US-CERT Vulnerability Summary for the Week of August 21, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

 

High Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
qemu — qemuThe hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.2023-08-2210CVE-2022-36648
MISC
c-ares — c-aresBuffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.2023-08-229.8CVE-2020-22217
MISC
flac_project — flacBuffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.2023-08-229.8CVE-2020-22219
MISC
leeco — letv_x43_firmwareAn issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).2023-08-219.8CVE-2020-28715
MISC
MISC
gnu — gnu_scientific_libraryA buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.2023-08-229.8CVE-2020-35357
MISC
MISC
libjpeg-turbo — libjpeg-turbolibjpeg-turbo version 2.0.90 is vulnerable to a heap-buffer-overflow vulnerability in decompress_smooth_data in jdcoefct.c.2023-08-229.8CVE-2021-29390
MISC
json-c_project — json-cAn issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution.2023-08-229.8CVE-2021-32292
MISC
dpic_project — dpicdpic 2021.04.10 has a Heap Buffer Overflow in themakevar() function in dpic.y2023-08-229.8CVE-2021-33388
MISC
dpic_project — dpicdpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.2023-08-229.8CVE-2021-33390
MISC
terra-master — terramaster_operating_systemTerraMaster NAS through 4.2.30 allows remote WAN attackers to execute arbitrary code as root via the raidtype and diskstring parameters for PHP Object Instantiation to the api.php?mobile/createRaid URI. (Shell metacharacters can be placed in raidtype because popen is used without any sanitization.) The credentials from CVE-2022-24990 exploitation can be used.2023-08-209.8CVE-2022-24989
MISC
MISC
MISC
MISC
MISC
pandorafms — pandora_fmsUnrestricted Upload of File with Dangerous Type vulnerability in the Pandora FMS File Manager component, allows an attacker to make make use of this issue ( unrestricted file upload ) to execute arbitrary system commands. This issue affects Pandora FMS v767 version and prior versions on all platforms.2023-08-229.8CVE-2023-24517
MISC
danfoss — ak-sm_800a_firmwareDue to improper input validation, a remote attacker could execute arbitrary commands on the target system.2023-08-219.8CVE-2023-25915
MISC
MISC
nodejs — node.jsThe use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.2023-08-219.8CVE-2023-32002
MISC
elecom — lan-w300n\/rs_firmwareHidden functionality vulnerability in LAN-W300N/RS all versions, and LAN-W300N/PR5 all versions allow an unauthenticated attacker to log in to the product’s certain management console and execute arbitrary OS commands.2023-08-189.8CVE-2023-32626
MISC
MISC
e-excellence — u-office_force
 
e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker without logging the service can exploit this vulnerability to upload arbitrary files to perform arbitrary command or disrupt service.2023-08-259.8CVE-2023-32757
MISC
elecom — lan-wh300andgpe_firmwareHidden functionality vulnerability in LOGITEC wireless LAN routers allows an unauthenticated attacker to log in to the product’s certain management console and execute arbitrary OS commands. Affected products and versions are as follows: LAN-W300N/DR all versions, LAN-WH300N/DR all versions, LAN-W300N/P all versions, LAN-WH450N/GP all versions, LAN-WH300AN/DGP all versions, LAN-WH300N/DGP all versions, and LAN-WH300ANDGPE all versions.2023-08-189.8CVE-2023-35991
MISC
MISC
langchain — langchainAn issue in langchain v.0.0.171 allows a remote attacker to execute arbitrary code via the via the a json file to the load_prompt parameter.2023-08-229.8CVE-2023-36281
MISC
MISC
ivanti — mobileiron_sentryA security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.2023-08-219.8CVE-2023-38035
MISC
ibm — robotic_process_automationIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.2023-08-229.8CVE-2023-38734
MISC
MISC
jerryscript — jerryscriptBuffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c.2023-08-219.8CVE-2023-38961
MISC
elecom — wrc-x1800gs-b_firmwareBuffer overflow vulnerability in WRC-X1800GS-B v1.13 and earlier, WRC-X1800GSA-B v1.13 and earlier, and WRC-X1800GSH-B v1.13 and earlier allows an unauthenticated attacker to execute arbitrary code.2023-08-189.8CVE-2023-39454
MISC
MISC
totolink — x5000r_firmwareTOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.2023-08-219.8CVE-2023-39617
MISC
totolink — x5000r_firmwareTOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface.2023-08-219.8CVE-2023-39618
MISC
gabrieleventuri — pandasaiAn issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function.2023-08-219.8CVE-2023-39660
MISC
MISC
dlink — dir-842_firmwareD-Link DIR-842 fw_revA_1-02_eu_multi_20151008 was discovered to contain multiple buffer overflows in the fgets function via the acStack_120 and acStack_220 parameters.2023-08-189.8CVE-2023-39666
MISC
MISC
MISC
tenda — ac6_firmwareTenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.2023-08-189.8CVE-2023-39670
MISC
MISC
dlink — dir-880l_a1_firmwareD-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function FUN_0001be68.2023-08-189.8CVE-2023-39671
MISC
MISC
MISC
tenda — wh450a_firmwareTenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.2023-08-189.8CVE-2023-39672
MISC
MISC
tenda — ac15_firmwareTenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().2023-08-189.8CVE-2023-39673
MISC
MISC
dlink — dir-880l_a1_firmwareD-Link DIR-880 A1_FW107WWb08 was discovered to contain a buffer overflow via the function fgets.2023-08-189.8CVE-2023-39674
MISC
MISC
MISC
tp-link — tl-wr940n_v2_firmwareTP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.2023-08-219.8CVE-2023-39747
MISC
dlink — dap-2660_firmwareD-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. This vulnerability is exploited via a crafted GET request.2023-08-219.8CVE-2023-39749
MISC
MISC
dlink — dap-2660_firmwareD-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. This vulnerability is exploited via a crafted POST request.2023-08-219.8CVE-2023-39750
MISC
MISC
tp-link — tl-wr941nd_v6_firmwareTP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.2023-08-219.8CVE-2023-39751
MISC
nvki — intelligent_broadband_subscriber_gatewayN.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a SQL injection vulnerability via the a_passwd parameter at /portal/user-register.php.2023-08-219.8CVE-2023-39807
MISC
MISC
nvki — intelligent_broadband_subscriber_gatewayN.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a hardcoded root password which allows attackers to login with root privileges via the SSH service.2023-08-219.8CVE-2023-39808
MISC
MISC
nvki — intelligent_broadband_subscriber_gatewayN.V.K.INTER CO., LTD. (NVK) iBSG v3.5 was discovered to contain a command injection vulnerability via the system_hostname parameter at /manage/network-basic.php.2023-08-219.8CVE-2023-39809
MISC
MISC
elecom — wrc-f1167acf_firmwareOS command injection vulnerability in ELECOM wireless LAN routers allows an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-F1167ACF all versions, WRC-1750GHBK all versions, WRC-1167GHBK2 all versions, WRC-1750GHBK2-I all versions, and WRC-1750GHBK-E all versions.2023-08-189.8CVE-2023-40069
MISC
MISC
fobybus — social-media-skeletonSocial media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Insufficient session expiration is a web application security vulnerability that occurs when a web application does not properly manage the lifecycle of a user’s session. Social media skeleton releases prior to 1.0.5 did not properly limit manage user session lifecycles. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-189.8CVE-2023-40174
MISC
MISC
puma — pumaPuma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-189.8CVE-2023-40175
MISC
MISC
devolutions — remote_desktop_managerInadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without proper execution rights via the remote tools feature.2023-08-219.8CVE-2023-4373
MISC
wordpress — wordpress
 
