US-CERT Vulnerability Summary for the Week of July 24, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| biltay_technology — scienta | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953. | 2023-07-25 | 9.8 | CVE-2023-3046 MISC |
| infodrom_software — e-invoice_approval_system | Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701. | 2023-07-25 | 9.8 | CVE-2023-35066 MISC |
| house_rental_and_property_listing_php_project — house_rental_and_property_listing_php | A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235074 is the identifier assigned to this vulnerability. | 2023-07-21 | 9.8 | CVE-2023-3806 MISC MISC MISC |
| hospital_management_system_project — hospital_management_system | A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235077 was assigned to this vulnerability. | 2023-07-21 | 9.8 | CVE-2023-3809 MISC MISC MISC |
| hospital_management_system_project — hospital_management_system | A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235078 is the identifier assigned to this vulnerability. | 2023-07-21 | 9.8 | CVE-2023-3810 MISC MISC MISC |
| hospital_management_system_project — hospital_management_system | A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235079. | 2023-07-21 | 9.8 | CVE-2023-3811 MISC MISC MISC |
| ibos — ibos | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 9.8 | CVE-2023-3826 MISC MISC MISC |
| dahuasecurity — smart_parking_management | A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 9.8 | CVE-2023-3836 MISC MISC MISC |
| wordpress — wordpress | The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the ‘events_receiver’ function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user. | 2023-07-27 | 9.8 | CVE-2023-3956 MISC MISC MISC |
| infodrom_software — e-invoice_approval_system | Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701. | 2023-07-25 | 9.1 | CVE-2023-35067 MISC |
| beauty_salon_management_system_project — beauty_salon_management_system | A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075. | 2023-07-21 | 8.8 | CVE-2023-3807 MISC MISC MISC |
| hospital_management_system_project — hospital_management_system | A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235076. | 2023-07-21 | 8.8 | CVE-2023-3808 MISC MISC MISC |
| nxfilter — nxfilter | A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | 8.8 | CVE-2023-3841 MISC MISC |
| openbabel — open_babel | An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-37331 MISC |
| openbabel — open_babel | An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-41793 MISC |
| openbabel — open_babel | A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-42885 MISC |
| openbabel — open_babel | An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-43467 MISC |
| openbabel — open_babel | An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-43607 MISC |
| openbabel — open_babel | A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-44451 MISC |
| openbabel — open_babel | A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2023-07-21 | 7.8 | CVE-2022-46280 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation | 2023-07-21 | 7.8 | CVE-2022-46289 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms | 2023-07-21 | 7.8 | CVE-2022-46290 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format | 2023-07-21 | 7.8 | CVE-2022-46291 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section | 2023-07-21 | 7.8 | CVE-2022-46292 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section | 2023-07-21 | 7.8 | CVE-2022-46293 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format | 2023-07-21 | 7.8 | CVE-2022-46294 MISC |
| openbabel — open_babel | Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format | 2023-07-21 | 7.8 | CVE-2022-46295 MISC |
| webboss — webboss.io_cms | An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. | 2023-07-21 | 7.5 | CVE-2023-36339 MISC MISC |
| wordpress — wordpress | The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated. | 2023-07-21 | 7.5 | CVE-2023-3813 MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235233 was assigned to this vulnerability. | 2023-07-24 | 7.5 | CVE-2023-3871 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235234 is the identifier assigned to this vulnerability. | 2023-07-24 | 7.5 | CVE-2023-3872 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235235. | 2023-07-25 | 7.5 | CVE-2023-3873 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236. | 2023-07-25 | 7.5 | CVE-2023-3874 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability. | 2023-07-25 | 7.5 | CVE-2023-3875 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235238 is the identifier assigned to this vulnerability. | 2023-07-25 | 7.5 | CVE-2023-3876 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235239. | 2023-07-25 | 7.5 | CVE-2023-3877 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235240. | 2023-07-25 | 7.5 | CVE-2023-3878 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/del_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235241 was assigned to this vulnerability. | 2023-07-25 | 7.5 | CVE-2023-3879 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235242 is the identifier assigned to this vulnerability. | 2023-07-25 | 7.5 | CVE-2023-3880 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243. | 2023-07-25 | 7.5 | CVE-2023-3881 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-accepted-appointment.php. The manipulation of the argument contactno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235244. | 2023-07-25 | 7.5 | CVE-2023-3882 MISC MISC MISC |
| codesys — codesys_development_system | In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users. | 2023-07-28 | 7.3 | CVE-2023-3670 MISC |
| pimcore — pimcore | SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. | 2023-07-21 | 7.2 | CVE-2023-3820 MISC MISC |
| dedebiz — dedebiz | A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | 7.2 | CVE-2023-3839 MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| microsoft — microsoft_edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-07-21 | 6.5 | CVE-2023-38187 MISC |
| pimcore — pimcore | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. | 2023-07-21 | 6.5 | CVE-2023-3819 MISC MISC |
| webboss — webboss.io_cms | WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | 2023-07-21 | 6.1 | CVE-2023-37742 MISC MISC MISC |
| pimcore — pimcore | Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. | 2023-07-21 | 6.1 | CVE-2023-3822 MISC MISC |
| bugfinder — listplace_directory_listing_platform | A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3827 MISC MISC |
| bugfinder — listplace_directory_listing_platform | A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3828 MISC MISC |
| bugfinder — icogenie | A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3829 MISC MISC |
| bugfinder — sass_biller | A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3830 MISC MISC |
| bugfinder — wedding_wonders | A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic. Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-235158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3832 MISC MISC |
| bugfinder — montage | A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3833 MISC MISC |
| bugfinder — ex-rate | A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3834 MISC MISC |
| bugfinder — minestack | A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 6.1 | CVE-2023-3835 MISC MISC |
| nxfilter — nxfilter | A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. This affects an unknown part of the file /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. The manipulation of the argument user leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | 6.1 | CVE-2023-3840 MISC MISC |
| moosocial — moodating | A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3843 MISC MISC MISC |
| moosocial — moodating | A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3844 MISC MISC MISC |
| moosocial — moodating | A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3845 MISC MISC MISC |
| moosocial — moodating | A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3846 MISC MISC MISC |
| moosocial — moodating | A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3847 MISC MISC MISC |
| moosocial — moodating | A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3848 MISC MISC MISC |
| moosocial — moodating | A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly. | 2023-07-23 | 6.1 | CVE-2023-3849 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/add-category.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235245 was assigned to this vulnerability. | 2023-07-25 | 6.1 | CVE-2023-3883 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235246 is the identifier assigned to this vulnerability. | 2023-07-25 | 6.1 | CVE-2023-3884 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/edit_category.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235247. | 2023-07-25 | 6.1 | CVE-2023-3885 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/invoice.php. The manipulation of the argument inv_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235248. | 2023-07-25 | 6.1 | CVE-2023-3886 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235249 was assigned to this vulnerability. | 2023-07-25 | 6.1 | CVE-2023-3887 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235250 is the identifier assigned to this vulnerability. | 2023-07-25 | 6.1 | CVE-2023-3888 MISC MISC MISC |
