google — chrome Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) 2023-08-25 not yet calculated CVE-2019-13689
MISC
MISC google — chrome
  Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) 2023-08-25 not yet calculated CVE-2019-13690
MISC
MISC stormshield — stormshield_network_security
  An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form. 2023-08-25 not yet calculated CVE-2020-11711
MISC
MISC
MISC hwclock.13-v2.27 — hwclock.13-v2.27 An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date. 2023-08-22 not yet calculated CVE-2020-21583
MISC
MISC tengine — tengine
  The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. 2023-08-22 not yet calculated CVE-2020-21699
MISC yealink — w60b
  Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). 2023-08-22 not yet calculated CVE-2020-24113
MISC artifex_software — mupdf
  A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information. 2023-08-22 not yet calculated CVE-2020-26683
MISC stormshield — stormshield_network_security
  Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions. 2023-08-25 not yet calculated CVE-2021-27932
MISC
MISC opensc — opensc
  Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs. 2023-08-22 not yet calculated CVE-2021-34193
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC samsung — syncthru_web_service
  An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. 2023-08-22 not yet calculated CVE-2021-35309
MISC
MISC freeimage — freeimage
  A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. 2023-08-22 not yet calculated CVE-2021-40263
MISC nervuri — e_os
  Improper verification of applications’ cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user’s systems by altering the server’s API response. 2023-08-22 not yet calculated CVE-2021-43171
MISC
MISC djvulibre — djvulibre
  An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. 2023-08-22 not yet calculated CVE-2021-46310
MISC djvulibre– djvulibre
  An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero. 2023-08-22 not yet calculated CVE-2021-46312
MISC etcd — etcd
  Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go 2023-08-22 not yet calculated CVE-2022-34038
MISC
MISC gnu — binutils
  An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. 2023-08-22 not yet calculated CVE-2022-35205
MISC gnu — binutils
  Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. 2023-08-22 not yet calculated CVE-2022-35206
MISC freedesktop — poppler
  In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. 2023-08-22 not yet calculated CVE-2022-37050
MISC
MISC lenovo — notebook
  A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. 2023-08-23 not yet calculated CVE-2022-3742
MISC lenovo — notebook
  A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands. 2023-08-23 not yet calculated CVE-2022-3743
MISC lenovo — notebook
  A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential. 2023-08-23 not yet calculated CVE-2022-3744
MISC lenovo — notebook
  A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI. 2023-08-23 not yet calculated CVE-2022-3745
MISC lenovo — notebook
  A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. 2023-08-23 not yet calculated CVE-2022-3746
MISC freedesktop — poppler
  An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. 2023-08-22 not yet calculated CVE-2022-38349
MISC
MISC oracle — jdk
  An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. 2023-08-22 not yet calculated CVE-2022-40433
MISC
MISC
MISC
MISC libsass — libsass
  Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2. 2023-08-22 not yet calculated CVE-2022-43357
MISC
MISC
MISC sass-lang — libsass
  Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS). 2023-08-22 not yet calculated CVE-2022-43358
MISC
MISC
MISC south_river_technologie — titan_ftp
  There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL. 2023-08-22 not yet calculated CVE-2022-44215
MISC
MISC google — chrome
  Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) 2023-08-25 not yet calculated CVE-2022-4452
MISC
MISC oracle — apache_xml_graphics_batik
  Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. 2023-08-22 not yet calculated CVE-2022-44730
MISC
MISC
MISC
MISC openmns — horizon
  Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter. 2023-08-22 not yet calculated CVE-2022-45582
MISC
MISC fresenius_kabi — pharmahelp
  An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. 2023-08-22 not yet calculated CVE-2022-45611
MISC oracle — apache_ivy/apache_maven
  Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files – either its own configuration, Ivy files or Apache Maven POMs – it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about “JAXP Properties for External Access restrictions” inside Oracle’s “Java API for XML Processing (JAXP) Security Guide”. 2023-08-21 not yet calculated CVE-2022-46751
MISC
MISC
MISC
MISC mozilla — firefox A potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106. 2023-08-24 not yet calculated CVE-2022-46884
MISC
MISC open-mpi — open-mpi
  An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c. 2023-08-22 not yet calculated CVE-2022-47022
MISC busybox — busybox