The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the ‘update_core_user’ function. This makes it possible for unauthenticated attackers to specify their user role by supplying the ‘role’ parameter during a registration.2023-08-239.8CVE-2023-4404
MISC
MISC
credit_lite_project — credit_liteA vulnerability classified as critical was found in Codecanyon Credit Lite 1.5.4. Affected by this vulnerability is an unknown functionality of the file /portal/reports/account_statement of the component POST Request Handler. The manipulation of the argument date1/date2 leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-237511.2023-08-189.8CVE-2023-4407
MISC
MISC
MISC
totolink — ex1200l_firmwareA vulnerability, which was classified as critical, was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023. This affects the function setDiagnosisCfg. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237513 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-189.8CVE-2023-4410
MISC
MISC
MISC
totolink — ex1200l_firmwareA vulnerability has been found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This vulnerability affects the function setTracerouteCfg. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-237514 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-189.8CVE-2023-4411
MISC
MISC
MISC
totolink — ex1200l_firmwareA vulnerability was found in TOTOLINK EX1200L EN_V9.3.5u.6146_B20201023 and classified as critical. This issue affects the function setWanCfg. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237515. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-189.8CVE-2023-4412
MISC
MISC
MISC
beijing_baichuo — smart_s85f_management_platformA vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230807. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /log/decodmail.php. The manipulation of the argument file leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237517 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-189.8CVE-2023-4414
MISC
MISC
MISC
sourcecodester — inventory_management_systemA vulnerability, which was classified as critical, has been found in SourceCodester Inventory Management System 1.0. This issue affects some unknown processing of the file app/action/edit_update.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237557 was assigned to this vulnerability.2023-08-209.8CVE-2023-4436
MISC
MISC
MISC
sourcecodester — inventory_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file app/ajax/search_sell_paymen_report.php. The manipulation of the argument customer leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237558 is the identifier assigned to this vulnerability.2023-08-209.8CVE-2023-4437
MISC
MISC
MISC
sourcecodester — inventory_management_systemA vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237559.2023-08-209.8CVE-2023-4438
MISC
MISC
MISC
sourcecodester — free_hospital_management_system_for_small_practicesA vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been classified as critical. This affects an unknown part of the file appointment.php. The manipulation of the argument sheduledate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237561 was assigned to this vulnerability.2023-08-209.8CVE-2023-4440
MISC
MISC
MISC
sourcecodester — free_hospital_management_system_for_small_practicesA vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /patient/appointment.php. The manipulation of the argument sheduledate leads to sql injection. The attack can be initiated remotely. VDB-237562 is the identifier assigned to this vulnerability.2023-08-219.8CVE-2023-4441
MISC
MISC
sourcecodester — free_hospital_management_system_for_small_practicesA vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. It has been rated as critical. This issue affects some unknown processing of the file \vm\patient\booking-complete.php. The manipulation of the argument userid/apponum/scheduleid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237563.2023-08-219.8CVE-2023-4442
MISC
MISC
MISC
sourcecodester — free_hospital_management_system_for_small_practicesA vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Affected is an unknown function of the file vm\doctor\edit-doc.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237564.2023-08-219.8CVE-2023-4443
MISC
MISC
MISC
sourcecodester — free_hospital_management_system_for_small_practicesA vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file vm\patient\edit-user.php. The manipulation of the argument id00/nic/oldemail/email/spec/Tele leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-237565 was assigned to this vulnerability.2023-08-219.8CVE-2023-4444
MISC
MISC
MISC
mini — mini-tmallA vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Affected by this issue is some unknown functionality of the file product/1/1?test=1&test2=2&. The manipulation of the argument orderBy leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237566 is the identifier assigned to this vulnerability.2023-08-219.8CVE-2023-4445
MISC
MISC
MISC
openrapid — rapidcmsA vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file template/default/category.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-237567.2023-08-219.8CVE-2023-4446
MISC
MISC
MISC
openrapid — rapidcmsA vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. This vulnerability affects unknown code of the file admin/article-chat.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237568.2023-08-219.8CVE-2023-4447
MISC
MISC
MISC
openrapid — rapidcmsA vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical. This issue affects some unknown processing of the file admin/run-movepass.php. The manipulation of the argument password/password2 leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier VDB-237569 was assigned to this vulnerability.2023-08-219.8CVE-2023-4448
MISC
MISC
MISC
MISC
jeecg — jimureportA vulnerability was found in jeecgboot JimuReport up to 1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Template Handler. The manipulation leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-237571.2023-08-219.8CVE-2023-4450
MISC
MISC
MISC
typora — typoraDOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted markdown file to run arbitrary JavaScript code in the context of Typora main window via loading typora://app/typemark/updater/update.html in <embed> tag. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.2023-08-199.6CVE-2023-2317
MISC
MISC
marktext — marktextDOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows, Linux and macOS allows arbitrary JavaScript code to run in the context of MarkText main window. This vulnerability can be exploited if a user copies text from a malicious webpage and paste it into MarkText.2023-08-199.6CVE-2023-2318
MISC
MISC
luxsoft — luxcal_web_calendarSQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute arbitrary queries against the database and obtain or alter the information in it.2023-08-219.1CVE-2023-39939
MISC
MISC
MISC
hdfgroup — hdf5Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.2023-08-228.8CVE-2020-18232
MISC
hdfgroup — hdf5Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file.2023-08-228.8CVE-2020-18494
MISC
gnu — binutilsAn issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.2023-08-228.8CVE-2020-19726
MISC
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.2023-08-228.8CVE-2020-24292
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.2023-08-228.8CVE-2020-24293
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.2023-08-228.8CVE-2020-24295
MISC
cesanta — mongooseBuffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file.2023-08-228.8CVE-2020-25887
MISC
freeimage_project — freeimageA heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.2023-08-228.8CVE-2021-40265
MISC
sass-lang — libsassStack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector::has_real_parent_ref function.2023-08-228.8CVE-2022-26592
MISC
geomatika — isigeo_webAn issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands.2023-08-228.8CVE-2023-23564
MISC
MISC
MISC
opensuse — libeconfA stack overflow vulnerability exists in function econf_writeFile in file atlibeconf/lib/libeconf.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.2023-08-228.8CVE-2023-30078
MISC
MISC
MISC
opensuse — libeconfA stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.2023-08-228.8CVE-2023-30079
MISC
MISC
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-08-218.8CVE-2023-36787
MISC
elecom — lan-w451ngr_firmwareLAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service.2023-08-188.8CVE-2023-38132
MISC
MISC
boidcms — boidcmsFile Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code via the GIF header component.2023-08-218.8CVE-2023-38836
MISC
MISC
online_shopping_portal_project — online_shopping_portalOnline Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.2023-08-188.8CVE-2023-38890
MISC
elecom — wrc-1467ghbk-a_firmwareHidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to the product’s certain management console.2023-08-188.8CVE-2023-39445
MISC
MISC
elecom — wrc-600ghbk-a_firmwareOS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WRC-600GHBK-A all versions, WRC-1467GHBK-A all versions, WRC-1900GHBK-A all versions, WRC-733FEBK2-A all versions, WRC-F1167ACF2 all versions, WRC-1467GHBK-S all versions, and WRC-1900GHBK-S all versions.2023-08-188.8CVE-2023-39455
MISC
MISC
elecom — wrc-f1167acf_firmwareOS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allow an attacker who can access the product to execute an arbitrary OS command by sending a specially crafted request.2023-08-188.8CVE-2023-39944
MISC
MISC
elecom — wab-s600-ps_firmwareOS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allow an authenticated user to execute an arbitrary OS command by sending a specially crafted request.2023-08-188.8CVE-2023-40072
MISC
MISC
fobybus — social-media-skeletonSocial media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. A Cross-site request forgery (CSRF) attack is a type of malicious attack whereby an attacker tricks a victim into performing an action on a website that they do not intend to do. This can be done by sending the victim a malicious link or by exploiting a vulnerability in the website. Prior to version 1.0.5 Social media skeleton did not properly restrict CSRF attacks. This has been addressed in version 1.0.5 and all users are advised to upgrade. There are no known workarounds for this vulnerability.2023-08-188.8CVE-2023-40172
MISC
MISC
happysoft — nbs\&happysoftwechatA vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237512.2023-08-188.8CVE-2023-4409
MISC
MISC
MISC
ruijienetworks — rg-ew1200g_firmwareA vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-188.8CVE-2023-4415
MISC
MISC
MISC
google — chromeUse after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-238.8CVE-2023-4429
MISC
MISC
MISC
google — chromeUse after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2023-08-238.8CVE-2023-4430
MISC
MISC
MISC
sourcecodester — free_and_open_source_inventory_management_systemA vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /index.php?page=member. The manipulation of the argument columns[0][data] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-237570 is the identifier assigned to this vulnerability.2023-08-218.8CVE-2023-4449
MISC
MISC
MISC
spice-space — spice-serverAn issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat’s VDI product. There is a security vulnerablility that can restart KVMvirtual machine without any authorization. It is not yet known if there will be other other effects.2023-08-228.6CVE-2020-23793
MISC
microsoft — microsoft_edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability2023-08-268.3CVE-2023-36741
MISC
google — chromeOut of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)2023-08-238.1CVE-2023-4428
MISC
MISC
MISC
google — chromeOut of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)2023-08-238.1CVE-2023-4431
MISC
MISC
MISC
elecom — lan-wh300n/re_firmwareHidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console.2023-08-188CVE-2023-38576
MISC
MISC
exiv2 — exiv2Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.2023-08-227.8CVE-2020-18831
MISC
MISC
microsoft — z3There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempts to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution.2023-08-227.8CVE-2020-19725
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.2023-08-227.8CVE-2020-21426
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.2023-08-227.8CVE-2020-21427
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.2023-08-227.8CVE-2020-21428
MISC
ogg_video_tools_project — ogg_video_toolsBuffer Overflow vulnerability in oggvideotools 0.9.1 allows remote attackers to run arbitrary code via opening of crafted ogg file.2023-08-227.8CVE-2020-21722
MISC
MISC
ogg_video_tools_project — ogg_video_toolsBuffer Overflow vulnerability in ExtractorInformation function in streamExtractor.cpp in oggvideotools 0.9.1 allows remaote attackers to run arbitrary code via opening of crafted ogg file.2023-08-227.8CVE-2020-21724
MISC
MISC
artifex — ghostscriptBuffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document.2023-08-227.8CVE-2020-21890
MISC
gnu — binutilsHeap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.2023-08-227.8CVE-2022-44840
MISC
gnu — binutilsHeap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.2023-08-227.8CVE-2022-45703
MISC
7-zip — p7zipp7zip 16.02 was discovered to contain a heap-buffer-overflow vulnerability via the function NArchive::NZip::CInArchive::FindCd(bool) at CPP/7zip/Archive/Zip/ZipIn.cpp.2023-08-227.8CVE-2022-47069
MISC
gnu — binutilsAn issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.2023-08-227.8CVE-2022-47673
MISC
gnu — binutilsAn issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function bfd_mach_o_get_synthetic_symtab in match-o.c.2023-08-227.8CVE-2022-47695
MISC
gnu — binutilsAn issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.2023-08-227.8CVE-2022-47696
MISC
berkaygediz — o_blogSQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component.2023-08-217.8CVE-2023-38899
MISC
MISC
MISC
MISC
openvpn — openvpnControl Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet.2023-08-227.5CVE-2020-20813
MISC
postgresql — postgresqlAn issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals.2023-08-227.5CVE-2020-21469
MISC
libssh2 — libssh2An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.2023-08-227.5CVE-2020-22218
MISC
memcached — memcachedMemcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command.2023-08-227.5CVE-2020-22570
MISC
freedesktop — popplerUncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.2023-08-227.5CVE-2020-23804
MISC
realtek — rtl8812au_firmwareAn issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service.2023-08-227.5CVE-2020-26652
MISC
linux — kernelA Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function.2023-08-227.5CVE-2020-27418
MISC
MISC
gnu — binutilsGNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.2023-08-227.5CVE-2020-35342
MISC
vsftpd_project — vsftpdVSFTPD 3.0.3 allows attackers to cause a denial of service due to limited number of connections allowed.2023-08-227.5CVE-2021-30047
MISC
dpic_project — dpicdpic 2021.01.01 has a Heap-based Buffer Overflow in thestorestring function in dpic.y.2023-08-227.5CVE-2021-32420
MISC
MISC
dpic_project — dpicdpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox() function in dpic.y.2023-08-227.5CVE-2021-32421
MISC
MISC
dpic_project — dpicdpic 2021.01.01 has a Global buffer overflow in theyylex() function in main.c and reads out of the bound array.2023-08-227.5CVE-2021-32422
MISC
MISC
imagemagick — imagemagickAn issue was discovered with ImageMagick 7.1.0-4 via Division by zero in function ReadEnhMetaFile of coders/emf.c.2023-08-227.5CVE-2021-40211
MISC
gnu — binutilsHeap-based Buffer Overflow in function bfd_getl32 in Binutils objdump 3.37.2023-08-227.5CVE-2021-46174
MISC
python — pythonThe json2xml package through 3.12.0 for Python allows an error in typecode decoding enabling a remote attack that can lead to an exception, causing a denial of service.2023-08-227.5CVE-2022-25024
MISC
MISC
MISC
MISC
radare — radare2A heap buffer overflow in r_sleb128 function in radare2 5.4.2 and 5.4.0.2023-08-227.5CVE-2022-28068
MISC
radare — radare2A heap buffer overflow in vax_opfunction in radare2 5.4.2 and 5.4.0.2023-08-227.5CVE-2022-28069
MISC
radare — radare2A null pointer deference in __core_anal_fcn function in radare2 5.4.2 and 5.4.0.2023-08-227.5CVE-2022-28070
MISC
radare — radare2A use after free in r_reg_get_name_idx function in radare2 5.4.2 and 5.4.0.2023-08-227.5CVE-2022-28071
MISC
radare — radare2A heap buffer overflow in r_read_le32 function in radare25.4.2 and 5.4.0.2023-08-227.5CVE-2022-28072
MISC
radare — radare2A use after free in r_reg_set_value function in radare2 5.4.2 and 5.4.0.2023-08-227.5CVE-2022-28073
MISC
imagemagick — imagemagickA memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the “identify -help” command.2023-08-227.5CVE-2022-48541
MISC
python — pythonA use-after-free exists in Python through 3.9 via heappushpop in heapq.2023-08-227.5CVE-2022-48560
MISC
cryptopp — crypto\+\+Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because the CVE-2019-14318 fix was intentionally removed for functionality reasons.2023-08-227.5CVE-2022-48570
MISC
MISC
memcached — memcachedmemcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP.2023-08-227.5CVE-2022-48571
MISC
cisco — secure_endpoint_private_cloudA vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.2023-08-187.5CVE-2023-20212
MISC
danfoss — ak-sm_800a_firmwareBecause of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other sensitive information.2023-08-217.5CVE-2023-25913
MISC
MISC
danfoss — ak-sm_800a_firmwareDue to improper restriction, attackers could retrieve and read system files of the underlying server through the XML interface.2023-08-217.5CVE-2023-25914
MISC
MISC
e-excellence — u-office_force
 