| campcodes — beauty_salon_management_system | A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit-accepted-appointment.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235251. | 2023-07-25 | 6.1 | CVE-2023-3890 MISC MISC MISC |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861. | 2023-07-22 | 5.4 | CVE-2023-25929 MISC MISC |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim’s Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 251214. | 2023-07-22 | 5.4 | CVE-2023-28530 MISC MISC |
| pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.6.4. | 2023-07-21 | 5.4 | CVE-2023-3821 MISC MISC |
| bugfinder — finounce | A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 5.4 | CVE-2023-3831 MISC MISC |
| esri — server | There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities. | 2023-07-21 | 4.8 | CVE-2023-25841 MISC |
| dedebiz — dedebiz | A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-22 | 4.8 | CVE-2023-3837 MISC MISC MISC |
| dedebiz — dedebiz | A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/vote_edit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | 4.8 | CVE-2023-3838 MISC MISC MISC |
| microsoft — microsoft_edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-07-21 | 4.7 | CVE-2023-35392 MISC |
| wordpress — wordpress | Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability. | 2023-07-28 | 4.3 | CVE-2023-0958 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| microsoft — microsoft_edge_for_android | Microsoft Edge for Android Spoofing Vulnerability | 2023-07-21 | 4.3 | CVE-2023-38173 MISC |
| wordpress — wordpress | The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the ‘apg_profile_update’ function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string. | 2023-07-27 | 4.3 | CVE-2023-3957 MISC MISC MISC |
| wordpress — wordpress | Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-28 | 4.3 | CVE-2023-3977 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| wordpress — wordpress | The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the ‘vczapi_encrypt_decrypt’ function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password. | 2023-07-26 | 3.7 | CVE-2023-3947 MISC MISC MISC |
| esri — server | There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high. | 2023-07-21 | 3.4 | CVE-2023-25840 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| jinfornet — jreport | Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. | 2023-07-27 | not yet calculated | CVE-2020-22623 MISC MISC MISC |
| thinkific — thinkific_online_course_creation_platform | Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link – https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com; Step 2 : Search for this Dork site:thinkific.com -www; Step 3 : You will get a list of websites which are running on the thinkific domains; Step 4 : Create account and signin in any of the website; Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AA Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS; Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack. | 2023-07-25 | not yet calculated | CVE-2020-35698 MISC |
| deskpro — support_desk | Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. | 2023-07-21 | not yet calculated | CVE-2021-35391 MISC MISC |
| icewarp — mailserver/server_deep_castle_2 | Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. | 2023-07-27 | not yet calculated | CVE-2021-36580 MISC MISC MISC |
| seeddms — seeddms | A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2023-07-24 | not yet calculated | CVE-2021-39421 MISC |
| google — chrome | Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2021-4316 MISC MISC |
| google — chrome | Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2021-4317 MISC MISC |
| google — chrome | Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2021-4318 MISC MISC |
| google — chrome | Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2021-4319 MISC MISC |
| google — chrome | Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2021-4320 MISC MISC |
| google — chrome | Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2021-4321 MISC MISC |
| google — chrome | Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2021-4322 MISC MISC |
| google — chrome | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2021-4323 MISC MISC |
| google — chrome | Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2021-4324 MISC MISC |
| hitachi_energy — rtu500_series | A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function. | 2023-07-26 | not yet calculated | CVE-2022-2502 MISC |
| nokia — netact_22 | An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value. | 2023-07-24 | not yet calculated | CVE-2022-28863 MISC MISC |
| nokia — netact_22 | An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | 2023-07-24 | not yet calculated | CVE-2022-28864 MISC MISC |
| nokia — netact_22 | An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim’s web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | 2023-07-24 | not yet calculated | CVE-2022-28865 MISC MISC |
| nokia — netact_22 | An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim’s web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used. | 2023-07-24 | not yet calculated | CVE-2022-28867 MISC MISC |
| nokia — netact_22 | /SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. | 2023-07-24 | not yet calculated | CVE-2022-30280 MISC MISC |
| atmail — atmail | Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | 2023-07-27 | not yet calculated | CVE-2022-31200 MISC MISC |
| yii_2 — yii_2 | Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books. | 2023-07-28 | not yet calculated | CVE-2022-31454 MISC MISC |
| truedesk — truedesk | * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. | 2023-07-26 | not yet calculated | CVE-2022-31455 MISC MISC |
| truedesk — truedesk | A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter. | 2023-07-26 | not yet calculated | CVE-2022-31456 MISC MISC |
| rtx_trap — rtx_trap | RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/. | 2023-07-25 | not yet calculated | CVE-2022-31457 MISC |
| rtx_trap — rtx_trap | RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning. | 2023-07-25 | not yet calculated | CVE-2022-31458 MISC MISC |
| arm_ltd — multiple_products | When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | 2023-07-27 | not yet calculated | CVE-2022-43701 MISC |
| arm_ltd — multiple_products | When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | 2023-07-27 | not yet calculated | CVE-2022-43702 MISC |
| arm_ltd — multiple_products | An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files. | 2023-07-27 | not yet calculated | CVE-2022-43703 MISC |
| gx_software –gx_software | Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields. | 2023-07-26 | not yet calculated | CVE-2022-43710 MISC MISC |
| gx_software –gx_software | Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. | 2023-07-26 | not yet calculated | CVE-2022-43711 MISC MISC |
| gx_software –gx_software | POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965. | 2023-07-26 | not yet calculated | CVE-2022-43712 MISC MISC |
| gx_software –gx_software | Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | 2023-07-26 | not yet calculated | CVE-2022-43713 MISC MISC |
| hitachi_energy — rtu500_series | A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow. | 2023-07-26 | not yet calculated | CVE-2022-4608 MISC |
| vocera — report_server/voice_server | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the “restore SQL data” filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database. | 2023-07-25 | not yet calculated | CVE-2022-46898 MISC MISC |
| vocera — report_server/voice_server | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter. | 2023-07-25 | not yet calculated | CVE-2022-46899 MISC MISC |
| vocera — report_server/voice_server | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters. | 2023-07-25 | not yet calculated | CVE-2022-46900 MISC |
| vocera — report_server/voice_server | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database. | 2023-07-25 | not yet calculated | CVE-2022-46901 MISC MISC |
| vocera — report_server/voice_server | An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination. | 2023-07-25 | not yet calculated | CVE-2022-46902 MISC MISC |
| google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4906 MISC MISC |
| google — chrome | Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4907 MISC MISC |
| google — chrome | Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4908 MISC MISC |
| google — chrome | Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4909 MISC MISC |
| google — chrome | Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4910 MISC MISC |
| google — chrome | Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4911 MISC MISC |
| google — chrome | Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4912 MISC MISC |
| google — chrome | Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4913 MISC MISC |
| google — chrome | Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4914 MISC MISC |
| google — chrome | Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4915 MISC MISC |
| google — chrome | Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4916 MISC MISC |
| google — chrome | Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4917 MISC MISC |
| google — chrome | Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4918 MISC MISC |
| google — chrome | Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4919 MISC MISC |
| google — chrome | Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4920 MISC MISC |