  There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. 2023-08-22 not yet calculated CVE-2022-48174
MISC perl — perl
  In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. 2023-08-22 not yet calculated CVE-2022-48522
MISC cacti — cacti
  In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. 2023-08-22 not yet calculated CVE-2022-48538
MISC
MISC xpdf — xpdf
  An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. 2023-08-22 not yet calculated CVE-2022-48545
MISC python — python
  An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. 2023-08-22 not yet calculated CVE-2022-48565
MISC python — python
  An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. 2023-08-22 not yet calculated CVE-2022-48566
MISC mongodb_inc — mongodb_server
  If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. 2023-08-23 not yet calculated CVE-2023-1409
MISC
MISC cisco — cisco_nx-os_software
  A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability. 2023-08-23 not yet calculated CVE-2023-20115
MISC cisco — cisco_nx-os_software
  A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. 2023-08-23 not yet calculated CVE-2023-20168
MISC cisco — cisco_nx-os_software
  A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device. 2023-08-23 not yet calculated CVE-2023-20169
MISC cisco — cisco_unified_computing_system
  A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device. 2023-08-23 not yet calculated CVE-2023-20200
MISC cisco — cisco_application_policy_infrastructure_controller
  A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access. 2023-08-23 not yet calculated CVE-2023-20230
MISC cisco — multiple_products
  A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability. 2023-08-23 not yet calculated CVE-2023-20234
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions. 2023-08-25 not yet calculated CVE-2023-24394
MISC esoteric_software — yamlbeans
  An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception. 2023-08-25 not yet calculated CVE-2023-24620
MISC
MISC
MISC esoteric_software — yamlbeans
  An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed. 2023-08-25 not yet calculated CVE-2023-24621
MISC
MISC
MISC zte — mf286r
  There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands. 2023-08-25 not yet calculated CVE-2023-25649
MISC wordpress — wordpress
  Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions. 2023-08-25 not yet calculated CVE-2023-25981
MISC wireshark — wireshark
  Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. 2023-08-25 not yet calculated CVE-2023-2906
MISC
MISC sick_ag — lms5xx
  The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password. 2023-08-24 not yet calculated CVE-2023-31412
MISC
MISC
MISC draytek — vigor2620
  user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. 2023-08-21 not yet calculated CVE-2023-31447
MISC
MISC gravitl — netmaker
  Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server. 2023-08-24 not yet calculated CVE-2023-32077
MISC
MISC
MISC
MISC gravitl — netmaker
  Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user’s username, it was possible to update the other user’s password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. 2023-08-24 not yet calculated CVE-2023-32078
MISC
MISC
MISC gravitl — netmaker
  Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server. 2023-08-24 not yet calculated CVE-2023-32079
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions. 2023-08-23 not yet calculated CVE-2023-32119
MISC walchem — intuition_9
  Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device. 2023-08-23 not yet calculated CVE-2023-32202
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions. 2023-08-23 not yet calculated CVE-2023-32236
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions. 2023-08-23 not yet calculated CVE-2023-32300
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions. 2023-08-23 not yet calculated CVE-2023-32496
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions. 2023-08-23 not yet calculated CVE-2023-32497
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions. 2023-08-23 not yet calculated CVE-2023-32498
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions. 2023-08-23 not yet calculated CVE-2023-32499
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions. 2023-08-23 not yet calculated CVE-2023-32505
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. 2023-08-23 not yet calculated CVE-2023-32509
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions. 2023-08-24 not yet calculated CVE-2023-32510
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions. 2023-08-24 not yet calculated CVE-2023-32511
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions. 2023-08-24 not yet calculated CVE-2023-32516
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions. 2023-08-25 not yet calculated CVE-2023-32518
MISC node.js — node.js
  A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(‘spawn_sync’)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. 2023-08-24 not yet calculated CVE-2023-32559
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions. 2023-08-25 not yet calculated CVE-2023-32575