e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary system files but can’t control system or disrupt service.2023-08-257.5CVE-2023-32756
MISC
wordpress — wordpressThe Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered.2023-08-217.5CVE-2023-3604
MISC
qt — qtIn Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length.2023-08-207.5CVE-2023-37369
MISC
MISC
MLIST
kidus — minimatiSQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component.2023-08-187.5CVE-2023-38839
MISC
weaviate — weaviateAn issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function.2023-08-217.5CVE-2023-38976
MISC
ntsc-crt_project — ntsc-crtNTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file’s width, height, and BPP are not validated. NOTE: the vendor’s perspective is “this main application was not intended to be a well-tested program, it’s just something to demonstrate it works and for the user to see how to integrate it into their own programs.”2023-08-187.5CVE-2023-39125
MISC
northgrid — proselfImproper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote unauthenticated attacker to log in to the product’s Control Panel and perform an unintended operation.2023-08-187.5CVE-2023-39415
MISC
MISC
MISC
dlink — dir-880l_a1_firmwareD-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824.2023-08-187.5CVE-2023-39669
MISC
MISC
MISC
tp-link — tl-wr940n_v2_firmwareTP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-08-217.5CVE-2023-39745
MISC
tp-link — tl-wr1041n_v2_firmwareAn issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-08-217.5CVE-2023-39748
MISC
tenda — ac8v4_firmwareTenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function.2023-08-217.5CVE-2023-39784
MISC
MISC
tenda — ac8v4_firmwareTenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function.2023-08-217.5CVE-2023-39785
MISC
MISC
tenda — ac8v4_firmwareTenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function.2023-08-217.5CVE-2023-39786
MISC
MISC
fobybus — social-media-skeletonSocial media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Prior to version 1.0.5 Social media skeleton did not properly salt passwords leaving user passwords susceptible to cracking should an attacker gain access to hashed passwords. This issue has been addressed in version 1.0.5 and users are advised to upgrade. There are no known workarounds for this issue.2023-08-187.5CVE-2023-40173
MISC
MISC
MISC
veilid — veilidVeilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data, as exploited in the wild in August 2023.2023-08-207.5CVE-2023-40711
MISC
typora — typoraImproper path handling in Typora before 1.6.7 on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/<absolute-path>”. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.2023-08-197.4CVE-2023-2316
MISC
MISC
northgrid — proselfProself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with an administrative privilege to execute arbitrary OS commands.2023-08-187.2CVE-2023-39416
MISC
MISC
MISC
mcafee — safe_connectMcAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.2023-08-217.2CVE-2023-40352
CONFIRM
MISC
oracle — apache_xml_graphics_batikServer-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.2023-08-227.1CVE-2022-44729
MISC
MISC
MISC
MISC
obsidian — obsidianImproper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via “app://local/<absolute-path>”. This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.2023-08-197.1CVE-2023-2110
MISC
MISC
unity — parsecUnity Parsec has a TOCTOU race condition that permits local attackers to escalate privileges to SYSTEM if Parsec was installed in “Per User” mode. The application intentionally launches DLLs from a user-owned directory but intended to always perform integrity verification of those DLLs. This affects Parsec Loader versions through 8. Parsec Loader 9 is a fixed version.2023-08-207CVE-2023-37250
MISC
MISC
CONFIRM

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
phplist — phplistAn issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate and edit data of the system’s super admin, allowing one to perform an account takeover of the user with super-admin permission.2023-08-186.7CVE-2023-27576
MISC
webassembly — binaryenA NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as.2023-08-226.5CVE-2020-18378
MISC
webassembly — binaryenHeap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt.2023-08-226.5CVE-2020-18382
MISC
exempi_project — exempiBuffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.2023-08-226.5CVE-2020-18651
MISC
MISC
exempi_project — exempiBuffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.2023-08-226.5CVE-2020-18652
MISC
MISC
freedesktop — popplerBuffer Overflow vulnerability in HtmlOutputDev::page in poppler 0.75.0 allows attackers to cause a denial of service.2023-08-226.5CVE-2020-18839
MISC
gnu — ncursesBuffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19185
MISC
gnu — ncursesBuffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19186
MISC
gnu — ncursesBuffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19187
MISC
gnu — ncursesBuffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19188
MISC
gnu — ncursesBuffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19189
MISC
gnu — ncursesBuffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.2023-08-226.5CVE-2020-19190
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.2023-08-226.5CVE-2020-22524
MISC
libraw — librawBuffer Overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp.2023-08-226.5CVE-2020-22628
MISC
freeimage_project — freeimageBuffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file.2023-08-226.5CVE-2020-24294
MISC
freeimage_project — freeimageA stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.2023-08-226.5CVE-2021-40262
MISC
freeimage_project — freeimageNULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.2023-08-226.5CVE-2021-40264
MISC
freeimage_project — freeimageFreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.2023-08-226.5CVE-2021-40266
MISC
upx_project — upxReachable Assertion vulnerability in upx before 4.0.0 allows attackers to cause a denial of service via crafted file passed to the the readx function.2023-08-226.5CVE-2021-46179
MISC
freedesktop — popplerAn issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.2023-08-226.5CVE-2022-37051
MISC
MISC
freedesktop — popplerA reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject.2023-08-226.5CVE-2022-37052
MISC
MISC
libtiff — libtiffAn issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.2023-08-226.5CVE-2022-40090
MISC
MISC
python — pythonread_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.2023-08-226.5CVE-2022-48564
MISC
geomatika — isigeo_webAn issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection.2023-08-226.5CVE-2023-23563
MISC
MISC
MISC
pandorafms — pandora_fmsServer-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.2023-08-226.5CVE-2023-24515
MISC
typora — typoraImproper path handling in Typora before 1.7.0-dev on Windows and Linux allows a crafted webpage to access local files and exfiltrate them to remote web servers via “typora://app/typemark/”. This vulnerability can be exploited if a user opens a malicious markdown file in Typora, or copies text from a malicious webpage and paste it into Typora.2023-08-196.5CVE-2023-2971
MISC
tp-link — tapoAn issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the authentication code for the UDP message.2023-08-226.5CVE-2023-38906
MISC
MISC
tp-link — tapoAn issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the TSKEP authentication function.2023-08-226.5CVE-2023-38908
MISC
MISC
MISC
tp-link — tapoAn issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via the IV component in the AES128-CBC function.2023-08-226.5CVE-2023-38909
MISC
MISC
MISC
oracle — apache_nifiApache NiFi 1.21.0 through 1.23.0 support JDBC and JNDI JMS access in several Processors and Controller Services with connection URL validation that does not provide sufficient protection against crafted inputs. An authenticated and authorized user can bypass connection URL validation using custom input formatting. The resolution enhances connection URL validation and introduces validation for additional related properties. Upgrading to Apache NiFi 1.23.1 is the recommended mitigation.2023-08-186.5CVE-2023-40037
MISC
MISC
MISC
devolutions — remote_desktop_managerImproper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances, to inadvertently share their personal vault entry with shared vaults via an incorrect vault in the duplication write process.2023-08-216.5CVE-2023-4417
MISC
wallabag — wallabagCross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.2023-08-216.5CVE-2023-4455
MISC
MISC
redhat — openshift_loggingA flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.2023-08-216.5CVE-2023-4456
MISC
MISC
samsung — sww-3400rw_firmwareA reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi2023-08-226.1CVE-2020-22181
MISC
MISC
nagios — nagios_xiCross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request.2023-08-226.1CVE-2020-23992
MISC
cacti — cactiCross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.2023-08-226.1CVE-2022-41444
MISC
cacti — cactiA reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the “ref” parameter at auth_changepassword.php.2023-08-226.1CVE-2022-48547
MISC
pandorafms — pandora_fmsCross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. This issue affects Pandora FMS v767 version and prior versions on all platforms.2023-08-226.1CVE-2023-24514
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in UX-themes Flatsome plugin <= 3.16.8 versions.2023-08-236.1CVE-2023-28994
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.32.7212 versions.2023-08-186.1CVE-2023-30499
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce plugin <= 2.4.0 versions.2023-08-186.1CVE-2023-31094
MISC
wordpress — wordpressCross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.6 versions.2023-08-186.1CVE-2023-31218
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in ollybach WPPizza – A Restaurant Plugin plugin <= 3.17.1 versions.2023-08-186.1CVE-2023-32105
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Fahad Mahmood WP Docs plugin <= 1.9.9 versions.2023-08-186.1CVE-2023-32106
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.1.3 versions.2023-08-186.1CVE-2023-32107
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.2023-08-186.1CVE-2023-32108
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On line plugin <= 4.6.3 versions.2023-08-186.1CVE-2023-32109
MISC
wordpress — wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Spiffy Plugins Spiffy Calendar plugin <= 4.9.3 versions.2023-08-186.1CVE-2023-32122
MISC
google — crittersCritters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension. 2023-08-216.1CVE-2023-3481
MISC
cszcms — csz_cmsCSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the ‘Carousel Wiget’ section and choosing our carousel widget created above, in ‘Photo URL’ and ‘YouTube URL’ plugin.2023-08-186.1CVE-2023-38910
MISC
wordpress — wordpressThe Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-08-216.1CVE-2023-3936
MISC
wordpress — wordpressThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-08-216.1CVE-2023-3954
MISC
luxsoft — luxcal_web_calendarCross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product.2023-08-216.1CVE-2023-39543
MISC
MISC
MISC
jenkins — jenkinsJenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.2023-08-216.1CVE-2023-4303
MISC
cockpit — cockpitCross-site Scripting (XSS) – Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.2023-08-196.1CVE-2023-4432
MISC
MISC
hamza417 — inureMissing Authorization in GitHub repository hamza417/inure prior to build88.2023-08-206.1CVE-2023-4434
MISC
MISC
cockpit — cockpitCross-site Scripting (XSS) – Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.2023-08-206.1CVE-2023-4451
MISC
MISC
wallabag — wallabagCross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3.2023-08-215.7CVE-2023-4454
MISC
MISC
libtiff — libtiffThere exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.2023-08-225.5CVE-2020-18768
MISC
zziplib_project — zziplibAn issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.2023-08-225.5CVE-2020-18770
MISC
nasm — netwide_assemblerA Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.2023-08-225.5CVE-2020-18780
MISC
audiofile — audiofileHeap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.2023-08-225.5CVE-2020-18781
MISC
gnu — binutilsA memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command.2023-08-225.5CVE-2020-19724
MISC
MISC
elfutils_project — elfutilsThe libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.2023-08-225.5CVE-2020-21047
MISC
MISC
gnu — binutilsAn issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.2023-08-225.5CVE-2020-21490
MISC
MISC
nasm — netwide_assemblerA Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.2023-08-225.5CVE-2020-21528
MISC
graphicsmagick — graphicsmagickBuffer Overflow vulnerability in WritePCXImage function in pcx.c in GraphicsMagick 1.4 allows remote attackers to cause a denial of service via converting of crafted image file to pcx format.2023-08-225.5CVE-2020-21679
MISC
nasm — netwide_assemblerBuffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.2023-08-225.5CVE-2020-21685
MISC
nasm — netwide_assemblerA stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file.2023-08-225.5CVE-2020-21686
MISC
nasm — netwide_assemblerBuffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file.2023-08-225.5CVE-2020-21687
MISC
artifex — ghostscriptA divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file.2023-08-225.5CVE-2020-21710
MISC
MISC
ogg_video_tools_project — ogg_video_toolsA Segmentation Fault issue discovered StreamSerializer::extractStreams function in streamSerializer.cpp in oggvideotools 0.9.1 allows remote attackers to cause a denial of service (crash) via opening of crafted ogg file.2023-08-225.5CVE-2020-21723
MISC
MISC
artifex — mupdfA Use After Free vulnerability in svg_dev_text_span_as_paths_defs function in source/fitz/svg-device.c in Artifex Software MuPDF 1.16.0 allows remote attackers to cause a denial of service via opening of a crafted PDF file.2023-08-225.5CVE-2020-21896
MISC
tukaani — xzAn issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of crafted file.2023-08-225.5CVE-2020-22916
MISC
MISC
nasm — netwide_assemblerBuffer overflow vulnerability in quote_for_pmake in asm/nasm.c in nasm before 2.15.05 allows attackers to cause a denial of service via crafted file.2023-08-225.5CVE-2022-29654
MISC
MISC
MISC
gnu — binutilsAn issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.2023-08-225.5CVE-2022-47007
MISC
gnu — binutilsAn issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.2023-08-225.5CVE-2022-47008
MISC
gnu — binutilsAn issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.2023-08-225.5CVE-2022-47010
MISC
gnu — binutilsAn issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks.2023-08-225.5CVE-2022-47011
MISC
gnu — binutilsGNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.2023-08-225.5CVE-2022-48063
MISC
MISC
gnu — binutilsGNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.2023-08-225.5CVE-2022-48064
MISC
MISC
gnu — binutilsGNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.2023-08-225.5CVE-2022-48065
MISC
MISC
file_project — fileFile before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: “File” is the name of an Open Source project.2023-08-225.5CVE-2022-48554
MISC
insyde — insydeh2oAn issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the ‘MeSetup’ UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerability could potentially lead to denial of service for the platform.2023-08-185.5CVE-2023-27471
MISC
nasm — netwide_assemblerNull pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash).2023-08-225.5CVE-2023-38665
MISC
hamza417 — inureImproper Input Validation in GitHub repository hamza417/inure prior to build88.2023-08-205.5CVE-2023-4435
MISC
MISC
linux — kernelA NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.2023-08-215.5CVE-2023-4459
MISC
MISC
MISC
pandorafms — pandora_fmsCross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. This issue affects Pandora FMS v767 version and prior versions on all platforms.2023-08-225.4CVE-2023-24516
MISC
juliencrego — manager_for_icomoonAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Julien Crego Manager for Icomoon plugin <= 2.0 versions.2023-08-185.4CVE-2023-29387
MISC
themepalace — tp_educationAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Theme Palace TP Education plugin <= 4.4 versions.2023-08-185.4CVE-2023-32103
MISC
cszcms — csz_cmsA Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.2023-08-185.4CVE-2023-38911
MISC
zerowdd — studentmanagerCross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function.2023-08-215.4CVE-2023-39094
MISC
advancedcustomfields — advanced_custom_fieldsCross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product with the administrative privilege.2023-08-215.4CVE-2023-40068
MISC
MISC
MISC
MISC
dedecms — dedecmsDedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters.2023-08-245.4CVE-2023-40874
MISC
dedecms — dedecmsDedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters.2023-08-245.4CVE-2023-40875
MISC
dedecms — dedecmsDedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter.2023-08-245.4CVE-2023-40876
MISC
dedecms — dedecmsDedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter.2023-08-245.4CVE-2023-40877
MISC
jenkins — jenkinsA cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2023-08-215.4CVE-2023-4301
MISC
cockpit — cockpitCross-site Scripting (XSS) – Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4.2023-08-195.4CVE-2023-4433
MISC
MISC
pimcore — pimcoreCross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.6.8.2023-08-215.4CVE-2023-4453
MISC
MISC
wordpress — wordpress
 