| google — chrome | Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4921 MISC MISC |
| google — chrome | Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4922 MISC MISC |
| google — chrome | Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4923 MISC MISC |
| google — chrome | Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2022-4924 MISC MISC |
| google — chrome | Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2022-4925 MISC MISC |
| google — chrome | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2022-4926 MISC MISC |
| qemu — qemu | A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host. | 2023-07-24 | not yet calculated | CVE-2023-1386 MISC MISC |
| gitlab — gitlab | An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization. | 2023-07-26 | not yet calculated | CVE-2023-1401 MISC MISC |
| amd — multiple_products | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | 2023-07-24 | not yet calculated | CVE-2023-20593 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| vmware — vmware_tanzu_application_service_for_vms | The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs. | 2023-07-26 | not yet calculated | CVE-2023-20891 MISC |
| axis_communications_ab — axis_a1001_network_door_controller | Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod process, causing a temporary unavailability of the door-controlling functionalities meaning that doors cannot be opened or closed. No sensitive or customer data can be extracted as the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions. | 2023-07-25 | not yet calculated | CVE-2023-21405 MISC |
| axis_communications_ab — axis_a1001_network_door_controller | Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which is handling the OSDP communication allowing to write outside of the allocated buffer. By appending invalid data to an OSDP message it was possible to write data beyond the heap allocated buffer. The data written outside the buffer could be used to execute arbitrary code. lease refer to the Axis security advisory for more information, mitigation and affected products and software versions. | 2023-07-25 | not yet calculated | CVE-2023-21406 MISC |
| gallagher — command_centre | A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2) | 2023-07-25 | not yet calculated | CVE-2023-22363 MISC |
| gallagher — command_centre | Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior. | 2023-07-24 | not yet calculated | CVE-2023-22428 MISC |
| wordpress — wordpress | The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. | 2023-07-24 | not yet calculated | CVE-2023-2309 MISC |
| google — chrome | Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-07-29 | not yet calculated | CVE-2023-2311 MISC MISC |
| google — chrome | Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) | 2023-07-29 | not yet calculated | CVE-2023-2313 MISC MISC |
| google — chrome | Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-07-29 | not yet calculated | CVE-2023-2314 MISC MISC |
| gallagher — command_centre | Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior | 2023-07-25 | not yet calculated | CVE-2023-23568 MISC |
| github — enterprise_server | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-07-27 | not yet calculated | CVE-2023-23764 MISC MISC MISC |
| wordpress — wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions. | 2023-07-25 | not yet calculated | CVE-2023-23833 MISC |
| solarwinds — network_configuration_manager | The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | 2023-07-26 | not yet calculated | CVE-2023-23842 MISC MISC |
| solarwinds — solarwinds_platform | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands. | 2023-07-26 | not yet calculated | CVE-2023-23843 MISC MISC |
| solarwinds — solarwinds_platform | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | 2023-07-26 | not yet calculated | CVE-2023-23844 MISC MISC |
| linux — kernel | A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. | 2023-07-23 | not yet calculated | CVE-2023-2430 MISC |
| gallagher — command_centre | Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies. This issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior. | 2023-07-25 | not yet calculated | CVE-2023-25074 MISC |
| nodebb — nodebb | NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit. | 2023-07-24 | not yet calculated | CVE-2023-26045 MISC MISC |
| atera — agent | Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | 2023-07-24 | not yet calculated | CVE-2023-26077 MISC MISC MISC |
| atera — agent | Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs. | 2023-07-24 | not yet calculated | CVE-2023-26078 MISC MISC MISC |
| google — nest_hub_max | There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network. This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range. | 2023-07-25 | not yet calculated | CVE-2023-2626 MISC |
| hp_inc. — hp_laserjet_pro | Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. | 2023-07-21 | not yet calculated | CVE-2023-26301 MISC |
| canonical — ubuntu_kernel | On Ubuntu kernels carrying both c914c0e27eb0 and “UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs”, an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks. | 2023-07-26 | not yet calculated | CVE-2023-2640 MISC MISC MISC MISC |
| abb — ao-opc | A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges. It is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders. An update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 | 2023-07-28 | not yet calculated | CVE-2023-2685 MISC |
| prestashop — sendinblue | SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. | 2023-07-26 | not yet calculated | CVE-2023-26859 MISC MISC |
| asus – armoury_crate | ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. | 2023-07-26 | not yet calculated | CVE-2023-26911 MISC MISC MISC |
| wordpress — wordpress | The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin. | 2023-07-24 | not yet calculated | CVE-2023-2761 MISC |
| hcl_software_ — hcl_bigfix_mobile | HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server. | 2023-07-27 | not yet calculated | CVE-2023-28012 MISC |
| hcl_software_ — hcl_bigfix_mobile | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | 2023-07-26 | not yet calculated | CVE-2023-28013 MISC |
| hcl_software_ — hcl_bigfix_mobile | HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application. | 2023-07-27 | not yet calculated | CVE-2023-28014 MISC |
| check_point — gaia_portal | Local user may lead to privilege escalation using Gaia Portal hostnames page. | 2023-07-26 | not yet calculated | CVE-2023-28130 MISC MISC |
| harmony_endpoint — harmony_endpoint | Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file | 2023-07-23 | not yet calculated | CVE-2023-28133 MISC |
| apple — apple_music_for_android | The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts. | 2023-07-28 | not yet calculated | CVE-2023-28203 MISC |
| nodebb — nodebb | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. | 2023-07-25 | not yet calculated | CVE-2023-2850 MISC MISC MISC |
| linux — kernel | An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel. | 2023-07-24 | not yet calculated | CVE-2023-2860 MISC MISC MISC |
| qemu — qemu | A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service. | 2023-07-24 | not yet calculated | CVE-2023-3019 MISC MISC |
| multi-remote_next_generation_connection_manager — multi-remote_next_generation_connection_manager | Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory. | 2023-07-26 | not yet calculated | CVE-2023-30367 MISC MISC MISC |
| advanced_maryland_automatic_network_disk_archiver — advanced_maryland_automatic_network_disk_archiver | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705. | 2023-07-26 | not yet calculated | CVE-2023-30577 CONFIRM |
| palantir — palantir | A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page’s content, which could lead to phishing attacks. | 2023-07-26 | not yet calculated | CVE-2023-30949 MISC |
| gitlab — gitlab | A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR. | 2023-07-21 | not yet calculated | CVE-2023-3102 MISC MISC |
| fsmlabs — timekeeper | An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server. | 2023-07-26 | not yet calculated | CVE-2023-31465 MISC MISC |
| fsmlabs — timekeeper | An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the “Configuration -> Compliance -> Add a new compliance report” and “Configuration -> Timekeeper Configuration -> Add a new source there” screens, there are entry points to inject JavaScript code. | 2023-07-26 | not yet calculated | CVE-2023-31466 MISC MISC |
| rail_pass_management_system — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file. | 2023-07-28 | not yet calculated | CVE-2023-31932 MISC |
| rail_pass_management_system — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file. | 2023-07-28 | not yet calculated | CVE-2023-31933 MISC |
| rail_pass_management_system — rail_pass_management_system | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. | 2023-07-28 | not yet calculated | CVE-2023-31934 MISC |
| rail_pass_management_system — rail_pass_management_system | Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. | 2023-07-28 | not yet calculated | CVE-2023-31935 MISC MISC |
| rail_pass_management_system — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file. | 2023-07-28 | not yet calculated | CVE-2023-31936 MISC |
| rail_pass_management_system — rail_pass_management_system | Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file. | 2023-07-28 | not yet calculated | CVE-2023-31937 MISC |