MISC wordpress — wordpress
  Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions. 2023-08-25 not yet calculated CVE-2023-32576
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions. 2023-08-25 not yet calculated CVE-2023-32577
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions. 2023-08-25 not yet calculated CVE-2023-32584
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions. 2023-08-25 not yet calculated CVE-2023-32591
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions. 2023-08-25 not yet calculated CVE-2023-32595
MISC wordpress — wordpress
  Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions. 2023-08-25 not yet calculated CVE-2023-32596
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions. 2023-08-25 not yet calculated CVE-2023-32598
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. 2023-08-25 not yet calculated CVE-2023-32603
MISC zulip — zulip
  Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3. 2023-08-25 not yet calculated CVE-2023-32678
MISC
MISC wordpress — wordpress
  Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. 2023-08-25 not yet calculated CVE-2023-32797
MISC ibm — txseries_for_multiplatforms
  IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132. 2023-08-22 not yet calculated CVE-2023-33850
MISC
MISC
MISC
MISC spring — spring_for_apache_kafka
  In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record. 2023-08-24 not yet calculated CVE-2023-34040
MISC m-files — m-files_web
  Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server 2023-08-25 not yet calculated CVE-2023-3406
MISC m-files — m-files_server
  Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. 2023-08-25 not yet calculated CVE-2023-3425
MISC etic_telecom — remote_access_server
  ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition. 2023-08-23 not yet calculated CVE-2023-3453
MISC techview — la-5570
  An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. 2023-08-25 not yet calculated CVE-2023-34723
MISC
MISC supermicro — x12dpg-qr
  Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable. 2023-08-22 not yet calculated CVE-2023-34853
MISC
MISC qnap_systems_inc. — qts
  An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later 2023-08-24 not yet calculated CVE-2023-34971
MISC qnap_systems_inc. — qts
  A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later 2023-08-24 not yet calculated CVE-2023-34972
MISC qnap_systems_inc. — qts
  An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later 2023-08-24 not yet calculated CVE-2023-34973
MISC skale_network_sgxwallet — skale_network_sgxwallet
  Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. 2023-08-25 not yet calculated CVE-2023-36198
MISC skale_network_sgxwallet — skale_network_sgxwallet
  An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. 2023-08-25 not yet calculated CVE-2023-36199
MISC asustor — adm
  An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. 2023-08-22 not yet calculated CVE-2023-3699
MISC aditya_infotech_limited — cp-plus_dvr
  The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device. 2023-08-24 not yet calculated CVE-2023-3704
MISC aditya_infotech_limited — cp-plus_nvr
  The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device. 2023-08-24 not yet calculated CVE-2023-3705
MISC infoblox — nios
  Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. 2023-08-25 not yet calculated CVE-2023-37249
CONFIRM
MISC oracle — apache_airflow
  Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. 2023-08-23 not yet calculated CVE-2023-37379
MISC
MISC
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-08-22 not yet calculated CVE-2023-37421
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-08-22 not yet calculated CVE-2023-37422
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-08-22 not yet calculated CVE-2023-37423
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker’s control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. 2023-08-22 not yet calculated CVE-2023-37424
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. 2023-08-22 not yet calculated CVE-2023-37425
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37426
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2023-08-22 not yet calculated CVE-2023-37427
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. 2023-08-22 not yet calculated CVE-2023-37428
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37429
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37430
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37431
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37432
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37433
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37434
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37435
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37436
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37437
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37438
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host. 2023-08-22 not yet calculated CVE-2023-37439
MISC hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
