US-CERT Vulnerability Summary for the Week of June 26, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
High Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — mac_os_x | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.6.6, macOS Monterey 12.3, Security Update 2022-004 Catalina. A remote user may cause an unexpected app termination or arbitrary code execution | 2023-06-23 | 9.8 | CVE-2022-22630 MISC MISC MISC |
| google — android | In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-250100597References: N/A | 2023-06-28 | 9.8 | CVE-2023-21066 MISC |
| wordpress — wordpress | The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF. | 2023-06-27 | 9.8 | CVE-2023-2601 MISC |
| wordpress — wordpress | The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.3.7. This is due to insufficient verification on the user being supplied during booking an appointment through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2023-06-30 | 9.8 | CVE-2023-2834 MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5. | 2023-06-29 | 9.8 | CVE-2023-2982 MISC MISC MISC MISC MISC |
| wordpress — wordpress | The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the ‘id’ parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-06-24 | 9.8 | CVE-2023-3197 MISC MISC |
| apple — macos | A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution | 2023-06-23 | 9.8 | CVE-2023-32387 MISC MISC MISC |
| apple — macos | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution | 2023-06-23 | 9.8 | CVE-2023-32412 MISC MISC MISC MISC MISC MISC MISC |
| apple — iphone_os | The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution | 2023-06-23 | 9.8 | CVE-2023-32419 MISC |
| wordpress — wordpress | The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.6.0. This is due to incorrect authentication checking in the ‘hidden_form_data’ function. This makes it possible for authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | 2023-06-30 | 9.8 | CVE-2023-3249 MISC MISC |
| trendmicro — apex_one | A path traversal vulnerability in the Trend Micro Apex One and Apex One as a Service could allow an unauthenticated attacker to upload an arbitrary file to the Management Server which could lead to remote code execution with system privileges. | 2023-06-26 | 9.8 | CVE-2023-32557 MISC |
| wavlink — wn579x3_firmware | A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Affected is an unknown function of the file /cgi-bin/adm.cgi of the component Ping Test. The manipulation of the argument pingIp leads to injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-23 | 9.8 | CVE-2023-3380 MISC MISC MISC |
| game_result_matrix_system_project — game_result_matrix_system | A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. This affects an unknown part of the file /dipam/athlete-profile.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232239. | 2023-06-23 | 9.8 | CVE-2023-3383 MISC MISC MISC |
| human_resource_management_system_project — human_resource_management_system | A vulnerability was found in SourceCodester Human Resource Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file detailview.php. The manipulation of the argument employeeid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232288. | 2023-06-23 | 9.8 | CVE-2023-3391 MISC MISC MISC |
| trendmicro — mobile_security | A path traversal exists in a specific service dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files. | 2023-06-26 | 9.1 | CVE-2023-32521 MISC MISC |
| wordpress — wordpress | The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_groups() function. This makes it possible for unauthenticated attackers to add new group members via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4385 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4386 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to update custom field meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4394 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the at_save_aturl_meta() function. This makes it possible for unauthenticated attackers to update meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4398 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 8.8 | CVE-2021-4401 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| yoga_class_registration_system_project — yoga_class_registration_system | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 2023-06-24 | 8.8 | CVE-2023-1722 MISC MISC |
| wordpress — wordpress | The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc) | 2023-06-27 | 8.8 | CVE-2023-2628 MISC |
| wordpress — wordpress | The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.67. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber privileges or above, to change user passwords and potentially take over administrator accounts. | 2023-06-30 | 8.8 | CVE-2023-3063 MISC MISC |
| apple — watchos | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | 8.8 | CVE-2023-32373 MISC MISC MISC MISC MISC MISC |
| apple — macos | A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 16.4, iOS 16.4 and iPadOS 16.4, macOS Ventura 13.3, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 2023-06-23 | 8.8 | CVE-2023-32435 MISC MISC MISC MISC MLIST |
| apple — iphone_os | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, Safari 16.5.1, macOS Ventura 13.4.1, iOS 15.7.7 and iPadOS 15.7.7. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | 8.8 | CVE-2023-32439 MISC MISC MISC MISC MLIST FEDORA |
| trendmicro — mobile_security | Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32524. | 2023-06-26 | 8.8 | CVE-2023-32523 MISC MISC |