| curl — curl | libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to. | 2023-07-26 | not yet calculated | CVE-2023-32001 MISC MISC |
| vasion — printerlogic_client | An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution. | 2023-07-25 | not yet calculated | CVE-2023-32231 MISC MISC MISC |
| vasion — printerlogic_client | An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | 2023-07-25 | not yet calculated | CVE-2023-32232 MISC MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | 2023-07-24 | not yet calculated | CVE-2023-32247 MISC MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | 2023-07-24 | not yet calculated | CVE-2023-32248 MISC MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. | 2023-07-24 | not yet calculated | CVE-2023-32252 MISC MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. | 2023-07-24 | not yet calculated | CVE-2023-32257 MISC MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel. | 2023-07-24 | not yet calculated | CVE-2023-32258 MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. | 2023-07-27 | not yet calculated | CVE-2023-32364 MISC MISC MISC |
| apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-32381 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-32393 MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information. | 2023-07-27 | not yet calculated | CVE-2023-32416 MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-32418 MISC MISC MISC |
| b&r_industrial_automation — automation_runtime | Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93. | 2023-07-26 | not yet calculated | CVE-2023-3242 MISC |
| apple — apple_music_for_android | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic. | 2023-07-28 | not yet calculated | CVE-2023-32427 MISC |
| apple — macos_ventura | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass Privacy preferences. | 2023-07-27 | not yet calculated | CVE-2023-32429 MISC MISC MISC |
| apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-32433 MISC MISC MISC MISC MISC MISC MISC |
| apple — ios_and_ipados | The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox. | 2023-07-27 | not yet calculated | CVE-2023-32437 MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-32441 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings. | 2023-07-27 | not yet calculated | CVE-2023-32442 MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents. | 2023-07-27 | not yet calculated | CVE-2023-32443 MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions. | 2023-07-28 | not yet calculated | CVE-2023-32444 MISC MISC MISC MISC MISC MISC |
| apple — safari | This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack. | 2023-07-28 | not yet calculated | CVE-2023-32445 MISC MISC MISC MISC MISC MISC |
| dell — dell_power_manager | Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access. | 2023-07-27 | not yet calculated | CVE-2023-32450 MISC |
| dell — ecs_streamer | Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data. | 2023-07-26 | not yet calculated | CVE-2023-32468 MISC |
| php_group — php | In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client’s nonce. | 2023-07-22 | not yet calculated | CVE-2023-3247 MISC |
| wordpress — wordpress | The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-07-24 | not yet calculated | CVE-2023-3248 MISC |
| canonical — ubuntu_kernel | Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels | 2023-07-26 | not yet calculated | CVE-2023-32629 MISC MISC MISC MISC |
| the_ministry_of_justice — applicant_programme | Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 2023-07-25 | not yet calculated | CVE-2023-32639 MISC MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user. | 2023-07-28 | not yet calculated | CVE-2023-32654 MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-32734 MISC MISC MISC MISC |
| abb — abb_ability_zenon | A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | 2023-07-24 | not yet calculated | CVE-2023-3321 MISC |
| abb — abb_ability_zenon | A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | 2023-07-24 | not yet calculated | CVE-2023-3322 MISC |
| solarwinds — solarwinds_platform | The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges. | 2023-07-26 | not yet calculated | CVE-2023-33224 MISC MISC |
| solarwinds — solarwinds_platform | The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges. | 2023-07-26 | not yet calculated | CVE-2023-33225 MISC MISC |
| solarwinds — solarwinds_platform | The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML. | 2023-07-26 | not yet calculated | CVE-2023-33229 MISC MISC |
| abb — abb_ability | A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | 2023-07-24 | not yet calculated | CVE-2023-3323 MISC |
| abb — abb_ability_zenon | A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted programs to exploit the vulnerabilities by allowing them to run on the zenon installed hosts. This issue affects ABB Ability™ zenon: from 11 build through 11 build 106404. | 2023-07-24 | not yet calculated | CVE-2023-3324 MISC |
| fortinet — fortios/fortiproxy | A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection. | 2023-07-26 | not yet calculated | CVE-2023-33308 MISC |
| wordpress — wordpress | The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-07-24 | not yet calculated | CVE-2023-3344 MISC |
| teleadapt — roomcast_ta-2400 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. | 2023-07-27 | not yet calculated | CVE-2023-33742 MISC |
| teleadapt — roomcast_ta-2400 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. | 2023-07-27 | not yet calculated | CVE-2023-33743 MISC |
| teleadapt — roomcast_ta-2400 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. | 2023-07-27 | not yet calculated | CVE-2023-33744 MISC |
| teleadapt — roomcast_ta-2400 | TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password). | 2023-07-27 | not yet calculated | CVE-2023-33745 MISC |
| prestashop — prestashop_for_amazon | An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. | 2023-07-25 | not yet calculated | CVE-2023-33777 MISC MISC |
| sumatrapdf_reader — sumatrapdf_reader | A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file. | 2023-07-26 | not yet calculated | CVE-2023-33802 MISC |
| quay — quay | A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is not performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS). | 2023-07-24 | not yet calculated | CVE-2023-3384 MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions. | 2023-07-25 | not yet calculated | CVE-2023-33925 MISC |
| linux — kernel | A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. | 2023-07-24 | not yet calculated | CVE-2023-33951 MISC MISC MISC |
| linux — kernel | A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel. | 2023-07-24 | not yet calculated | CVE-2023-33952 MISC MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions. | 2023-07-25 | not yet calculated | CVE-2023-34017 MISC |
| strapi — strapi | Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue. | 2023-07-25 | not yet calculated | CVE-2023-34093 MISC MISC MISC |
| servicenow — jenkins_plug-in_for_servicenow_devops | A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | 2023-07-26 | not yet calculated | CVE-2023-3414 MISC |
| mozilla — thunderbird | Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1. | 2023-07-24 | not yet calculated | CVE-2023-3417 MISC MISC MISC MISC MISC |
| apache — inlong | Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. Users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109 to solve it. | 2023-07-25 | not yet calculated | CVE-2023-34189 MISC MISC |
| strapi — strapi | Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to another table they want to query, the query changes from `password` to `t1.password`. `password` is protected by filtering protections but `t1.password` is not protected. This can lead to filtering attacks on everything related to the object again, including admin passwords and reset-tokens. Version 4.10.8 fixes this issue. | 2023-07-25 | not yet calculated | CVE-2023-34235 MISC MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions. | 2023-07-25 | not yet calculated | CVE-2023-34369 MISC |
| servicenow — jenkins_plug-in_for_servicenow_devops | A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. | 2023-07-26 | not yet calculated | CVE-2023-3442 MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | not yet calculated | CVE-2023-34425 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apache — inlong | Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 . | 2023-07-25 | not yet calculated | CVE-2023-34434 MISC MISC MISC |
| apache — shiro | Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests. Mitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+ | 2023-07-24 | not yet calculated | CVE-2023-34478 MISC MISC |
| eoffice — eoffice | An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. | 2023-07-25 | not yet calculated | CVE-2023-34798 MISC |
| gitlab — gitlab_ee | An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations. | 2023-07-21 | not yet calculated | CVE-2023-3484 MISC MISC |
| papercut — ng | An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected. | 2023-07-25 | not yet calculated | CVE-2023-3486 MISC MISC |
| silicon_labs — gecko_bootloader | Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. | 2023-07-28 | not yet calculated | CVE-2023-3488 MISC MISC |
| wordpress — wordpress | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. | 2023-07-25 | not yet calculated | CVE-2023-35043 MISC |