  A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information. 2023-08-22 not yet calculated CVE-2023-37440
MISC icewhaletech — casaos
  CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue. 2023-08-24 not yet calculated CVE-2023-37469
MISC
MISC
MISC
MISC
MISC keylime — keylime
  A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database. 2023-08-25 not yet calculated CVE-2023-38201
MISC
MISC
MISC
MISC walchem — intuition_9
  Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data. 2023-08-23 not yet calculated CVE-2023-38422
MISC tuleap — tuleap
  Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. 2023-08-24 not yet calculated CVE-2023-38508
MISC
MISC
MISC
MISC cbc_co._ltd. — multiple_products
  Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. 2023-08-23 not yet calculated CVE-2023-38585
MISC
MISC
MISC bento4 — bento4
  Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. 2023-08-22 not yet calculated CVE-2023-38666
MISC nasm — nasm
  Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. 2023-08-22 not yet calculated CVE-2023-38667
MISC nasm — nasm
  Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). 2023-08-22 not yet calculated CVE-2023-38668
MISC libreswan — libreswan
  An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload’s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20. 2023-08-25 not yet calculated CVE-2023-38710
MISC
MISC libreswan — libreswan
  An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6. 2023-08-25 not yet calculated CVE-2023-38711
MISC
MISC libreswan — libreswan
  An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart. 2023-08-25 not yet calculated CVE-2023-38712
MISC
MISC rarlabs — winrar
  RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023. 2023-08-23 not yet calculated CVE-2023-38831
MISC
MISC
MISC uasoft — badaso
  A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. 2023-08-25 not yet calculated CVE-2023-38973
MISC uasoft — badaso
  A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter. 2023-08-25 not yet calculated CVE-2023-38974
MISC subscription-manager — subscription-manager
  A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root. 2023-08-23 not yet calculated CVE-2023-3899
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC douran — dsgate
  An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. 2023-08-22 not yet calculated CVE-2023-38996
MISC
MISC
MISC filemage — filemage_gateway
  Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component. 2023-08-22 not yet calculated CVE-2023-39026
MISC
MISC nacos_group — nacos_spring_project
  An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. 2023-08-21 not yet calculated CVE-2023-39106
MISC webui-aria2 — webui-aria2
  webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability. 2023-08-22 not yet calculated CVE-2023-39141
MISC
MISC mitel_networks_corp. — mivoice_connect
  A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. 2023-08-25 not yet calculated CVE-2023-39287
MISC
MISC mitel_networks_corp. — mivoice_connect
  A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic. 2023-08-25 not yet calculated CVE-2023-39288
MISC
MISC mitel_networks_corp. — mivoice_connect
  A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information. 2023-08-25 not yet calculated CVE-2023-39289
MISC
MISC mitel_networks_corp. — mivoice_connect
  A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. 2023-08-25 not yet calculated CVE-2023-39290
MISC
MISC mitel_networks_corp. — mivoice_connect
  A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information. 2023-08-25 not yet calculated CVE-2023-39291
MISC
MISC oracle — apache_airflow
  Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server’s X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability 2023-08-23 not yet calculated CVE-2023-39441
MISC
MISC
MISC
MISC
MISC fit2cloud — cloudexplorer_lite
  Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0. 2023-08-24 not yet calculated CVE-2023-39519
MISC
MISC tuleap — tuleap
  Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the “card fields” (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue. 2023-08-24 not yet calculated CVE-2023-39521
MISC
MISC
MISC
MISC csz_cms — csz_cms
  Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. 2023-08-22 not yet calculated CVE-2023-39599
MISC
MISC icewarp_inc. — icewarp 
  IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. 2023-08-25 not yet calculated CVE-2023-39600
MISC
MISC icewarp_inc. — icewarp_mail_server
  IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server. 2023-08-25 not yet calculated CVE-2023-39699
MISC
MISC
MISC icewarp_inc. — icewarp_mail_server
  IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. 2023-08-25 not yet calculated CVE-2023-39700
MISC
MISC
MISC sourcecodester — free_and_open_source_inventory_management_system
  A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section. 2023-08-25 not yet calculated CVE-2023-39707
MISC
MISC
MISC giflib– giflib
  giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. 2023-08-25 not yet calculated CVE-2023-39742
MISC
MISC renault — easy_link_multimedia_system