| trendmicro — mobile_security | Affected versions of Trend Micro Mobile Security (Enterprise) 9.8 SP5 contain some widgets that would allow a remote user to bypass authentication and potentially chain with other vulnerabilities. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32523. | 2023-06-26 | 8.8 | CVE-2023-32524 MISC MISC |
| trendmicro — mobile_security | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32528. | 2023-06-26 | 8.8 | CVE-2023-32527 MISC MISC |
| trendmicro — mobile_security | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains vulnerable .php files that could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32527. | 2023-06-26 | 8.8 | CVE-2023-32528 MISC MISC |
| trendmicro — apex_central | Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32530. | 2023-06-26 | 8.8 | CVE-2023-32529 MISC MISC |
| trendmicro — apex_central | Vulnerable modules of Trend Micro Apex Central (on-premise) contain vulnerabilities which would allow authenticated users to perform a SQL injection that could lead to remote code execution. Please note: an attacker must first obtain authentication on the target system in order to exploit these vulnerabilities. This is similar to, but not identical to CVE-2023-32529. | 2023-06-26 | 8.8 | CVE-2023-32530 MISC MISC |
| google — chrome | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-26 | 8.8 | CVE-2023-3420 MISC MISC MISC MISC |
| google — chrome | Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-26 | 8.8 | CVE-2023-3421 MISC MISC MISC MISC |
| google — chrome | Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-06-26 | 8.8 | CVE-2023-3422 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually. | 2023-06-23 | 8.8 | CVE-2023-35152 MISC MISC MISC MISC MISC |
| gnu — libredwg | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. | 2023-06-23 | 8.8 | CVE-2023-36271 MISC |
| gnu — libredwg | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. | 2023-06-23 | 8.8 | CVE-2023-36272 MISC |
| gnu — libredwg | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | 2023-06-23 | 8.8 | CVE-2023-36273 MISC |
| gnu — libredwg | LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. | 2023-06-23 | 8.8 | CVE-2023-36274 MISC |
| codekop — codekop | A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. | 2023-06-23 | 8.8 | CVE-2023-36345 MISC MISC |
| codekop — codekop | POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. | 2023-06-23 | 8.8 | CVE-2023-36348 MISC MISC |
| apple — macos | The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | 8.6 | CVE-2023-32409 MISC MISC MISC MISC MISC |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox | 2023-06-23 | 8.6 | CVE-2023-32414 MISC |
| wordpress — wordpress | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. This is due to insufficient escaping on the supplied username value. This makes it possible for unauthenticated attackers to extract potentially sensitive information from the LDAP directory. | 2023-06-29 | 8.6 | CVE-2023-3447 MISC MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-29 | 8.3 | CVE-2022-29144 MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-29 | 8.3 | CVE-2022-29146 MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-28 | 8.2 | CVE-2021-31937 MISC |
| trendmicro — mobile_security | A path traversal exists in a specific dll of Trend Micro Mobile Security (Enterprise) 9.8 SP5 which could allow an authenticated remote attacker to delete arbitrary files. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-06-26 | 8.1 | CVE-2023-32522 MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group). | 2023-06-23 | 8.1 | CVE-2023-34465 MISC MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8. | 2023-06-23 | 8 | CVE-2023-35150 MISC MISC MISC |
| google — android | In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne lAndroid ID: A-269661912References: N/A | 2023-06-28 | 7.8 | CVE-2023-21147 MISC |
| google — android | In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270050709References: N/A | 2023-06-28 | 7.8 | CVE-2023-21149 MISC |
| google — android | In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-262243015 | 2023-06-28 | 7.8 | CVE-2023-21172 MISC |
| google — android | In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-235822222 | 2023-06-28 | 7.8 | CVE-2023-21174 MISC |
| google — android | In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-262243574 | 2023-06-28 | 7.8 | CVE-2023-21175 MISC |
| google — android | In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-272755865 | 2023-06-28 | 7.8 | CVE-2023-21179 MISC |
| apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Big Sur 11.7.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | 7.8 | CVE-2023-23516 MISC MISC MISC |
| apple — macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution | 2023-06-23 | 7.8 | CVE-2023-23539 MISC |
| apple — macos | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | 7.8 | CVE-2023-27930 MISC MISC MISC MISC |
| dell — precision_3570_firmware | Dell BIOS contains an improper authentication vulnerability. A locally authenticated malicious user may potentially exploit this vulnerability by bypassing certain authentication mechanisms in order to elevate privileges on the system. | 2023-06-23 | 7.8 | CVE-2023-28073 MISC |
| apple — itunes | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges | 2023-06-23 | 7.8 | CVE-2023-32351 MISC |
| apple — itunes | A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges | 2023-06-23 | 7.8 | CVE-2023-32353 MISC |
| apple — macos | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may lead to arbitrary code execution | 2023-06-23 | 7.8 | CVE-2023-32380 MISC MISC MISC |