| ivanti — antivirus | An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above. | 2023-07-21 | not yet calculated | CVE-2023-35077 MISC |
| ivanti — endpoint_manager_mobile | Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available. | 2023-07-25 | not yet calculated | CVE-2023-35078 MISC MISC MISC MISC |
| apache — inlong | Improper Neutralization of Special Elements Used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks. Users are advised to upgrade to Apache InLong’s 1.8.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/8198 | 2023-07-25 | not yet calculated | CVE-2023-35088 MISC MISC MISC |
| johnson_controls — iq_wifi_6 | An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. | 2023-07-25 | not yet calculated | CVE-2023-3548 MISC MISC |
| linux — kernel | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information. | 2023-07-24 | not yet calculated | CVE-2023-3567 MISC MISC MISC |
| tuleap — tuleap | Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the “card fields” (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix. | 2023-07-25 | not yet calculated | CVE-2023-35929 MISC MISC MISC MISC |
| envoy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter’s check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host’s domain configuration. | 2023-07-25 | not yet calculated | CVE-2023-35941 MISC |
| envoy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener’s global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update. | 2023-07-25 | not yet calculated | CVE-2023-35942 MISC |
| envoy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration. | 2023-07-25 | not yet calculated | CVE-2023-35943 MISC |
| envoy — envoy | Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue. | 2023-07-25 | not yet calculated | CVE-2023-35944 MISC |
| google — chrome | Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-07-28 | not yet calculated | CVE-2023-3598 MISC MISC |
| hewlett_packard_enterprise — aruba_access_points | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-07-25 | not yet calculated | CVE-2023-35980 MISC |
| hewlett_packard_enterprise — aruba_access_points | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-07-25 | not yet calculated | CVE-2023-35981 MISC |
| hewlett_packard_enterprise — aruba_access_points | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba’s access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | 2023-07-25 | not yet calculated | CVE-2023-35982 MISC |
| apple — multiple_products | This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | 2023-07-27 | not yet calculated | CVE-2023-35983 MISC MISC MISC |
| apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-35993 MISC MISC MISC MISC MISC MISC MISC |
| mulitple_vendors — multiple_products | A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user’s sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users. Given this code is not in any released versions, no security releases have been issued. | 2023-07-21 | not yet calculated | CVE-2023-3603 MISC MISC |
| linux — kernel | A use-after-free vulnerability in the Linux kernel’s net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc. | 2023-07-21 | not yet calculated | CVE-2023-3609 MISC MISC |
| linux — kernel | A use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered. We recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795. | 2023-07-21 | not yet calculated | CVE-2023-3610 MISC MISC MISC |
| linux — kernel | An out-of-bounds write vulnerability in the Linux kernel’s net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64. | 2023-07-21 | not yet calculated | CVE-2023-3611 MISC MISC |
| solarwinds — platform | Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource | 2023-07-26 | not yet calculated | CVE-2023-3622 MISC MISC |
| openstack-neutron — openstack-neutron | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user’s quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | 2023-07-25 | not yet calculated | CVE-2023-3637 MISC MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions. | 2023-07-25 | not yet calculated | CVE-2023-36385 MISC |
| linux — kernel | A possible unauthorized memory access flaw was found in the Linux kernel’s cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the ‘Randomize per-cpu entry area’ feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system. | 2023-07-24 | not yet calculated | CVE-2023-3640 MISC MISC |
| apple — multiple_products | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | not yet calculated | CVE-2023-36495 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions. | 2023-07-25 | not yet calculated | CVE-2023-36501 MISC |
| wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in cththemes Balkon plugin <= 1.3.2 versions. | 2023-07-25 | not yet calculated | CVE-2023-36502 MISC |
| wordpress — wordpress | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions. | 2023-07-25 | not yet calculated | CVE-2023-36503 MISC |
| apache — nifi | Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation. | 2023-07-29 | not yet calculated | CVE-2023-36542 MISC MISC MISC MISC |
| cantao — cantao | Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users. | 2023-07-25 | not yet calculated | CVE-2023-36806 MISC MISC MISC MISC |
| getsentry — sentry | Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher. | 2023-07-25 | not yet calculated | CVE-2023-36826 MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-36854 MISC MISC MISC |
| apple — macos_ventura | A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location. | 2023-07-27 | not yet calculated | CVE-2023-36862 MISC |
| phpgurukul_online_fire_reporting_system — phpgurukul_online_fire_reporting_system | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields. | 2023-07-27 | not yet calculated | CVE-2023-36941 MISC MISC |
| phpgurukul_online_fire_reporting_system — phpgurukul_online_fire_reporting_system | A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field. | 2023-07-27 | not yet calculated | CVE-2023-36942 MISC MISC |
| emlog — emlog | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. | 2023-07-26 | not yet calculated | CVE-2023-37049 MISC |
| dataease — dataease | DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | 2023-07-25 | not yet calculated | CVE-2023-37257 MISC MISC |
| dataease — dataease | DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds. | 2023-07-25 | not yet calculated | CVE-2023-37258 MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | not yet calculated | CVE-2023-37285 MISC MISC MISC MISC MISC MISC MISC MISC |
| redcap — redcap | REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. | 2023-07-25 | not yet calculated | CVE-2023-37361 MISC MISC |
| mulitple_vendors — multiple_products | A heap-based buffer overflow issue was found in ImageMagick’s PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service. | 2023-07-24 | not yet calculated | CVE-2023-3745 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-07-27 | not yet calculated | CVE-2023-37450 MISC MISC MISC MISC MISC |
| codehaus-plexus — plexus-archiver | Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist – the `resolveFile()` function will return the symlink’s source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry’s content to the symlink’s target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue. | 2023-07-25 | not yet calculated | CVE-2023-37460 MISC MISC MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn’t applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn’t have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting. | 2023-07-28 | not yet calculated | CVE-2023-37467 MISC MISC |
| frrouting — frrouting | A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service. | 2023-07-24 | not yet calculated | CVE-2023-3748 MISC MISC |
| libvirt — libvirt | A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon. | 2023-07-24 | not yet calculated | CVE-2023-3750 MISC MISC |
| assembly_software — trialworks | A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter. | 2023-07-24 | not yet calculated | CVE-2023-37613 MISC MISC |
| netdisco — netdisco | Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. | 2023-07-26 | not yet calculated | CVE-2023-37623 MISC MISC MISC MISC |
| netdisco — netdisco | Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | 2023-07-26 | not yet calculated | CVE-2023-37624 MISC MISC MISC |
| pligg_cms — pligg_cms | Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. | 2023-07-25 | not yet calculated | CVE-2023-37677 MISC |
| october_cms — october_cms | An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file. | 2023-07-26 | not yet calculated | CVE-2023-37692 MISC |
| linux — kernel | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service. | 2023-07-25 | not yet calculated | CVE-2023-3772 MISC MISC |
| linux — kernel | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace. | 2023-07-25 | not yet calculated | CVE-2023-3773 MISC MISC |
| yasm — yasm | Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. | 2023-07-26 | not yet calculated | CVE-2023-37732 MISC MISC |
| hashicorp — vault_enterprise | An unhandled error in Vault Enterprise’s namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9. | 2023-07-28 | not yet calculated | CVE-2023-3774 MISC |
| powerjob — powerjob | PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail. | 2023-07-28 | not yet calculated | CVE-2023-37754 MISC MISC MISC |
| linux — kernel | A use-after-free vulnerability in the Linux kernel’s net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability. We recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f. | 2023-07-21 | not yet calculated | CVE-2023-3776 MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions. | 2023-07-27 | not yet calculated | CVE-2023-37894 MISC |