  A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle’s USB plug and play feature. 2023-08-24 not yet calculated CVE-2023-39801
MISC pbootcms — pbootcms
  PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function. 2023-08-24 not yet calculated CVE-2023-39834
MISC geonode — geonode
  GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9. 2023-08-24 not yet calculated CVE-2023-40017
MISC
MISC rizin — rizin
  Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`. 2023-08-24 not yet calculated CVE-2023-40022
MISC
MISC
MISC
MISC
MISC argo_cd — argo_cd
  Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1. 2023-08-23 not yet calculated CVE-2023-40025
MISC
MISC rust-lang — cargo
  Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build –timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build –timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [“<img src=” onerror=alert(0)”]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well. 2023-08-24 not yet calculated CVE-2023-40030
MISC
MISC
MISC
MISC notepad-plus-plus — notepad-plus-plus
  Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++. 2023-08-25 not yet calculated CVE-2023-40031
MISC craft_cms — craft_cms
  Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15. 2023-08-23 not yet calculated CVE-2023-40035
MISC
MISC
MISC
MISC notepad-plus-plus — notepad-plus-plus
  Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. 2023-08-25 not yet calculated CVE-2023-40036
MISC cbc_co._ltd. — multiple_products
  OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. 2023-08-23 not yet calculated CVE-2023-40144
MISC
MISC
MISC cbc_co._ltd.  — multiple_products
  Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided. 2023-08-23 not yet calculated CVE-2023-40158
MISC
MISC
MISC notepad-plus-plus — notepad-plus-plus
  Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. 2023-08-25 not yet calculated CVE-2023-40164
MISC notepad-plus-plus — notepad-plus-plus
  Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++. 2023-08-25 not yet calculated CVE-2023-40166
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1. 2023-08-23 not yet calculated CVE-2023-40176
MISC
MISC
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the “AppWithinMinutes.Content“ author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the “display“ script service to render the content we make sure that the proper author is used for access rights checks. 2023-08-23 not yet calculated CVE-2023-40177
MISC
MISC
MISC node-saml — node-saml
  Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5. 2023-08-23 not yet calculated CVE-2023-40178
MISC
MISC
MISC silverware_games_inc. — silverware_games
  Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the “Enter the code” form if the email is associated with a member of the site. Since version 1.3.6, the “Enter the code” form is always returned, showing the message “If the entered email is associated with an account, a code will be sent now”. This change prevents potential violators from determining if our site has a user with the specified email. 2023-08-25 not yet calculated CVE-2023-40179
MISC silverware_games_inc. — silverware_games
  Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7. 2023-08-25 not yet calculated CVE-2023-40182
MISC shescape — shescape
  shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4. 2023-08-23 not yet calculated CVE-2023-40185
MISC
MISC
MISC
MISC python — python
  An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as “not connected” and won’t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) 2023-08-25 not yet calculated CVE-2023-40217
CONFIRM
MISC oracle — apache_airflow
  The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin – up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. 2023-08-23 not yet calculated CVE-2023-40273
MISC
MISC
MISC ibm — aix
  IBM AIX 7.2, 7.3, VIOS 3.1’s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476. 2023-08-24 not yet calculated CVE-2023-40371
MISC
MISC silicon_labs — arm
  Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects “Standalone” and “Application” versions of Gecko Bootloader. 2023-08-23 not yet calculated CVE-2023-4041
MISC ghostscript — ghostscript
  A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8. 2023-08-23 not yet calculated CVE-2023-4042
MISC
MISC
MISC skylark_app_for_android — skylark_app_for_android
  Improper authorization in handler for custom URL scheme issue in ‘Skylark’ App for Android 6.2.13 and earlier and ‘Skylark’ App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user’s device. 2023-08-25 not yet calculated CVE-2023-40530
MISC
MISC
MISC datasette — datasette
  Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha – 1.0a0, 1.0a1, 1.0a2 or 1.0a3 – in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables – but not their contents – to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4. 2023-08-25 not yet calculated CVE-2023-40570
MISC
MISC weblogic-framework — weblogic-framework
  weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue. 2023-08-25 not yet calculated CVE-2023-40571
MISC