| apple — macos | A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing an image may lead to arbitrary code execution | 2023-06-23 | 7.8 | CVE-2023-32384 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to execute arbitrary code with kernel privileges | 2023-06-23 | 7.8 | CVE-2023-32398 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges | 2023-06-23 | 7.8 | CVE-2023-32405 MISC MISC MISC |
| apple — iphone_os | An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Big Sur 11.7.8, macOS Monterey 12.6.7, macOS Ventura 13.4.1, watchOS 9.5.2. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7. | 2023-06-23 | 7.8 | CVE-2023-32434 MISC MISC MISC MISC MISC MISC MISC |
| admidio — admidio | Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | 7.8 | CVE-2023-3302 MISC CONFIRM |
| trendmicro — apex_one | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34145. | 2023-06-26 | 7.8 | CVE-2023-34144 MISC MISC |
| trendmicro — apex_one | An untrusted search path vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate their privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34144. | 2023-06-26 | 7.8 | CVE-2023-34145 MISC MISC |
| trendmicro — apex_one | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34147 and CVE-2023-34148. | 2023-06-26 | 7.8 | CVE-2023-34146 MISC MISC |
| trendmicro — apex_one | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34148. | 2023-06-26 | 7.8 | CVE-2023-34147 MISC MISC |
| trendmicro — apex_one | An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attacker to escalate privileges and write an arbitrary value to specific Trend Micro agent subkeys on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is a similar, but not identical vulnerability as CVE-2023-34146 and CVE-2023-34147. | 2023-06-26 | 7.8 | CVE-2023-34148 MISC MISC |
| irontec — sngrep | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. | 2023-06-23 | 7.8 | CVE-2023-36192 MISC |
| gifsicle_project — gifsicle | Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. | 2023-06-23 | 7.8 | CVE-2023-36193 MISC |
| wago — multiple_products | Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. | 2023-06-26 | 7.5 | CVE-2023-1150 MISC |
| dtstack — taier | An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. | 2023-06-23 | 7.5 | CVE-2023-29860 MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | 7.5 | CVE-2023-32397 MISC MISC MISC MISC |
| microsoft — yet_another_reverse_proxy | Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability | 2023-06-23 | 7.5 | CVE-2023-33141 MISC |
| diagrams — drawio | Denial of Service in GitHub repository jgraph/drawio prior to 18.1.3. | 2023-06-26 | 7.5 | CVE-2023-3398 MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | 2023-06-23 | 7.5 | CVE-2023-34467 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround. | 2023-06-23 | 7.5 | CVE-2023-35151 MISC MISC MISC |
| trendmicro — mobile_security | A remote attacker could leverage a vulnerability in Trend Micro Mobile Security (Enterprise) 9.8 SP5 to download a particular log file which may contain sensitive information regarding the product. | 2023-06-26 | 7.5 | CVE-2023-35695 MISC MISC |
| webkul — qloapps | An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database. | 2023-06-23 | 7.5 | CVE-2023-36284 MISC |
| basecamp — basecamp | Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application’s private directory. Additionally, by using a malicious intent, the attacker may redirect the server’s responses (containing sensitive information) to third-party applications by using a custom-crafted deeplink scheme. | 2023-06-25 | 7.5 | CVE-2023-36612 MISC |
| dell — alienware_update | Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability leading to privilege escalation. | 2023-06-23 | 7.3 | CVE-2023-28065 MISC |
| yoga_class_registration_system_project — yoga_class_registration_system | Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators. | 2023-06-24 | 7.2 | CVE-2023-1721 MISC MISC |
| wordpress — wordpress | The ERP WordPress plugin before 1.12.4 does not properly sanitize and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2023-06-27 | 7.2 | CVE-2023-2744 MISC |
| fossbilling — fossbilling | Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 2023-06-23 | 7.2 | CVE-2023-3393 MISC MISC |
| dell — alienware_update | Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS). | 2023-06-23 | 7.1 | CVE-2023-28071 MISC |
| apple — macos | An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to retain access to system configuration files even after its permission is revoked | 2023-06-23 | 7.1 | CVE-2023-32357 MISC MISC MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to cause unexpected system termination or read kernel memory | 2023-06-23 | 7.1 | CVE-2023-32420 MISC MISC MISC MISC |
| apple — macos | A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to gain root privileges | 2023-06-23 | 7 | CVE-2023-32413 MISC MISC MISC MISC MISC MISC MISC |
| trendmicro — apex_one | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32555. | 2023-06-26 | 7 | CVE-2023-32554 MISC MISC |
| trendmicro — apex_one | A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: a local attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32554. | 2023-06-26 | 7 | CVE-2023-32555 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| dell — alienware_m15_r7_firmware | Dell BIOS contains an Improper Input Validation vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability to perform arbitrary code execution. | 2023-06-23 | 6.8 | CVE-2023-32480 MISC |
| google — android | there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-239867994References: N/A | 2023-06-28 | 6.7 | CVE-2023-21146 MISC |
| google — android | In the Google BMS kernel module, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-265149414References: N/A | 2023-06-28 | 6.7 | CVE-2023-21151 MISC |
