38950
MISC
MISC zkteco — biotime A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration. 2023-08-03 not yet calculated CVE-2023-38951
MISC
MISC zkteco — biotime Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system. 2023-08-03 not yet calculated CVE-2023-38952
MISC
MISC zkteco — bioaccess ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability. 2023-08-03 not yet calculated CVE-2023-38954
MISC
MISC zkteco — bioaccess ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names. 2023-08-03 not yet calculated CVE-2023-38955
MISC
MISC zkteco — bioaccess A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. 2023-08-03 not yet calculated CVE-2023-38956
MISC
MISC zkteco — bioaccess An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. 2023-08-03 not yet calculated CVE-2023-38958
MISC
MISC creative_item_academy_lms — creative_item_academy_lms Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. 2023-08-04 not yet calculated CVE-2023-38964
MISC jeesite — jeesite An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. 2023-08-04 not yet calculated CVE-2023-38991
MISC renault — zoe_ev_2021 Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device. 2023-08-03 not yet calculated CVE-2023-39075
MISC webboss.io — cms WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding. 2023-08-03 not yet calculated CVE-2023-39096
MISC webboss.io — cms WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability. 2023-08-03 not yet calculated CVE-2023-39097
MISC nomachine — nomachine An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. 2023-08-04 not yet calculated CVE-2023-39107
MISC
MISC
MISC ecshop — ecshop ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. 2023-08-04 not yet calculated CVE-2023-39112
MISC ngiflib  — ngiflib ngiflib commit fb271 was discovered to contain a segmentation violation via the function “main” at gif2tag.c. This vulnerability is triggered when running the program gif2tga. 2023-08-02 not yet calculated CVE-2023-39113
MISC ngiflib  — ngiflib ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif. 2023-08-02 not yet calculated CVE-2023-39114
MISC emlog — emlog emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php. 2023-08-03 not yet calculated CVE-2023-39121
MISC
MISC papercut — papercut_ng/papercut_mf PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files. 2023-08-04 not yet calculated CVE-2023-39143
MISC
MISC element55 — knowmore Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext. 2023-08-03 not yet calculated CVE-2023-39144
MISC
MISC gitlab — gitlab_enterprise An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. 2023-08-03 not yet calculated CVE-2023-3932
MISC
MISC sulu — sulu Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. 2023-08-04 not yet calculated CVE-2023-39343
MISC
MISC
MISC social-media-skeleton — social-media-skeleton social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue. 2023-08-04 not yet calculated CVE-2023-39344
MISC
MISC linux — kernel LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds. 2023-08-04 not yet calculated CVE-2023-39346
MISC
MISC
MISC
MISC fujitsu_limited — fujitsu_software_infrastructure_manager Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product’s maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060. 2023-08-04 not yet calculated CVE-2023-39379
MISC
MISC apache — airflow Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The “Run Task” feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The “Run Task” feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0. 2023-08-05 not yet calculated CVE-2023-39508
MISC
MISC
MISC phpgurukul — online_security_guards_hiring_system PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. 2023-08-04 not yet calculated CVE-2023-39551
MISC phpgurukul — online_security_guards_hiring_system PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS). 2023-08-04 not yet calculated CVE-2023-39552
MISC golang — go Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. 2023-08-02 not yet calculated CVE-2023-3978
MISC
MISC
MISC gitlab — gitlab_enterprise An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects’s configured security policies. 2023-08-04 not yet calculated CVE-2023-4002
MISC gitlab — gitlab_community/enterprise An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known. 2023-08-03 not yet calculated CVE-2023-4008
MISC linux — kernel Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap. 2023-08-02 not yet calculated CVE-2023-4016
MISC mozilla — firefox/firefox_esr Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4045
MISC
MISC
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4046
MISC
MISC
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4047
MISC
MISC
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4049
MISC
MISC
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4050
MISC
MISC
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4054
MISC
MISC
MISC
MISC mozilla — firefox/firefox_esr When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. 2023-08-01 not yet calculated CVE-2023-4055
MISC
MISC
MISC
MISC
MISC
MISC phpjabbers_ltd. — availability_booking_calendar A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4110
MISC
MISC
MISC phpjabbers_ltd. — bus_reservation_system A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4111
MISC
MISC
MISC
MISC cute_http_file_server — cute_http_file_server A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4118
MISC
MISC
MISC academy_lms — academy_lms A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4119
MISC
MISC
MISC beijing_baichuo — smart_s85f_management_platform A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4120
MISC
MISC
MISC beijing_baichuo — smart_s85f_management_platform A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-03 not yet calculated CVE-2023-4121
MISC
MISC
MISC answerdev– answerdev/answer Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. 2023-08-03 not yet calculated CVE-2023-4124
MISC
MISC answerdev — answerdev/answer Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0. 2023-08-03 not yet calculated CVE-2023-4125
MISC
MISC answerdev — answerdev/answer Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0. 2023-08-03 not yet calculated CVE-2023-4126
MISC
MISC answerdev — answerdev/answer Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. 2023-08-03 not yet calculated CVE-2023-4127
MISC
MISC linux — kernel A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition. 2023-08-03 not yet calculated CVE-2023-4132
MISC
MISC linux — kernel A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition. 2023-08-03 not yet calculated CVE-2023-4133
MISC
MISC qemu — qemu A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed. 2023-08-04 not yet calculated CVE-2023-4135
MISC
MISC
MISC craftercms — craftercms Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. 2023-08-03 not yet calculated CVE-2023-4136
MISC rdiffweb — rdiffweb Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. 2023-08-03 not yet calculated CVE-2023-4138
MISC
MISC pimcore — pimcore/customer-data-framework Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. 2023-08-03 not yet calculated CVE-2023-4145
MISC
MISC omeka — omeka/omeka-s Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3. 2023-08-04 not yet calculated CVE-2023-4157
MISC
MISC omeka — omeka/omeka-s Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.3. 2023-08-04 not yet calculated CVE-2023-4158
MISC
MISC omeka– omeka/omeka-s Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. 2023-08-04 not yet calculated CVE-2023-4159
MISC
MISC tongda — oa A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-05 not yet calculated CVE-2023-4165
MISC
MISC
MISC tongda — oa A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-05 not yet calculated CVE-2023-4166
MISC
MISC
MISC emby_llc — media_browser_emby_server A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183. 2023-08-05 not yet calculated CVE-2023-4167
MISC
MISC
MISC templatecookie — adlisting A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-05 not yet calculated CVE-2023-4168
MISC
MISC ruijie — rg-ew1200g A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-05 not yet calculated CVE-2023-4169
MISC
MISC
MISC dedebiz — dedebiz A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-05 not yet calculated CVE-2023-4170
MISC
MISC
MISC chengdu — flash_flood_disaster_monitoring_and_warning_system A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file ServiceFileDownload.ashx. The manipulation of the argument Files leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability. 2023-08-05 not yet calculated CVE-2023-4171
MISC
MISC
MISC chengdu — flash_flood_disaster_monitoring_and_warning_system A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file ServiceFileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207. 2023-08-05 not yet calculated CVE-2023-4172
MISC
MISC
MISC instantsoft — instantsoft/icms2 Cross-site Scripting (XSS) – Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. 2023-08-05 not yet calculated CVE-2023-4187
MISC
MISC instantsoft — instantsoft/icms2 SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. 2023-08-05 not yet calculated CVE-2023-4188
MISC
MISC instantsoft — instantsoft/icms2 Cross-site Scripting (XSS) – Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git. 2023-08-05 not yet calculated CVE-2023-4189
MISC
MISC