The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the ‘save’ function hooked via init, and the plugin is also vulnerable to Arbitrary Usermeta Update via the ‘save’ function in versions up to, and including, 7.5.37.7212 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, and makes it possible to update the user metas arbitrarily, but the meta value can only be a string.2023-08-255.4CVE-2023-4520
MISC
MISC
MISC
esri — server
 
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.2023-08-255.3CVE-2023-25848
MISC
e-excellence — u-office_force
 
e-Excellence U-Office Force generates an error message in webiste service. An unauthenticated remote attacker can obtain partial sensitive system information from error message by sending a crafted command.2023-08-255.3CVE-2023-32755
MISC
mediawiki — mediawikiAn issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.2023-08-205.3CVE-2023-36674
MISC
ibm — robotic_process_automationIBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.2023-08-225.3CVE-2023-40370
MISC
MISC
wordpress — wordpressThe Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eh_callback_handler function in versions up to, and including, 3.7.9. This makes it possible for unauthenticated attackers to modify the order status of arbitrary WooCommerce orders.2023-08-185.3CVE-2023-4040
MISC
MISC
sourcecodester — card_holder_management_systemA vulnerability was found in SourceCodester Card Holder Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Minus Value Handler. The manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The identifier of this vulnerability is VDB-237560.2023-08-205.3CVE-2023-4439
MISC
MISC
geomatika — isigeo_webAn issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion.2023-08-224.9CVE-2023-23565
MISC
MISC
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in All My Web Needs Logo Scheduler plugin <= 1.2.0 versions.2023-08-184.8CVE-2023-30875
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.2023-08-184.8CVE-2023-31228
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Artiss Plugins List plugin <= 2.5 versions.2023-08-184.8CVE-2023-31232
MISC
wordpress — wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Daniel Powney Multi Rating plugin <= 5.0.6 versions.2023-08-184.8CVE-2023-32130
MISC
sourcecodester — student_study_center_desk_management_systemCross Site Scripting (XSS) vulnerability in sourcecodester Student Study Center Desk Management System 1.0 allows attackers to run arbitrary code via crafted GET request to web application URL.2023-08-234.8CVE-2023-36317
MISC
MISC
MISC
wordpress — wordpressThe Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-08-214.8CVE-2023-3667
MISC
cockpit — cockpitCross-site Scripting (XSS) – Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.2023-08-184.8CVE-2023-4422
MISC
MISC
wordpress — wordpressThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack2023-08-214.3CVE-2023-3366
MISC
ibm — robotic_process_automationIBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.2023-08-224.3CVE-2023-38732
MISC
MISC
ibm — robotic_process_automationIBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.2023-08-224.3CVE-2023-38733
MISC
MISC
jenkins — jenkinsA missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.2023-08-214.3CVE-2023-4302
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
chamilo — chamiloCross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code.2023-08-213.5CVE-2023-39061
MISC
MISC
microsoft — edge_chromiumMicrosoft Edge (Chromium-based) Information Disclosure Vulnerability2023-08-213.1CVE-2023-38158
MISC
rootkit_hunter_project — rootkit_hunterA vulnerability was found in rkhunter Rootkit Hunter 1.4.4/1.4.6. It has been classified as problematic. Affected is an unknown function of the file /var/log/rkhunter.log. The manipulation leads to sensitive information in log files. An attack has to be approached locally. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-237516.2023-08-182.5CVE-2023-4413
MISC
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
DescriptionPublishedCVSS ScoreSource & Patch Info
google — chromeInappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical)2023-08-25not yet calculatedCVE-2019-13689
MISC
MISC
google — chrome
 
Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)2023-08-25not yet calculatedCVE-2019-13690
MISC
MISC
stormshield — stormshield_network_security
 
An issue was discovered in Stormshield SNS 3.8.0. Authenticated Stored XSS in the admin login panel leads to SSL VPN credential theft. A malicious disclaimer file can be uploaded from the admin panel. The resulting file is rendered on the authentication interface of the admin panel. It is possible to inject malicious HTML content in order to execute JavaScript inside a victim’s browser. This results in a stored XSS on the authentication interface of the admin panel. Moreover, an unsecured authentication form is present on the authentication interface of the SSL VPN captive portal. Users are allowed to save their credentials inside the browser. If an administrator saves his credentials through this unsecured form, these credentials could be stolen via the stored XSS on the admin panel without user interaction. Another possible exploitation would be modification of the authentication form of the admin panel into a malicious form.2023-08-25not yet calculatedCVE-2020-11711
MISC
MISC
MISC
hwclock.13-v2.27 — hwclock.13-v2.27An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privileges or execute arbitrary commands via the path parameter when setting the date.2023-08-22not yet calculatedCVE-2020-21583
MISC
MISC
tengine — tengine
 
The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests.2023-08-22not yet calculatedCVE-2020-21699
MISC
yealink — w60b
 
Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS).2023-08-22not yet calculatedCVE-2020-24113
MISC
artifex_software — mupdf
 
A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.2023-08-22not yet calculatedCVE-2020-26683
MISC
stormshield — stormshield_network_security
 
Stormshield Network Security (SNS) VPN SSL Client 2.1.0 through 2.8.0 has Insecure Permissions.2023-08-25not yet calculatedCVE-2021-27932
MISC
MISC
opensc — opensc
 
Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.2023-08-22not yet calculatedCVE-2021-34193
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
samsung — syncthru_web_service
 
An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.2023-08-22not yet calculatedCVE-2021-35309
MISC
MISC
freeimage — freeimage
 
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.2023-08-22not yet calculatedCVE-2021-40263
MISC
nervuri — e_os
 
Improper verification of applications’ cryptographic signatures in the /e/OS app store client App Lounge before 0.19q allows attackers in control of the application server to install malicious applications on user’s systems by altering the server’s API response.2023-08-22not yet calculatedCVE-2021-43171
MISC
MISC
djvulibre — djvulibre
 
An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.2023-08-22not yet calculatedCVE-2021-46310
MISC
djvulibre– djvulibre
 
An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.2023-08-22not yet calculatedCVE-2021-46312
MISC
etcd — etcd
 
Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go2023-08-22not yet calculatedCVE-2022-34038
MISC
MISC
gnu — binutils
 
An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.2023-08-22not yet calculatedCVE-2022-35205
MISC
gnu — binutils
 
Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c.2023-08-22not yet calculatedCVE-2022-35206
MISC
freedesktop — poppler
 
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.2023-08-22not yet calculatedCVE-2022-37050
MISC
MISC
lenovo — notebook
 
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation.2023-08-23not yet calculatedCVE-2022-3742
MISC
lenovo — notebook
 
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges under certain conditions the ability to enumerate Embedded Controller (EC) commands.2023-08-23not yet calculatedCVE-2022-3743
MISC
lenovo — notebook
 
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to unlock UEFI variables due to a hard-coded SMI handler credential.2023-08-23not yet calculatedCVE-2022-3744
MISC
lenovo — notebook
 
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to view incoming and returned data from SMI.2023-08-23not yet calculatedCVE-2022-3745
MISC
lenovo — notebook
 
A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface.2023-08-23not yet calculatedCVE-2022-3746
MISC
freedesktop — poppler
 
An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.2023-08-22not yet calculatedCVE-2022-38349
MISC
MISC
oracle — jdk
 
An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service.2023-08-22not yet calculatedCVE-2022-40433
MISC
MISC
MISC
MISC
libsass — libsass
 