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo – Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation. 2023-08-24 not yet calculated CVE-2023-40572
MISC
MISC
MISC xwiki — xwiki-platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn’t modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with “Job content executed” will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1. 2023-08-24 not yet calculated CVE-2023-40573
MISC
MISC
MISC alertmanager — alertmanager
  Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. 2023-08-25 not yet calculated CVE-2023-40577
MISC openfga — openfga
  OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1. 2023-08-25 not yet calculated CVE-2023-40579
MISC
MISC freighter — freighter
  Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1. 2023-08-25 not yet calculated CVE-2023-40580
MISC
MISC
MISC libp2p — libp2p
  libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4. 2023-08-25 not yet calculated CVE-2023-40583
MISC
MISC
MISC
MISC ironic-image — ironic-image
  ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t …`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place. 2023-08-25 not yet calculated CVE-2023-40585
MISC
MISC golang — owasp_coraza_waf
  OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1. 2023-08-25 not yet calculated CVE-2023-40586
MISC
MISC pylons — pyramid
  Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view’s file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series. 2023-08-25 not yet calculated CVE-2023-40587
MISC
MISC
MISC
MISC mailform_pro_cgi — mailform_pro_cgi
  Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js. 2023-08-25 not yet calculated CVE-2023-40599
MISC
MISC openmns — horizon
  In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue. 2023-08-23 not yet calculated CVE-2023-40612
MISC
MISC opto_22 — snap_pac_s1
  There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login. 2023-08-24 not yet calculated CVE-2023-40706
MISC opto_22 — snap_pac_s1
  There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don’t set up complex credentials. 2023-08-24 not yet calculated CVE-2023-40707
MISC opto_22 — snap_pac_s1
  The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files. 2023-08-24 not yet calculated CVE-2023-40708
MISC opto_22 — snap_pac_s1
  An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b 2023-08-24 not yet calculated CVE-2023-40709
MISC opto_22 — snap_pac_s1
  An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b 2023-08-24 not yet calculated CVE-2023-40710
MISC butterfly_button — butterfly_button
  Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT – BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21. 2023-08-21 not yet calculated CVE-2023-40735
MISC
MISC
MISC
MISC
MISC
MISC phicomm — k2
  Phicomm k2 v22.6.529.216 is vulnerable to command injection. 2023-08-25 not yet calculated CVE-2023-40796
MISC tenda — ac23_firmware
  In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. 2023-08-25 not yet calculated CVE-2023-40797
MISC tenda — ac23_firmware
  In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. 2023-08-25 not yet calculated CVE-2023-40798
MISC tenda — ac23_firmware
  Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. 2023-08-25 not yet calculated CVE-2023-40799
MISC tenda — ac23_firmware
  The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. 2023-08-25 not yet calculated CVE-2023-40800
MISC tenda — ac23_firmware
  The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn 2023-08-25 not yet calculated CVE-2023-40801
MISC tenda — ac23_firmware
  The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn 2023-08-25 not yet calculated CVE-2023-40802
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg. 2023-08-24 not yet calculated CVE-2023-40891
MISC tenda — ac8v4_firmware Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi. 2023-08-24 not yet calculated CVE-2023-40892
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. 2023-08-24 not yet calculated CVE-2023-40893
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg. 2023-08-24 not yet calculated CVE-2023-40894
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. 2023-08-24 not yet calculated CVE-2023-40895
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. 2023-08-24 not yet calculated CVE-2023-40896
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo. 2023-08-24 not yet calculated CVE-2023-40897
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg. 2023-08-24 not yet calculated CVE-2023-40898
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. 2023-08-24 not yet calculated CVE-2023-40899
MISC tenda — ac8v4_firmware
  Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. 2023-08-24 not yet calculated CVE-2023-40900
MISC tenda — ac10v4_firmware
  Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg. 2023-08-24 not yet calculated CVE-2023-40901
MISC tenda — ac10v4_firmware
  Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind. 2023-08-24 not yet calculated CVE-2023-40902
MISC tenda — ac10v4_firmware
  Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg. 2023-08-24 not yet calculated CVE-2023-40904
MISC tenda — ax3_firmware
  Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter. 2023-08-25 not yet calculated CVE-2023-40915