| apache — jackrabbit | Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component “commons-beanutils”, which contains a class that can be used for remote code execution over RMI. Users are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore. In general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases. How to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone. The native RMI protocol by default uses port 1099. To check whether it is enabled, tools like “netstat” can be used to check. RMI-over-HTTP in Jackrabbit by default uses the path “/rmi”. So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user’s control. Turning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet: <servlet> <servlet-name>RMI</servlet-name> <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>RMI</servlet-name> <url-pattern>/rmi</url-pattern> </servlet-mapping> Find the bootstrap.properties file (in $REPOSITORY_HOME), and set rmi.enabled=false and also remove rmi.host rmi.port rmi.url-pattern If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained. | 2023-07-25 | not yet calculated | CVE-2023-37895 MISC MISC MISC MISC |
| crossplane — crossplane | Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0. | 2023-07-27 | not yet calculated | CVE-2023-37900 MISC MISC |
| indico — indico | Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event organizers may want to delete suspicious-looking content when spotting it, there is a non-negligible risk of such an attack to succeed. The risk of this could be further increased when combined with some some social engineering pointing the victim towards this content. Users need to update to Indico 3.2.6 as soon as possible. See the docs for instructions on how to update. Users who cannot upgrade should only let trustworthy users manage categories, create events or upload materials (“submission” privileges on a contribution/event). This should already be the case in a properly-configured setup when it comes to category/event management. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows. | 2023-07-21 | not yet calculated | CVE-2023-37901 MISC MISC MISC MISC |
| vyperlang — vyper | Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue. | 2023-07-25 | not yet calculated | CVE-2023-37902 MISC MISC |
| vm2 — vm2 | vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software. | 2023-07-21 | not yet calculated | CVE-2023-37903 MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites. | 2023-07-28 | not yet calculated | CVE-2023-37904 MISC MISC |
| ckeditor-wordcount-plugin — ckeditor-wordcount-plugin | ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-07-21 | not yet calculated | CVE-2023-37905 MISC MISC MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-37906 MISC MISC |
| cryptomator — cryptomator | Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue. | 2023-07-25 | not yet calculated | CVE-2023-37907 MISC MISC MISC |
| opendds — opendds | OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-07-21 | not yet calculated | CVE-2023-37915 MISC MISC |
| kubepi –kubepi | KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-07-21 | not yet calculated | CVE-2023-37916 MISC |
| kubepi –kubepi | KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-07-21 | not yet calculated | CVE-2023-37917 MISC |
| dapr –dapr | Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability. | 2023-07-21 | not yet calculated | CVE-2023-37918 MISC MISC MISC |
| cal.com — cal.com | Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner’s identity. As of time of publication, no known patches or workarounds exist. | 2023-07-25 | not yet calculated | CVE-2023-37919 MISC |
| certifi — python-certifi | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes “e-Tugra” root certificates. e-Tugra’s root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from “e-Tugra” from the root store. | 2023-07-25 | not yet calculated | CVE-2023-37920 MISC MISC MISC |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions. | 2023-07-27 | not yet calculated | CVE-2023-37970 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions. | 2023-07-27 | not yet calculated | CVE-2023-37975 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions. | 2023-07-27 | not yet calculated | CVE-2023-37976 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions. | 2023-07-27 | not yet calculated | CVE-2023-37977 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions. | 2023-07-27 | not yet calculated | CVE-2023-37979 MISC MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions. | 2023-07-27 | not yet calculated | CVE-2023-37980 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions. | 2023-07-27 | not yet calculated | CVE-2023-37981 MISC |
| wordpress — wordpress | Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7 versions. | 2023-07-27 | not yet calculated | CVE-2023-37993 MISC |
| otrs_ag — otrs | Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 2023-07-24 | not yet calculated | CVE-2023-38056 MISC |
| otrs_ag — otrs | An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent. This issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22. | 2023-07-24 | not yet calculated | CVE-2023-38057 MISC |
| otrs_ag — otrs | An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission. This issue affects OTRS: from 8.0.X before 8.0.35. | 2023-07-24 | not yet calculated | CVE-2023-38058 MISC |
| otrs_ag — otrs | Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | 2023-07-24 | not yet calculated | CVE-2023-38060 MISC |
| linux — kernel | An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2023-07-24 | not yet calculated | CVE-2023-3812 MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information. | 2023-07-27 | not yet calculated | CVE-2023-38133 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-38136 MISC MISC |
| datalust_seq — datalust_seq | Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account. | 2023-07-22 | not yet calculated | CVE-2023-38195 MISC |
| mulitple_vendors — multiple_products | A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections. | 2023-07-24 | not yet calculated | CVE-2023-38200 MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. | 2023-07-27 | not yet calculated | CVE-2023-38258 MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data. | 2023-07-27 | not yet calculated | CVE-2023-38259 MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-38261 MISC MISC |
| trustwave — modsecurity | Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity. | 2023-07-26 | not yet calculated | CVE-2023-38285 MISC MISC |
| zoho — manageengine_support_center_plus | Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. | 2023-07-28 | not yet calculated | CVE-2023-38331 MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges. | 2023-07-27 | not yet calculated | CVE-2023-38410 MISC MISC |
| pointware — easyinventory | A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\Program Files (x86)\EasyInventory\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | not yet calculated | CVE-2023-3842 MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory. | 2023-07-27 | not yet calculated | CVE-2023-38421 MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-38424 MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-38425 MISC MISC |
| fujitsu_limited — multiple_products | Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007. | 2023-07-26 | not yet calculated | CVE-2023-38433 MISC MISC |
| apache — felix_healthcheck_webconsole_plugin | An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack. Upgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher. | 2023-07-25 | not yet calculated | CVE-2023-38435 MISC MISC MISC |
| getkirby — kirby | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don’t allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn’t intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby’s KirbyData format where each field is separated by newlines and a line with four dashes (`—-`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `–\xEF\xBB\xBF–`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files. | 2023-07-27 | not yet calculated | CVE-2023-38488 MISC MISC MISC MISC MISC MISC MISC |
| getkirby — kirby | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby’s API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user. Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory, it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser, the attacker would not be reliably prevented from accessing the Kirby site as the affected user. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login, the session is invalidated. To enforce this fix even if the vulnerability was previously abused, all users are logged out from the Kirby site after updating to one of the patched releases. | 2023-07-27 | not yet calculated | CVE-2023-38489 MISC MISC MISC MISC MISC MISC MISC |