Stack overflow vulnerability in ast_selectors.cpp in function Sass::CompoundSelector::has_real_parent_ref in libsass:3.6.5-8-g210218, which can be exploited by attackers to causea denial of service (DoS). Also affects the command line driver for libsass, sassc 3.6.2.2023-08-22not yet calculatedCVE-2022-43357
MISC
MISC
MISC
sass-lang — libsass
 
Stack overflow vulnerability in ast_selectors.cpp: in function Sass::ComplexSelector::has_placeholder in libsass:3.6.5-8-g210218, which can be exploited by attackers to cause a denial of service (DoS).2023-08-22not yet calculatedCVE-2022-43358
MISC
MISC
MISC
south_river_technologie — titan_ftp
 
There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.2023-08-22not yet calculatedCVE-2022-44215
MISC
MISC
google — chrome
 
Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)2023-08-25not yet calculatedCVE-2022-4452
MISC
MISC
oracle — apache_xml_graphics_batik
 
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.2023-08-22not yet calculatedCVE-2022-44730
MISC
MISC
MISC
MISC
openmns — horizon
 
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.2023-08-22not yet calculatedCVE-2022-45582
MISC
MISC
fresenius_kabi — pharmahelp
 
An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information.2023-08-22not yet calculatedCVE-2022-45611
MISC
oracle — apache_ivy/apache_maven
 
Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files – either its own configuration, Ivy files or Apache Maven POMs – it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about “JAXP Properties for External Access restrictions” inside Oracle’s “Java API for XML Processing (JAXP) Security Guide”.2023-08-21not yet calculatedCVE-2022-46751
MISC
MISC
MISC
MISC
mozilla — firefoxA potential use-after-free vulnerability existed in SVG Images if the Refresh Driver was destroyed at an inopportune time. This could have lead to memory corruption or a potentially exploitable crash. *Note*: This advisory was added on December 13th, 2022 after discovering it was inadvertently left out of the original advisory. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106.2023-08-24not yet calculatedCVE-2022-46884
MISC
MISC
open-mpi — open-mpi
 
An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.2023-08-22not yet calculatedCVE-2022-47022
MISC
busybox — busybox
 
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.2023-08-22not yet calculatedCVE-2022-48174
MISC
perl — perl
 
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.2023-08-22not yet calculatedCVE-2022-48522
MISC
cacti — cacti
 
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.2023-08-22not yet calculatedCVE-2022-48538
MISC
MISC
xpdf — xpdf
 
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.2023-08-22not yet calculatedCVE-2022-48545
MISC
python — python
 
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.2023-08-22not yet calculatedCVE-2022-48565
MISC
python — python
 
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.2023-08-22not yet calculatedCVE-2022-48566
MISC
mongodb_inc — mongodb_server
 
If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions.2023-08-23not yet calculatedCVE-2023-1409
MISC
MISC
cisco — cisco_nx-os_software
 
A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user. There are workarounds that address this vulnerability.2023-08-23not yet calculatedCVE-2023-20115
MISC
cisco — cisco_nx-os_software
 
A vulnerability in TACACS+ and RADIUS remote authentication for Cisco NX-OS Software could allow an unauthenticated, local attacker to cause an affected device to unexpectedly reload. This vulnerability is due to incorrect input validation when processing an authentication attempt if the directed request option is enabled for TACACS+ or RADIUS. An attacker could exploit this vulnerability by entering a crafted string at the login prompt of an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a denial of service (DoS) condition.2023-08-23not yet calculatedCVE-2023-20168
MISC
cisco — cisco_nx-os_software
 
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco NX-OS Software for the Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the IS-IS process to unexpectedly restart, which could cause an affected device to reload. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the unexpected restart of the IS-IS process, which could cause the affected device to reload. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2 adjacent to the affected device.2023-08-23not yet calculatedCVE-2023-20169
MISC
cisco — cisco_unified_computing_system
 
A vulnerability in the Simple Network Management Protocol (SNMP) service of Cisco FXOS Software for Firepower 4100 Series and Firepower 9300 Security Appliances and of Cisco UCS 6300 Series Fabric Interconnects could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to the improper handling of specific SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. Note: This vulnerability affects all supported SNMP versions. To exploit this vulnerability through SNMPv2c or earlier, an attacker must know the SNMP community string that is configured on an affected device. To exploit this vulnerability through SNMPv3, the attacker must have valid credentials for an SNMP user who is configured on the affected device.2023-08-23not yet calculatedCVE-2023-20200
MISC
cisco — cisco_application_policy_infrastructure_controller
 
A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to read, modify, or delete non-tenant policies (for example, access policies) created by users associated with a different security domain on an affected system. This vulnerability is due to improper access control when restricted security domains are used to implement multi-tenancy for policies outside the tenant boundaries. An attacker with a valid user account associated with a restricted security domain could exploit this vulnerability. A successful exploit could allow the attacker to read, modify, or delete policies created by users associated with a different security domain. Exploitation is not possible for policies under tenants that an attacker has no authorization to access.2023-08-23not yet calculatedCVE-2023-20230
MISC
cisco — multiple_products
 
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. The vulnerability occurs because there is no validation of parameters when a specific CLI command is used. An attacker could exploit this vulnerability by authenticating to an affected device and using the command at the CLI. A successful exploit could allow the attacker to overwrite any file on the disk of the affected device, including system files. The attacker must have valid administrative credentials on the affected device to exploit this vulnerability.2023-08-23not yet calculatedCVE-2023-20234
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy iframe popup plugin <= 3.3 versions.2023-08-25not yet calculatedCVE-2023-24394
MISC
esoteric_software — yamlbeans
 
An issue was discovered in Esoteric YamlBeans through 1.15. A crafted YAML document is able perform am XML Entity Expansion attack against YamlBeans YamlReader. By exploiting the Anchor feature in YAML, it is possible to generate a small YAML document that, when read, is expanded to a large size, causing CPU and memory consumption, such as a Java Out-of-Memory exception.2023-08-25not yet calculatedCVE-2023-24620
MISC
MISC
MISC
esoteric_software — yamlbeans
 
An issue was discovered in Esoteric YamlBeans through 1.15. It allows untrusted deserialisation to Java classes by default, where the data and class are controlled by the author of the YAML document being processed.2023-08-25not yet calculatedCVE-2023-24621
MISC
MISC
MISC
zte — mf286r
 
There is a command injection vulnerability in a mobile internet product of ZTE. Due to insufficient validation of SET_DEVICE_LED interface parameter, an authenticated attacker could use the vulnerability to execute arbitrary commands.2023-08-25not yet calculatedCVE-2023-25649
MISC
wordpress — wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ThemeKraft Post Form plugin <= 2.8.1 versions.2023-08-25not yet calculatedCVE-2023-25981
MISC
wireshark — wireshark
 
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.2023-08-25not yet calculatedCVE-2023-2906
MISC
MISC
sick_ag — lms5xx
 
The LMS5xx uses weak hash generation methods, resulting in the creation of insecure hashs. If an attacker manages to retrieve the hash, it could lead to collision attacks and the potential retrieval of the password.2023-08-24not yet calculatedCVE-2023-31412
MISC
MISC
MISC
draytek — vigor2620
 
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code.2023-08-21not yet calculatedCVE-2023-31447
MISC
MISC
gravitl — netmaker
 
Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints. The issue is patched in 0.17.1 and fixed in 0.18.6. If users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone who is using version 0.17.1 can pull the latest docker image of the backend and restart the server.2023-08-24not yet calculatedCVE-2023-32077
MISC
MISC
MISC
MISC
gravitl — netmaker
 
Netmaker makes networks with WireGuard. An Insecure Direct Object Reference (IDOR) vulnerability was found in versions prior to 0.17.1 and 0.18.6 in the user update function. By specifying another user’s username, it was possible to update the other user’s password. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users. If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.2023-08-24not yet calculatedCVE-2023-32078
MISC
MISC
MISC
gravitl — netmaker
 
Netmaker makes networks with WireGuard. A Mass assignment vulnerability was found in versions prior to 0.17.1 and 0.18.6 that allows a non-admin user to escalate privileges to those of an admin user. The issue is patched in 0.17.1 and fixed in 0.18.6. If Users are using 0.17.1, they should run `docker pull gravitl/netmaker:v0.17.1` and `docker-compose up -d`. This will switch them to the patched users If users are using v0.18.0-0.18.5, they should upgrade to v0.18.6 or later. As a workaround, someone using version 0.17.1 can pull the latest docker image of the backend and restart the server.2023-08-24not yet calculatedCVE-2023-32079
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPO365 | Mail Integration for Office 365 / Outlook plugin <= 1.9.0 versions.2023-08-23not yet calculatedCVE-2023-32119
MISC
walchem — intuition_9
 
Walchem Intuition 9 firmware versions prior to v4.21 are vulnerable to improper authentication. Login credentials are stored in a format that could allow an attacker to use them as-is to login and gain access to the device.2023-08-23not yet calculatedCVE-2023-32202
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin <= 1.1.8 versions.2023-08-23not yet calculatedCVE-2023-32236
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.8 versions.2023-08-23not yet calculatedCVE-2023-32300
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bill Minozzi Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection plugin <= 7.31 versions.2023-08-23not yet calculatedCVE-2023-32496
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Supersoju Block Referer Spam plugin <= 1.1.9.4 versions.2023-08-23not yet calculatedCVE-2023-32497
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Easy Form team Easy Form by AYS plugin <= 1.2.0 versions.2023-08-23not yet calculatedCVE-2023-32498
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tony Zeoli, Tony Hayes Radio Station by netmix® – Manage and play your Show Schedule in WordPress! plugin <= 2.4.0.9 versions.2023-08-23not yet calculatedCVE-2023-32499
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Arshid Easy Hide Login plugin <= 1.0.7 versions.2023-08-23not yet calculatedCVE-2023-32505
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.2023-08-23not yet calculatedCVE-2023-32509
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rolf van Gelder Order Your Posts Manually plugin <= 2.2.5 versions.2023-08-24not yet calculatedCVE-2023-32510
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Booking Ultra Pro Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.8 versions.2023-08-24not yet calculatedCVE-2023-32511
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GloriaFood Restaurant Menu – Food Ordering System – Table Reservation plugin <= 2.3.6 versions.2023-08-24not yet calculatedCVE-2023-32516
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ono Oogami WP Chinese Conversion plugin <= 1.1.16 versions.2023-08-25not yet calculatedCVE-2023-32518
MISC
node.js — node.js
 
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding(‘spawn_sync’)` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.2023-08-24not yet calculatedCVE-2023-32559
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.25 versions.2023-08-25not yet calculatedCVE-2023-32575
MISC
wordpress — wordpress
 
Auth. (subscriber+) Stored Cross-Site Scripting’) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.18 versions.2023-08-25not yet calculatedCVE-2023-32576
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eji Osigwe DevBuddy Twitter Feed plugin <= 4.0.0 versions.2023-08-25not yet calculatedCVE-2023-32577
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in John Newcombe eBecas plugin <= 3.1.3 versions.2023-08-25not yet calculatedCVE-2023-32584
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Cloud Primero B.V DBargain plugin <= 3.0.0 versions.2023-08-25not yet calculatedCVE-2023-32591
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Palasthotel by Edward Bock, Katharina Rompf Sunny Search plugin <= 1.0.2 versions.2023-08-25not yet calculatedCVE-2023-32595
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wolfgang Ertl weebotLite plugin <= 1.0.0 versions.2023-08-25not yet calculatedCVE-2023-32596
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in A. R. Jones Featured Image Pro Post Grid plugin <= 5.14 versions.2023-08-25not yet calculatedCVE-2023-32598
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.2023-08-25not yet calculatedCVE-2023-32603
MISC
zulip — zulip
 