MISC jupilink — rx4-1500
  A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root. 2023-08-23 not yet calculated CVE-2023-41028
MISC oracle — apache_tomcat
  URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. 2023-08-25 not yet calculated CVE-2023-41080
MISC misp — misp
  An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit. 2023-08-23 not yet calculated CVE-2023-41098
MISC typo3 — typo3
  An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check. 2023-08-23 not yet calculated CVE-2023-41100
MISC varnish_software — varnish_enterprise
  libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use. 2023-08-23 not yet calculated CVE-2023-41104
MISC
MISC
MISC python — python
  An issue was discovered in Python 3.11 through 3.11.4. If a path containing ‘’ bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first ‘’ byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. 2023-08-23 not yet calculated CVE-2023-41105
MISC
MISC
MISC
MISC
CONFIRM array_networks — array_ag_os
  Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. 2023-08-25 not yet calculated CVE-2023-41121
MISC
MISC webiny — headless_cms
  @webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user’s browser when the main page or admin page loads. 2023-08-25 not yet calculated CVE-2023-41167
MISC
MISC adguard_dns — adguard_dns
  AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. 2023-08-25 not yet calculated CVE-2023-41173
MISC jetbrains — teamcity
  In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration 2023-08-25 not yet calculated CVE-2023-41248
MISC jetbrains — teamcity
  In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step 2023-08-25 not yet calculated CVE-2023-41249
MISC jetbrains — teamcity
  In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration 2023-08-25 not yet calculated CVE-2023-41250
MISC trane_technologies — multiple_products
  A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick. 2023-08-22 not yet calculated CVE-2023-4212
MISC
MISC
MISC moxa — iologik_4000_series
  A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device. 2023-08-24 not yet calculated CVE-2023-4227
MISC moxa — iologik_4000_series
  A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. 2023-08-24 not yet calculated CVE-2023-4228
MISC moxa — iologik_4000_series
  A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures. 2023-08-24 not yet calculated CVE-2023-4229
MISC moxa — iologik_4000_series
  A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors. 2023-08-24 not yet calculated CVE-2023-4230
MISC sick_ag — lms5xx
  A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users. 2023-08-24 not yet calculated CVE-2023-4418
MISC
MISC
MISC sick_ag — lms5xx
  The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device. 2023-08-24 not yet calculated CVE-2023-4419
MISC
MISC
MISC sick_ag — lms5xx A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted. 2023-08-24 not yet calculated CVE-2023-4420
MISC
MISC
MISC google — chrome
  Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) 2023-08-23 not yet calculated CVE-2023-4427
MISC
MISC
MISC asustor — adm
  An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below. 2023-08-22 not yet calculated CVE-2023-4475
MISC mattermost — mattermost
  Mattermost fails to restrict which parameters’ values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts. 2023-08-25 not yet calculated CVE-2023-4478
MISC gerbv — gerbv
  A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. 2023-08-24 not yet calculated CVE-2023-4508
MISC
MISC
MISC wireshark — wireshark
  BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file 2023-08-24 not yet calculated CVE-2023-4511
MISC
MISC wireshark — wireshark
  CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file 2023-08-24 not yet calculated CVE-2023-4512
MISC
MISC wireshark — wireshark
  BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file 2023-08-24 not yet calculated CVE-2023-4513
MISC
MISC neomind — fusion_platform
  A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-25 not yet calculated CVE-2023-4534
MISC
MISC
MISC d-link — dar-8000-10
  A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-25 not yet calculated CVE-2023-4542
MISC
MISC
MISC ibos — oa
  A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-25 not yet calculated CVE-2023-4543
MISC
MISC
MISC beijing_baichuo — smart_s85f_management_platform
  A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-26 not yet calculated CVE-2023-4544
MISC
MISC
MISC ibos — oa
  A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-08-26 not yet calculated CVE-2023-4545
MISC
MISC
MISC beijing_baichuo — smart_s85f_management_platform
  A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability. 2023-08-26 not yet calculated CVE-2023-4546
MISC
MISC
MISC spa-cart_ecommerce_cms — spa-cart_ecommerce_cms
  A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability. 2023-08-26 not yet calculated CVE-2023-4547
MISC
MISC spa-cart_ecommerce_cms — spa-cart_ecommerce_cms
  A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059. 2023-08-26 not yet calculated CVE-2023-4548
MISC
MISC