| getkirby — kirby | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, ‘xml’)`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods. XML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF). Kirby’s `Xml::parse()` method used PHP’s `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is used in the `Xml` data handler (e.g. `Data::decode($string, ‘xml’)`). Both the vulnerable method and the data handler are not used in the Kirby core. However they may be used in site or plugin code, e.g. to parse RSS feeds or other XML files. If those files are of an external origin (e.g. uploaded by a user or retrieved from an external URL), attackers may be able to include an external entity in the XML file that will then be processed in the parsing process. Kirby sites that don’t use XML parsing in site or plugin code are *not* affected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have removed the `LIBXML_NOENT` constant as processing of external entities is out of scope of the parsing logic. This protects all uses of the method against the described vulnerability. | 2023-07-27 | not yet calculated | CVE-2023-38490 MISC MISC MISC MISC MISC MISC MISC |
| getkirby — kirby | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Kirby sites are not affected if they don’t allow file uploads for untrusted users or visitors or if the file extensions of uploaded files are limited to a fixed safe list. The attack requires user interaction by another user or visitor and cannot be automated. An editor with write access to the Kirby Panel could upload a file with an unknown file extension like `.xyz` that contains HTML code including harmful content like `<script>` tags. The direct link to that file could be sent to other users or visitors of the site. If the victim opened that link in a browser where they are logged in to Kirby and the file had not been opened by anyone since the upload, Kirby would not be able to send the correct MIME content type, instead falling back to `text/html`. The browser would then run the script, which could for example trigger requests to Kirby’s API with the permissions of the victim. The issue was caused by the underlying `Kirby\Http\Response::file()` method, which didn’t have an explicit fallback if the MIME type could not be determined from the file extension. If you use this method in site or plugin code, these uses may be affected by the same vulnerability. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected method to use a fallback MIME type of `text/plain` and set the `X-Content-Type-Options: nosniff` header if the MIME type of the file is unknown. | 2023-07-27 | not yet calculated | CVE-2023-38491 MISC MISC MISC MISC MISC MISC MISC |
| getkirby — kirby | Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby’s API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities. Kirby’s authentication endpoint did not limit the password length. This allowed attackers to provide a password with a length up to the server’s maximum request body length. Validating that password against the user’s actual password requires hashing the provided password, which requires more CPU and memory resources (and therefore processing time) the longer the provided password gets. This could be abused by an attacker to cause the website to become unresponsive or unavailable. Because Kirby comes with a built-in brute force protection, the impact of this vulnerability is limited to 10 failed logins from each IP address and 10 failed logins for each existing user per hour. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have added password length limits in the affected code so that passwords longer than 1000 bytes are immediately blocked, both when setting a password and when logging in. | 2023-07-27 | not yet calculated | CVE-2023-38492 MISC MISC MISC MISC MISC MISC MISC |
| line — armeria | Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue. | 2023-07-25 | not yet calculated | CVE-2023-38493 MISC MISC MISC |
| crossplane — crossplane | Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane’s image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only. | 2023-07-27 | not yet calculated | CVE-2023-38495 MISC MISC |
| apptainer — apptainer | Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1. | 2023-07-25 | not yet calculated | CVE-2023-38496 MISC MISC MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade. | 2023-07-28 | not yet calculated | CVE-2023-38498 MISC MISC |
| typo3 — typo3 | TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem. | 2023-07-25 | not yet calculated | CVE-2023-38499 MISC MISC MISC |
| sourcecodester — lost_and_found_information_system | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability. | 2023-07-23 | not yet calculated | CVE-2023-3850 MISC MISC |
| typo3 — typo3 | TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem. | 2023-07-25 | not yet calculated | CVE-2023-38500 MISC MISC MISC |
| copyparty — copyparty | copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=…` and `?setck=…`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one’s copyparty accounts, unless one have inspected one’s logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue. | 2023-07-25 | not yet calculated | CVE-2023-38501 MISC MISC |
| tdengine — tdengine | TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue. | 2023-07-25 | not yet calculated | CVE-2023-38502 MISC |
| directus — directus | Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions. | 2023-07-25 | not yet calculated | CVE-2023-38503 MISC MISC |
| sails — sails | Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client. | 2023-07-27 | not yet calculated | CVE-2023-38504 MISC MISC MISC MISC |
| dietpi-dashboard — dietpi-dashboard | DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won’t provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections. | 2023-07-27 | not yet calculated | CVE-2023-38505 MISC MISC MISC MISC |
| tolgee — tolgee | Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It’s important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1. | 2023-07-27 | not yet calculated | CVE-2023-38510 MISC MISC MISC MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions. | 2023-07-27 | not yet calculated | CVE-2023-38512 MISC |
| openrapid — rapidcms | A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-235204. | 2023-07-23 | not yet calculated | CVE-2023-3852 MISC MISC MISC MISC |
| phpscriptpoint — bloodbank | A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | not yet calculated | CVE-2023-3853 MISC MISC |
| phpscriptpoint — bloodbank | A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-23 | not yet calculated | CVE-2023-3854 MISC MISC |
| phpscriptpoint — jobseeker | A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Affected by this vulnerability is an unknown functionality of the file /search-result.php. The manipulation of the argument kw/lc/ct/cp/p leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235207. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3855 MISC MISC |
| fujitsu_limited — multiple_products | Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions. | 2023-07-26 | not yet calculated | CVE-2023-38555 MISC MISC |
| phpscriptpoint — ecommerce | A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235208. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3856 MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system. | 2023-07-27 | not yet calculated | CVE-2023-38564 MISC |
| apple — multiple_products | A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges. | 2023-07-27 | not yet calculated | CVE-2023-38565 MISC MISC MISC MISC MISC MISC MISC |
| phpscriptpoint — ecommerce | A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3857 MISC MISC |
| apple — multiple_products | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences. | 2023-07-28 | not yet calculated | CVE-2023-38571 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy. | 2023-07-27 | not yet calculated | CVE-2023-38572 MISC MISC MISC MISC MISC MISC |
| phpscriptpoint — car_listing | A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3858 MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-27 | not yet calculated | CVE-2023-38580 MISC MISC MISC |
| phpscriptpoint — car_listing | A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3859 MISC MISC |
| apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory. | 2023-07-28 | not yet calculated | CVE-2023-38590 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution. | 2023-07-28 | not yet calculated | CVE-2023-38592 MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service. | 2023-07-27 | not yet calculated | CVE-2023-38593 MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-38594 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-38595 MISC MISC MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-38597 MISC MISC MISC MISC |
| apple — multiple_products | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | not yet calculated | CVE-2023-38598 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information. | 2023-07-28 | not yet calculated | CVE-2023-38599 MISC MISC MISC MISC MISC MISC |
| phpscriptpoint — insurance | A vulnerability was found in phpscriptpoint Insurance 1.2. It has been classified as problematic. Affected is an unknown function of the file /page.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235212. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3860 MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-38600 MISC MISC MISC MISC MISC |
| apple — multiple_products | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system. | 2023-07-28 | not yet calculated | CVE-2023-38601 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system. | 2023-07-27 | not yet calculated | CVE-2023-38602 MISC MISC MISC |
| apple — multiple_products | The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service. | 2023-07-27 | not yet calculated | CVE-2023-38603 MISC MISC MISC MISC MISC |