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Users who used to be subscribed to a private stream and have been removed from it since retain the ability to edit messages/topics, move messages to other streams, and delete messages that they used to have access to, if other relevant organization permissions allow these actions. For example, a user may be able to edit or delete their old messages they posted in such a private stream. An administrator will be able to delete old messages (that they had access to) from the private stream. This issue was fixed in Zulip Server version 7.3.2023-08-25not yet calculatedCVE-2023-32678
MISC
MISC
wordpress — wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions.2023-08-25not yet calculatedCVE-2023-32797
MISC
ibm — txseries_for_multiplatforms
 
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 257132.2023-08-22not yet calculatedCVE-2023-33850
MISC
MISC
MISC
MISC
spring — spring_for_apache_kafka
 
In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.2023-08-24not yet calculatedCVE-2023-34040
MISC
m-files — m-files_web
 
Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server2023-08-25not yet calculatedCVE-2023-3406
MISC
m-files — m-files_server
 
Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory.2023-08-25not yet calculatedCVE-2023-3425
MISC
etic_telecom — remote_access_server
 
ETIC Telecom RAS versions 4.7.0 and prior the web management portal authentication disabled by default. This could allow an attacker with adjacent network access to alter the configuration of the device or cause a denial-of-service condition.2023-08-23not yet calculatedCVE-2023-3453
MISC
techview — la-5570
 
An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf.2023-08-25not yet calculatedCVE-2023-34723
MISC
MISC
supermicro — x12dpg-qr
 
Buffer Overflow vulnerability in Supermicro motherboard X12DPG-QR 1.4b allows local attackers to hijack control flow via manipulation of SmcSecurityEraseSetupVar variable.2023-08-22not yet calculatedCVE-2023-34853
MISC
MISC
qnap_systems_inc. — qts
 
An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later2023-08-24not yet calculatedCVE-2023-34971
MISC
qnap_systems_inc. — qts
 
A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to read the contents of unexpected sensitive data via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later2023-08-24not yet calculatedCVE-2023-34972
MISC
qnap_systems_inc. — qts
 
An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QuTS hero h5.1.0.2424 build 20230609 and later2023-08-24not yet calculatedCVE-2023-34973
MISC
skale_network_sgxwallet — skale_network_sgxwallet
 
Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function.2023-08-25not yet calculatedCVE-2023-36198
MISC
skale_network_sgxwallet — skale_network_sgxwallet
 
An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component.2023-08-25not yet calculatedCVE-2023-36199
MISC
asustor — adm
 
An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.2023-08-22not yet calculatedCVE-2023-3699
MISC
aditya_infotech_limited — cp-plus_dvr
 
The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to change system time of the targeted device.2023-08-24not yet calculatedCVE-2023-3704
MISC
aditya_infotech_limited — cp-plus_nvr
 
The vulnerability exists in CP-Plus NVR due to an improper input handling at the web-based management interface of the affected product. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the remote attacker to obtain sensitive information on the targeted device.2023-08-24not yet calculatedCVE-2023-3705
MISC
infoblox — nios
 
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access.2023-08-25not yet calculatedCVE-2023-37249
CONFIRM
MISC
oracle — apache_airflow
 
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server. Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.2023-08-23not yet calculatedCVE-2023-37379
MISC
MISC
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-08-22not yet calculatedCVE-2023-37421
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-08-22not yet calculatedCVE-2023-37422
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-08-22not yet calculatedCVE-2023-37423
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to run arbitrary commands on the underlying host if certain preconditions outside of the attacker’s control are met. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.2023-08-22not yet calculatedCVE-2023-37424
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface.2023-08-22not yet calculatedCVE-2023-37425
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
EdgeConnect SD-WAN Orchestrator instances prior to the versions resolved in this advisory were found to have shared static SSH host keys for all installations. This vulnerability could allow an attacker to spoof the SSH host signature and thereby masquerade as a legitimate Orchestrator host.2023-08-22not yet calculatedCVE-2023-37426
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to run arbitrary commands on the underlying host. Successful exploitation of this vulnerability allows an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-08-22not yet calculatedCVE-2023-37427
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
A vulnerability in the EdgeConnect SD-WAN Orchestrator web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise.2023-08-22not yet calculatedCVE-2023-37428
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37429
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37430
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37431
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37432
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37433
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37434
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37435
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37436
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37437
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestratorMultiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37438
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect SD-WAN Orchestrator instance. An attacker could exploit these vulnerabilities to     obtain and modify sensitive information in the underlying database potentially leading to the exposure and corruption of sensitive data controlled by the EdgeConnect SD-WAN Orchestrator host.2023-08-22not yet calculatedCVE-2023-37439
MISC
hewlett_packard_enterprise — edgeconnect_sd-wan_orchestrator
 
A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.2023-08-22not yet calculatedCVE-2023-37440
MISC
icewhaletech — casaos
 
CasaOS is an open-source personal cloud system. Prior to version 0.4.4, if an authenticated user using CasaOS is able to successfully connect to a controlled SMB server, they are able to execute arbitrary commands. Version 0.4.4 contains a patch for the issue.2023-08-24not yet calculatedCVE-2023-37469
MISC
MISC
MISC
MISC
MISC
keylime — keylime
 
A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.2023-08-25not yet calculatedCVE-2023-38201
MISC
MISC
MISC
MISC
walchem — intuition_9
 
Walchem Intuition 9 firmware versions prior to v4.21 are missing authentication for some of the API routes of the management web server. This could allow an attacker to download and export sensitive data.2023-08-23not yet calculatedCVE-2023-38422
MISC
tuleap — tuleap
 
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.2023-08-24not yet calculatedCVE-2023-38508
MISC
MISC
MISC
MISC
cbc_co._ltd. — multiple_products
 
Improper authentication vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.2023-08-23not yet calculatedCVE-2023-38585
MISC
MISC
MISC
bento4 — bento4
 
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.2023-08-22not yet calculatedCVE-2023-38666
MISC
nasm — nasm
 
Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.2023-08-22not yet calculatedCVE-2023-38667
MISC
nasm — nasm
 
Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).2023-08-22not yet calculatedCVE-2023-38668
MISC
libreswan — libreswan
 
An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload’s protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.2023-08-25not yet calculatedCVE-2023-38710
MISC
MISC
libreswan — libreswan
 
An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.2023-08-25not yet calculatedCVE-2023-38711
MISC
MISC
libreswan — libreswan
 
An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.2023-08-25not yet calculatedCVE-2023-38712
MISC
MISC
rarlabs — winrar
 
RARLabs WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the benign file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file. This was exploited in the wild in April through August 2023.2023-08-23not yet calculatedCVE-2023-38831
MISC
MISC
MISC
uasoft — badaso
 
A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.2023-08-25not yet calculatedCVE-2023-38973
MISC
uasoft — badaso
 
A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter.2023-08-25not yet calculatedCVE-2023-38974
MISC
subscription-manager — subscription-manager
 
A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.2023-08-23not yet calculatedCVE-2023-3899
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
douran — dsgate
 
An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.2023-08-22not yet calculatedCVE-2023-38996
MISC
MISC
MISC
filemage — filemage_gateway
 
Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.2023-08-22not yet calculatedCVE-2023-39026
MISC
MISC
nacos_group — nacos_spring_project
 
An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component.2023-08-21not yet calculatedCVE-2023-39106
MISC
webui-aria2 — webui-aria2
 
webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.2023-08-22not yet calculatedCVE-2023-39141
MISC
MISC
mitel_networks_corp. — mivoice_connect
 
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.2023-08-25not yet calculatedCVE-2023-39287
MISC
MISC
mitel_networks_corp. — mivoice_connect
 
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to conduct a command argument injection due to insufficient parameter sanitization. A successful exploit could allow an attacker to access network information and to generate excessive network traffic.2023-08-25not yet calculatedCVE-2023-39288
MISC
MISC
mitel_networks_corp. — mivoice_connect
 
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper configuration. A successful exploit could allow an attacker to access system information.2023-08-25not yet calculatedCVE-2023-39289
MISC
MISC
mitel_networks_corp. — mivoice_connect
 
A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.2023-08-25not yet calculatedCVE-2023-39290
MISC
MISC
mitel_networks_corp. — mivoice_connect
 
A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to view system information.2023-08-25not yet calculatedCVE-2023-39291
MISC
MISC
oracle — apache_airflow
 
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not check a server’s X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position. Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability2023-08-23not yet calculatedCVE-2023-39441
MISC
MISC
MISC
MISC
MISC
fit2cloud — cloudexplorer_lite
 
Cloud Explorer Lite is an open source cloud management platform. Prior to version 1.4.0, there is a risk of sensitive information leakage in the user information acquisition of CloudExplorer Lite. The vulnerability has been fixed in version 1.4.0.2023-08-24not yet calculatedCVE-2023-39519
MISC
MISC
tuleap — tuleap
 
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the “card fields” (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.2023-08-24not yet calculatedCVE-2023-39521
MISC
MISC
MISC
MISC
csz_cms — csz_cms
 
Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.2023-08-22not yet calculatedCVE-2023-39599
MISC
MISC
icewarp_inc. — icewarp 
 
IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.2023-08-25not yet calculatedCVE-2023-39600
MISC
MISC
icewarp_inc. — icewarp_mail_server
 
IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. This vulnerability allows attackers to include or execute files from the local file system of the targeted server.2023-08-25not yet calculatedCVE-2023-39699
MISC
MISC
MISC
icewarp_inc. — icewarp_mail_server
 
IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.2023-08-25not yet calculatedCVE-2023-39700
MISC
MISC
MISC
sourcecodester — free_and_open_source_inventory_management_system
 
A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Add Expense parameter under the Expense section.2023-08-25not yet calculatedCVE-2023-39707
MISC
MISC
MISC
giflib– giflib
 
giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.2023-08-25not yet calculatedCVE-2023-39742
MISC
MISC
renault — easy_link_multimedia_system
 
A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting a device to the vehicle’s USB plug and play feature.2023-08-24not yet calculatedCVE-2023-39801
MISC
pbootcms — pbootcms
 
PbootCMS below v3.2.0 was discovered to contain a command injection vulnerability via create_function.2023-08-24not yet calculatedCVE-2023-39834
MISC
geonode — geonode
 
GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. In versions 3.2.0 through 4.1.2, the endpoint `/proxy/?url=` does not properly protect against server-side request forgery. This allows an attacker to port scan internal hosts and request information from internal hosts. A patch is available at commit a9eebae80cb362009660a1fd49e105e7cdb499b9.2023-08-24not yet calculatedCVE-2023-40017
MISC
MISC
rizin — rizin
 
Rizin is a UNIX-like reverse engineering framework and command-line toolset. Versions 0.6.0 and prior are vulnerable to integer overflow in `consume_count` of `src/gnu_v2/cplus-dem.c`. The overflow check is valid logic but, is missing the modulus if the block once compiled. The compiler sees this block as unreachable code since the prior statement is multiplication by 10 and fails to consider overflow assuming the count will always be a multiple of 10. Rizin version 0.6.1 contains a fix for the issue. A temporary workaround would be disabling C++ demangling using the configuration option `bin.demangle=false`.2023-08-24not yet calculatedCVE-2023-40022
MISC
MISC
MISC
MISC
MISC
argo_cd — argo_cd
 
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting from version 2.6.0 have a bug where open web terminal sessions do not expire. This bug allows users to send any websocket messages even if the token has already expired. The most straightforward scenario is when a user opens the terminal view and leaves it open for an extended period. This allows the user to view sensitive information even when they should have been logged out already. A patch for this vulnerability has been released in the following Argo CD versions: 2.6.14, 2.7.12 and 2.8.1.2023-08-23not yet calculatedCVE-2023-40025
MISC
MISC
rust-lang — cargo
 
Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape Cargo feature names when including them in the report generated by `cargo build –timings`. A malicious package included as a dependency may inject nearly arbitrary HTML here, potentially leading to cross-site scripting if the report is subsequently uploaded somewhere. The vulnerability affects users relying on dependencies from git, local paths, or alternative registries. Users who solely depend on crates.io are unaffected. Rust 1.60.0 introduced `cargo build –timings`, which produces a report of how long the different steps of the build process took. It includes lists of Cargo features for each crate. Prior to Rust 1.72, Cargo feature names were allowed to contain almost any characters (with some exceptions as used by the feature syntax), but it would produce a future incompatibility warning about them since Rust 1.49. crates.io is far more stringent about what it considers a valid feature name and has not allowed such feature names. As the feature names were included unescaped in the timings report, they could be used to inject Javascript into the page, for example with a feature name like `features = [“<img src=” onerror=alert(0)”]`. If this report were subsequently uploaded to a domain that uses credentials, the injected Javascript could access resources from the website visitor. This issue was fixed in Rust 1.72 by turning the future incompatibility warning into an error. Users should still exercise care in which package they download, by only including trusted dependencies in their projects. Please note that even with these vulnerabilities fixed, by design Cargo allows arbitrary code execution at build time thanks to build scripts and procedural macros: a malicious dependency will be able to cause damage regardless of these vulnerabilities. crates.io has server-side checks preventing this attack, and there are no packages on crates.io exploiting these vulnerabilities. crates.io users still need to excercise care in choosing their dependencies though, as remote code execution is allowed by design there as well.2023-08-24not yet calculatedCVE-2023-40030
MISC
MISC
MISC
MISC
notepad-plus-plus — notepad-plus-plus
 
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer write overflow in `Utf8_16_Read::convert`. This issue may lead to arbitrary code execution. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-25not yet calculatedCVE-2023-40031
MISC
craft_cms — craft_cms
 
Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable only in the authenticated users, configuration with ALLOW_ADMIN_CHANGES=true, there is still a potential security threat (Remote Code Execution). This issue has been patched in version 4.4.15 and version 3.8.15.2023-08-23not yet calculatedCVE-2023-40035
MISC
MISC
MISC
MISC
notepad-plus-plus — notepad-plus-plus
 
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `CharDistributionAnalysis::HandleOneChar`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-25not yet calculatedCVE-2023-40036
MISC
cbc_co._ltd. — multiple_products
 
OS command injection vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.2023-08-23not yet calculatedCVE-2023-40144
MISC
MISC
MISC
cbc_co._ltd.  — multiple_products
 
Hidden functionality vulnerability in the CBC products allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter its settings. As for the affected products/versions, see the detailed information provided by the vendor. Note that NR4H, NR8H, NR16H series and DR-16F, DR-8F, DR-4F, DR-16H, DR-8H, DR-4H, DR-4M41 series are no longer supported, therefore updates for those products are not provided.2023-08-23not yet calculatedCVE-2023-40158
MISC
MISC
MISC
notepad-plus-plus — notepad-plus-plus
 
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to global buffer read overflow in `nsCodingStateMachine::NextStater`. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-25not yet calculatedCVE-2023-40164
MISC
notepad-plus-plus — notepad-plus-plus
 
Notepad++ is a free and open-source source code editor. Versions 8.5.6 and prior are vulnerable to heap buffer read overflow in `FileManager::detectLanguageFromTextBegining `. The exploitability of this issue is not clear. Potentially, it may be used to leak internal memory allocation information. As of time of publication, no known patches are available in existing versions of Notepad++.2023-08-25not yet calculatedCVE-2023-40166
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1.2023-08-23not yet calculatedCVE-2023-40176
MISC
MISC
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the “AppWithinMinutes.Content“ author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the “display“ script service to render the content we make sure that the proper author is used for access rights checks.2023-08-23not yet calculatedCVE-2023-40177
MISC
MISC
MISC
node-saml — node-saml
 
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. The lack of checking of current timestamp allows a LogoutRequest XML to be reused multiple times even when the current time is past the NotOnOrAfter. This could impact the user where they would be logged out from an expired LogoutRequest. In bigger contexts, if LogoutRequests are sent out in mass to different SPs, this could impact many users on a large scale. This issue was patched in version 4.0.5.2023-08-23not yet calculatedCVE-2023-40178
MISC
MISC
MISC
silverware_games_inc. — silverware_games
 
Silverware Games is a premium social network where people can play games online. Prior to version 1.3.6, the Password Recovery form would throw an error if the specified email was not found in our database. It would only display the “Enter the code” form if the email is associated with a member of the site. Since version 1.3.6, the “Enter the code” form is always returned, showing the message “If the entered email is associated with an account, a code will be sent now”. This change prevents potential violators from determining if our site has a user with the specified email.2023-08-25not yet calculatedCVE-2023-40179
MISC
silverware_games_inc. — silverware_games
 
Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7.2023-08-25not yet calculatedCVE-2023-40182
MISC
shescape — shescape
 
shescape is simple shell escape library for JavaScript. This may impact users that use Shescape on Windows in a threaded context. The vulnerability can result in Shescape escaping (or quoting) for the wrong shell, thus allowing attackers to bypass protections depending on the combination of expected and used shell. This bug has been patched in version 1.7.4.2023-08-23not yet calculatedCVE-2023-40185
MISC
MISC
MISC
MISC
python — python
 
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as “not connected” and won’t initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)2023-08-25not yet calculatedCVE-2023-40217
CONFIRM
MISC
oracle — apache_airflow
 
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin – up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that). With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour. Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.2023-08-23not yet calculatedCVE-2023-40273
MISC
MISC
MISC
ibm — aix
 
IBM AIX 7.2, 7.3, VIOS 3.1’s OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. IBM X-Force ID: 263476.2023-08-24not yet calculatedCVE-2023-40371
MISC
MISC
silicon_labs — arm
 
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects “Standalone” and “Application” versions of Gecko Bootloader.2023-08-23not yet calculatedCVE-2023-4041
MISC
ghostscript — ghostscript
 
A flaw was found in ghostscript. The fix for CVE-2020-16305 in ghostscript was not included in RHSA-2021:1852-06 advisory as it was claimed to be. This issue only affects the ghostscript package as shipped with Red Hat Enterprise Linux 8.2023-08-23not yet calculatedCVE-2023-4042
MISC
MISC
MISC
skylark_app_for_android — skylark_app_for_android
 
Improper authorization in handler for custom URL scheme issue in ‘Skylark’ App for Android 6.2.13 and earlier and ‘Skylark’ App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user’s device.2023-08-25not yet calculatedCVE-2023-40530
MISC
MISC
MISC
datasette — datasette
 
Datasette is an open source multi-tool for exploring and publishing data. This bug affects Datasette instances running a Datasette 1.0 alpha – 1.0a0, 1.0a1, 1.0a2 or 1.0a3 – in an online accessible location but with authentication enabled using a plugin such as datasette-auth-passwords. The `/-/api` API explorer endpoint could reveal the names of both databases and tables – but not their contents – to an unauthenticated user. Datasette 1.0a4 has a fix for this issue. This will block access to the API explorer but will still allow access to the Datasette read or write JSON APIs, as those use different URL patterns within the Datasette `/database` hierarchy. This issue is patched in version 1.0a4.2023-08-25not yet calculatedCVE-2023-40570
MISC
MISC
weblogic-framework — weblogic-framework
 
weblogic-framework is a tool for detecting weblogic vulnerabilities. Versions 0.2.3 and prior do not verify the returned data packets, and there is a deserialization vulnerability which may lead to remote code execution. When weblogic-framework gets the command echo, it directly deserializes the data returned by the server without verifying it. At the same time, the classloader loads a lot of deserialization calls. In this case, the malicious serialized data returned by the server will cause remote code execution. Version 0.2.4 contains a patch for this issue.2023-08-25not yet calculatedCVE-2023-40571
MISC
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo – Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.2023-08-24not yet calculatedCVE-2023-40572
MISC
MISC
MISC
xwiki — xwiki-platform
 
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn’t modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with “Job content executed” will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.2023-08-24not yet calculatedCVE-2023-40573
MISC
MISC
MISC
alertmanager — alertmanager
 
Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.2023-08-25not yet calculatedCVE-2023-40577
MISC
openfga — openfga
 
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Some end users of OpenFGA v1.3.0 or earlier are vulnerable to authorization bypass when calling the ListObjects API. The vulnerability affects customers using `ListObjects` with specific models. The affected models contain expressions of type `rel1 from type1`. This issue has been patched in version 1.3.1.2023-08-25not yet calculatedCVE-2023-40579
MISC
MISC
freighter — freighter
 
Freighter is a Stellar chrome extension. It may be possible for a malicious website to access the recovery mnemonic phrase when the Freighter wallet is unlocked. This vulnerability impacts access control to the mnemonic recovery phrase. This issue was patched in version 5.3.1.2023-08-25not yet calculatedCVE-2023-40580
MISC
MISC
MISC
libp2p — libp2p
 
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.2023-08-25not yet calculatedCVE-2023-40583
MISC
MISC
MISC
MISC
ironic-image — ironic-image
 
ironic-image is a container image to run OpenStack Ironic as part of Metal³. Prior to version capm3-v1.4.3, if Ironic is not deployed with TLS and it does not have API and Conductor split into separate services, access to the API is not protected by any authentication. Ironic API is also listening in host network. In case the node is not behind a firewall, the API could be accessed by anyone via network without authentication. By default, Ironic API in Metal3 is protected by TLS and basic authentication, so this vulnerability requires operator to configure API without TLS for it to be vulnerable. TLS and authentication however should not be coupled as they are in versions prior to capm3-v1.4.3. A patch exists in versions capm3-v1.4.3 and newer. Some workarounds are available. Either configure TLS for Ironic API (`deploy.sh -t …`, `IRONIC_TLS_SETUP=true`) or split Ironic API and Conductor via configuration change (old implementation, not recommended). With both workarounds, services are configured with httpd front-end, which has proper authentication configuration in place.2023-08-25not yet calculatedCVE-2023-40585
MISC
MISC
golang — owasp_coraza_waf
 
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Due to the misuse of `log.Fatalf`, the application using coraza crashed after receiving crafted requests from attackers. The application will immediately crash after receiving a malicious request that triggers an error in `mime.ParseMediaType`. This issue was patched in version 3.0.1.2023-08-25not yet calculatedCVE-2023-40586
MISC
MISC
pylons — pyramid
 
Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view’s file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.2023-08-25not yet calculatedCVE-2023-40587
MISC
MISC
MISC
MISC
mailform_pro_cgi — mailform_pro_cgi
 
Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service condition. Affected add-ons are as follows: call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.2023-08-25not yet calculatedCVE-2023-40599
MISC
MISC
openmns — horizon
 
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLE_FILESYSTEM_EDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization’s private networks and should not be directly accessible from the Internet. OpenNMS thanks Erik Wynter for reporting this issue.2023-08-23not yet calculatedCVE-2023-40612
MISC
MISC
opto_22 — snap_pac_s1
 
There is no limit on the number of login attempts in the web server for the SNAP PAC S1 Firmware version R10.3b. This could allow for a brute-force attack on the built-in web server login.2023-08-24not yet calculatedCVE-2023-40706
MISC
opto_22 — snap_pac_s1
 
There are no requirements for setting a complex password in the built-in web server of the SNAP PAC S1 Firmware version R10.3b, which could allow for a successful brute force attack if users don’t set up complex credentials.2023-08-24not yet calculatedCVE-2023-40707
MISC
opto_22 — snap_pac_s1
 
The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. This could allow an adversary to access some device files.2023-08-24not yet calculatedCVE-2023-40708
MISC
opto_22 — snap_pac_s1
 
An adversary could crash the entire device by sending a large quantity of ICMP requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b2023-08-24not yet calculatedCVE-2023-40709
MISC
opto_22 — snap_pac_s1
 
An adversary could cause a continuous restart loop to the entire device by sending a large quantity of HTTP GET requests if the controller has the built-in web server enabled but does not have the built-in web server completely set up and configured for the SNAP PAC S1 Firmware version R10.3b2023-08-24not yet calculatedCVE-2023-40710
MISC
butterfly_button — butterfly_button
 
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BUTTERFLY BUTTON PROJECT – BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and confidentiality. This issue affects BUTTERFLY BUTTON: As of 2023-08-21.2023-08-21not yet calculatedCVE-2023-40735
MISC
MISC
MISC
MISC
MISC
MISC
phicomm — k2
 
Phicomm k2 v22.6.529.216 is vulnerable to command injection.2023-08-25not yet calculatedCVE-2023-40796
MISC
tenda — ac23_firmware
 
In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability.2023-08-25not yet calculatedCVE-2023-40797
MISC
tenda — ac23_firmware
 
In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability.2023-08-25not yet calculatedCVE-2023-40798
MISC
tenda — ac23_firmware
 
Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function.2023-08-25not yet calculatedCVE-2023-40799
MISC
tenda — ac23_firmware
 
The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn.2023-08-25not yet calculatedCVE-2023-40800
MISC
tenda — ac23_firmware
 
The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn2023-08-25not yet calculatedCVE-2023-40801
MISC
tenda — ac23_firmware
 
The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn2023-08-25not yet calculatedCVE-2023-40802
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter firewallEn at /goform/SetFirewallCfg.2023-08-24not yet calculatedCVE-2023-40891
MISC
tenda — ac8v4_firmwareTenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter schedStartTime and schedEndTime at /goform/openSchedWifi.2023-08-24not yet calculatedCVE-2023-40892
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet.2023-08-24not yet calculatedCVE-2023-40893
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetStaticRouteCfg.2023-08-24not yet calculatedCVE-2023-40894
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg.2023-08-24not yet calculatedCVE-2023-40895
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.2023-08-24not yet calculatedCVE-2023-40896
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter mac at /goform/GetParentControlInfo.2023-08-24not yet calculatedCVE-2023-40897
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter timeZone at /goform/SetSysTimeCfg.2023-08-24not yet calculatedCVE-2023-40898
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.2023-08-24not yet calculatedCVE-2023-40899
MISC
tenda — ac8v4_firmware
 
Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList.2023-08-24not yet calculatedCVE-2023-40900
MISC
tenda — ac10v4_firmware
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at url /goform/setMacFilterCfg.2023-08-24not yet calculatedCVE-2023-40901
MISC
tenda — ac10v4_firmware
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.2023-08-24not yet calculatedCVE-2023-40902
MISC
tenda — ac10v4_firmware
 
Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter macFilterType and parameter deviceList at /goform/setMacFilterCfg.2023-08-24not yet calculatedCVE-2023-40904
MISC
tenda — ax3_firmware
 
Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ssid parameter.2023-08-25not yet calculatedCVE-2023-40915
MISC
jupilink — rx4-1500
 
A stack-based buffer overflow exists in Juplink RX4-1500, a WiFi router, in versions 1.0.2 through 1.0.5. An authenticated attacker can exploit this vulnerability to achieve code execution as root.2023-08-23not yet calculatedCVE-2023-41028
MISC
oracle — apache_tomcat
 
URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application.2023-08-25not yet calculatedCVE-2023-41080
MISC
misp — misp
 
An issue was discovered in MISP 2.4.174. In app/Controller/DashboardsController.php, a reflected XSS issue exists via the id parameter upon a dashboard edit.2023-08-23not yet calculatedCVE-2023-41098
MISC
typo3 — typo3
 
An issue was discovered in the hcaptcha (aka hCaptcha for EXT:form) extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check.2023-08-23not yet calculatedCVE-2023-41100
MISC
varnish_software — varnish_enterprise
 
libvmod-digest before 1.0.3, as used in Varnish Enterprise 6.0.x before 6.0.11r5, has an out-of-bounds memory access during base64 decoding, leading to both authentication bypass and information disclosure; however, the exact attack surface will depend on the particular VCL (Varnish Configuration Language) configuration in use.2023-08-23not yet calculatedCVE-2023-41104
MISC
MISC
MISC
python — python
 
An issue was discovered in Python 3.11 through 3.11.4. If a path containing ‘\0’ bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first ‘\0’ byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.2023-08-23not yet calculatedCVE-2023-41105
MISC
MISC
MISC
MISC
CONFIRM
array_networks — array_ag_os
 
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.2023-08-25not yet calculatedCVE-2023-41121
MISC
MISC
webiny — headless_cms
 
@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user’s browser when the main page or admin page loads.2023-08-25not yet calculatedCVE-2023-41167
MISC
MISC
adguard_dns — adguard_dns
 
AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets.2023-08-25not yet calculatedCVE-2023-41173
MISC
jetbrains — teamcity
 
In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration2023-08-25not yet calculatedCVE-2023-41248
MISC
jetbrains — teamcity
 
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step2023-08-25not yet calculatedCVE-2023-41249
MISC
jetbrains — teamcity
 
In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration2023-08-25not yet calculatedCVE-2023-41250
MISC
trane_technologies — multiple_products
 
A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. The vulnerability requires physical access to the device via a USB stick.2023-08-22not yet calculatedCVE-2023-4212
MISC
MISC
MISC
moxa — iologik_4000_series
 
A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to the product. This could lead to security breaches, data theft, and unauthorized manipulation of sensitive information. The vulnerability is attributed to the presence of an unauthorized service, which could potentially enable unauthorized access to the. device.2023-08-24not yet calculatedCVE-2023-4227
MISC
moxa — iologik_4000_series
 
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.2023-08-24not yet calculatedCVE-2023-4228
MISC
moxa — iologik_4000_series
 
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. This vulnerability may allow attackers to trick users into interacting with malicious content, leading to unintended actions or unauthorized data disclosures.2023-08-24not yet calculatedCVE-2023-4229
MISC
moxa — iologik_4000_series
 
A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series devices. This vulnerability may enable attackers to gather information for the purpose of assessing vulnerabilities and potential attack vectors.2023-08-24not yet calculatedCVE-2023-4230
MISC
sick_ag — lms5xx
 
A remote unprivileged attacker can sent multiple packages to the LMS5xx to disrupt its availability through a TCP SYN-based denial-of-service (DDoS) attack. By exploiting this vulnerability, an attacker can flood the targeted LMS5xx with a high volume of TCP SYN requests, overwhelming its resources and causing it to become unresponsive or unavailable for legitimate users.2023-08-24not yet calculatedCVE-2023-4418
MISC
MISC
MISC
sick_ag — lms5xx
 
The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device.2023-08-24not yet calculatedCVE-2023-4419
MISC
MISC
MISC
sick_ag — lms5xxA remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS5xx. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attacker can exploit this weakness to eavesdrop on the communication between the LMS5xx and the Client, and potentially manipulate the data being transmitted.2023-08-24not yet calculatedCVE-2023-4420
MISC
MISC
MISC
google — chrome
 
Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)2023-08-23not yet calculatedCVE-2023-4427
MISC
MISC
MISC
asustor — adm
 
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Affected products and versions include: ADM 4.0.6.RIS1, 4.1.0 and below as well as ADM 4.2.2.RI61 and below.2023-08-22not yet calculatedCVE-2023-4475
MISC
mattermost — mattermost
 
Mattermost fails to restrict which parameters’ values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost without the system admin activating their accounts.2023-08-25not yet calculatedCVE-2023-4478
MISC
gerbv — gerbv
 
A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.2023-08-24not yet calculatedCVE-2023-4508
MISC
MISC
MISC
wireshark — wireshark
 
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file2023-08-24not yet calculatedCVE-2023-4511
MISC
MISC
wireshark — wireshark
 
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file2023-08-24not yet calculatedCVE-2023-4512
MISC
MISC
wireshark — wireshark
 
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file2023-08-24not yet calculatedCVE-2023-4513
MISC
MISC
neomind — fusion_platform
 
A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Affected is an unknown function of the file /fusion/portal/action/Link. The manipulation of the argument link leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-238026 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-25not yet calculatedCVE-2023-4534
MISC
MISC
MISC
d-link — dar-8000-10
 
A vulnerability was found in D-Link DAR-8000-10 up to 20230809. It has been classified as critical. This affects an unknown part of the file /app/sys1.php. The manipulation of the argument cmd with the input id leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-238047. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-25not yet calculatedCVE-2023-4542
MISC
MISC
MISC
ibos — oa
 
A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. This vulnerability affects unknown code of the file ?r=recruit/contact/export&contactids=x. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-25not yet calculatedCVE-2023-4543
MISC
MISC
MISC
beijing_baichuo — smart_s85f_management_platform
 
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It has been rated as problematic. This issue affects some unknown processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-238049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-26not yet calculatedCVE-2023-4544
MISC
MISC
MISC
ibos — oa
 
A vulnerability was found in IBOS OA 4.5.5. It has been classified as critical. Affected is an unknown function of the file ?r=recruit/bgchecks/export&checkids=x. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-238056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-26not yet calculatedCVE-2023-4545
MISC
MISC
MISC
beijing_baichuo — smart_s85f_management_platform
 
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability.2023-08-26not yet calculatedCVE-2023-4546
MISC
MISC
MISC
spa-cart_ecommerce_cms — spa-cart_ecommerce_cms
 
A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.2023-08-26not yet calculatedCVE-2023-4547
MISC
MISC
spa-cart_ecommerce_cms — spa-cart_ecommerce_cms
 
A vulnerability classified as critical has been found in SPA-Cart eCommerce CMS 1.9.0.3. This affects an unknown part of the file /search of the component GET Parameter Handler. The manipulation of the argument filter[brandid] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-238059.2023-08-26not yet calculatedCVE-2023-4548
MISC
MISC

Back to top


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

 To keep up to date follow us on the below channels.