| apple — multiple_products | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges. | 2023-07-28 | not yet calculated | CVE-2023-38604 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. | 2023-07-27 | not yet calculated | CVE-2023-38606 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos_ventura | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data. | 2023-07-27 | not yet calculated | CVE-2023-38608 MISC |
| apple — macos_ventura | An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences. | 2023-07-28 | not yet calculated | CVE-2023-38609 MISC MISC |
| phpscriptpoint — insurance | A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3861 MISC MISC |
| apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution. | 2023-07-27 | not yet calculated | CVE-2023-38611 MISC MISC MISC MISC MISC |
| travelmate — trek_management_solution | A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. VDB-235214 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-24 | not yet calculated | CVE-2023-3862 MISC MISC |
| linux — kernel | A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue. | 2023-07-24 | not yet calculated | CVE-2023-3863 MISC MISC MISC |
| librsvg — librsvg | A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=”.?../../../../../../../../../../etc/passwd” in an xi:include element. | 2023-07-22 | not yet calculated | CVE-2023-38633 CONFIRM MISC MISC MLIST FULLDISC |
| metabase — metabase/metabase_enterprise | Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server’s privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2. | 2023-07-21 | not yet calculated | CVE-2023-38646 MISC MISC MISC MISC |
| apache — helix | An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation. Affect all the versions lower and include 1.2.0. Affected products: helix-core, helix-rest Mitigation: Short term, stop using any YAML based configuration and workflow creation. Long term, all Helix version bumping up to 1.3.0 | 2023-07-26 | not yet calculated | CVE-2023-38647 MISC |
| paddlepaddle — paddlepaddle | Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition. | 2023-07-26 | not yet calculated | CVE-2023-38669 MISC |
| paddlepaddle — paddlepaddle | Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service. | 2023-07-26 | not yet calculated | CVE-2023-38670 MISC |
| paddlepaddle — paddlepaddle | Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible. | 2023-07-26 | not yet calculated | CVE-2023-38671 MISC |
| paddlepaddle — paddlepaddle | FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service. | 2023-07-26 | not yet calculated | CVE-2023-38672 MISC |
| paddlepaddle — paddlepaddle | PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system. | 2023-07-26 | not yet calculated | CVE-2023-38673 MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-38684 MISC MISC |
| discourse — discourse | Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. | 2023-07-28 | not yet calculated | CVE-2023-38685 MISC MISC |
| pandoc — pandoc | Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the –extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the –extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names). | 2023-07-25 | not yet calculated | CVE-2023-38745 MISC MISC MLIST |
| onpremise_suremdm_solution — suremdm_onpremise | Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message. This issue affects SureMDM On-premise: 6.31 and below version | 2023-07-25 | not yet calculated | CVE-2023-3897 MISC |
| jeesite — jeesite | An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators. | 2023-07-28 | not yet calculated | CVE-2023-38988 MISC |
| jeecg-boot — jeecg-boot | jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData. | 2023-07-28 | not yet calculated | CVE-2023-38992 MISC |
| boofcv — boofcv | BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | 2023-07-28 | not yet calculated | CVE-2023-39010 MISC |
| duke — duke | Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. | 2023-07-28 | not yet calculated | CVE-2023-39013 MISC |
| webmagic-extension — webmagic-extension | webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader. | 2023-07-28 | not yet calculated | CVE-2023-39015 MISC |
| bboss-persistent — bboss-persistent | bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39016 MISC |
| quartz-jobs — | quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39017 MISC |
| ffmpeg — ffmpeg | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39018 MISC |
| stanford-parser — stanford-parser | stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39020 MISC |
| wix-embedded-mysql — wix-embedded-mysql | wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39021 MISC |
| oscore — oscore | oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39022 MISC |
| university_compass — university_compass | university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument. | 2023-07-28 | not yet calculated | CVE-2023-39023 MISC |
| gnu_gdb — gnu_gdb | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. | 2023-07-25 | not yet calculated | CVE-2023-39128 MISC |
| gnu_gdb — gnu_gdb | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. | 2023-07-25 | not yet calculated | CVE-2023-39129 MISC |
| gnu_gdb — gnu_gdb | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. | 2023-07-25 | not yet calculated | CVE-2023-39130 MISC |
| jenkins — jenkins | Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents. | 2023-07-26 | not yet calculated | CVE-2023-39151 MISC MISC |
| jenkins — jenkins | Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances. | 2023-07-26 | not yet calculated | CVE-2023-39152 MISC MISC |
| jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker’s account. | 2023-07-26 | not yet calculated | CVE-2023-39153 MISC MISC |
| jenkins — jenkins | Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2023-07-26 | not yet calculated | CVE-2023-39154 MISC MISC |
| jenkins — jenkins | Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it. | 2023-07-26 | not yet calculated | CVE-2023-39155 MISC MISC |
| jenkins — jenkins | A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags. | 2023-07-26 | not yet calculated | CVE-2023-39156 MISC MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | 2023-07-25 | not yet calculated | CVE-2023-39173 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers | 2023-07-25 | not yet calculated | CVE-2023-39174 MISC |
| jetbrains — teamcity | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible | 2023-07-25 | not yet calculated | CVE-2023-39175 MISC |
| jetbrains — intellij_idea | In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions | 2023-07-26 | not yet calculated | CVE-2023-39261 MISC |
| phpscriptpoint — lawyer | A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Affected by this issue is some unknown functionality of the file page.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235400. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-25 | not yet calculated | CVE-2023-3944 MISC MISC |
| phpscriptpoint — lawyer | A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-07-25 | not yet calculated | CVE-2023-3945 MISC MISC |
| trellix — trellix_epo | A reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator’s session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. | 2023-07-26 | not yet calculated | CVE-2023-3946 MISC |
| gz_scripts — availability_booking_calendar_php | A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568. | 2023-07-27 | not yet calculated | CVE-2023-3969 MISC MISC MISC |
| gz_scripts — availability_booking_calendar_php | A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability. | 2023-07-27 | not yet calculated | CVE-2023-3970 MISC MISC MISC |
| drawio — drawio | Cross-site Scripting (XSS) – Reflected in GitHub repository jgraph/drawio prior to 21.6.3. | 2023-07-27 | not yet calculated | CVE-2023-3973 MISC MISC |
| drawio — drawio | OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. | 2023-07-27 | not yet calculated | CVE-2023-3974 MISC MISC |
| drawio — drawio | OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. | 2023-07-27 | not yet calculated | CVE-2023-3975 MISC MISC |
| omeka-s — omeka-s | Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.2. | 2023-07-27 | not yet calculated | CVE-2023-3980 MISC MISC |
| omeka-s — omeka-s | Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. | 2023-07-27 | not yet calculated | CVE-2023-3981 MISC MISC |
| omeka-s — omeka-s | Cross-site Scripting (XSS) – Stored in GitHub repository omeka/omeka-s prior to 4.0.2. | 2023-07-27 | not yet calculated | CVE-2023-3982 MISC MISC |
| phpscriptpoint — recipepoint | A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-3984 MISC MISC |
| sourcecodester — online_jewelry_store | A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-3985 MISC MISC MISC |
| sourcecodester — simple_online_mens_salon_management_system | A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607. | 2023-07-28 | not yet calculated | CVE-2023-3986 MISC MISC MISC |
| sourcecodester — simple_online_mens_salon_management_system | A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608. | 2023-07-28 | not yet calculated | CVE-2023-3987 MISC MISC MISC |
| cafe_billing_system — cafe_billing_system | A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-3988 MISC MISC MISC |
| sourcecodester — online_jewelry_store | A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability. | 2023-07-28 | not yet calculated | CVE-2023-3989 MISC MISC MISC |
| mingsoft — mcms | A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611. | 2023-07-28 | not yet calculated | CVE-2023-3990 MISC MISC MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