| google — android | In Do_AIMS_SET_CALL_WAITING of imsservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264259730References: N/A | 2023-06-28 | 6.7 | CVE-2023-21153 MISC |
| google — android | In encode of wlandata.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783137References: N/A | 2023-06-28 | 6.7 | CVE-2023-21157 MISC |
| google — android | In verifyInputEvent of InputDispatcher.cpp, there is a possible way to conduct click fraud due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-261085213 | 2023-06-28 | 6.7 | CVE-2023-21171 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-25936 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-25937 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-25938 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28026 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28027 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28028 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable | 2023-06-23 | 6.7 | CVE-2023-28029 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28030 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28031 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28032 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28033 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28034 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28035 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28036 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28039 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28040 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28041 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28042 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28044 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28050 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28052 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28054 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28056 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28058 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28059 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28060 MISC |
| dell — alienware_area_51m_r1_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-06-23 | 6.7 | CVE-2023-28061 MISC |
| wordpress — wordpress | The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users | 2023-06-27 | 6.5 | CVE-2023-2623 MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. | 2023-06-23 | 6.5 | CVE-2023-28204 MISC MISC MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information | 2023-06-23 | 6.5 | CVE-2023-32402 MISC MISC MISC MISC MISC |
| apple — macos | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, Safari 16.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information | 2023-06-23 | 6.5 | CVE-2023-32423 MISC MISC MISC MISC MISC |
| trendmicro — mobile_security | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32526. | 2023-06-26 | 6.5 | CVE-2023-32525 MISC MISC |
| trendmicro — mobile_security | Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32525. | 2023-06-26 | 6.5 | CVE-2023-32526 MISC MISC |
| wordpress — wordpress | The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.0. This is due to a missing capability check on the ajax_store_save() function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify plugin settings and inject malicious web scripts. | 2023-06-27 | 6.4 | CVE-2023-3412 MISC MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-07-01 | 6.3 | CVE-2021-31982 MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-06-29 | 6.3 | CVE-2022-26899 MISC |
| apple — macos | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. A sandboxed app may be able to observe system-wide network connections | 2023-06-23 | 6.3 | CVE-2023-27940 MISC MISC MISC |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox | 2023-06-23 | 6.3 | CVE-2023-32371 MISC MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 2023-07-01 | 6.1 | CVE-2021-34506 MISC |
| wordpress — wordpress | The wpbrutalai WordPress plugin before 2.0.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin. | 2023-06-27 | 6.1 | CVE-2023-2605 MISC |
| wordpress — wordpress | The KiviCare WordPress plugin before 3.2.1 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator | 2023-06-27 | 6.1 | CVE-2023-2624 MISC |
| wordpress — wordpress | The ERP WordPress plugin before 1.12.4 does not sanitize and escape the employee_name parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2023-06-27 | 6.1 | CVE-2023-2743 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dream-Theme The7 plugin <= 11.6.0 versions. | 2023-06-23 | 6.1 | CVE-2023-29100 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in TMS Booking for Appointments and Events Calendar – Amelia plugin <= 1.0.75 versions. | 2023-06-26 | 6.1 | CVE-2023-29427 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions. | 2023-06-26 | 6.1 | CVE-2023-29430 MISC |
| trendmicro — apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32532 through 32535. | 2023-06-26 | 6.1 | CVE-2023-32531 MISC MISC |
| trendmicro — apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | 2023-06-26 | 6.1 | CVE-2023-32532 MISC MISC |
| trendmicro — apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | 2023-06-26 | 6.1 | CVE-2023-32533 MISC MISC |
| trendmicro — apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32535. | 2023-06-26 | 6.1 | CVE-2023-32534 MISC MISC |
| trendmicro — apex_central | Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected servers. This is similar to, but not identical to CVE-2023-32531 through 32534. | 2023-06-26 | 6.1 | CVE-2023-32535 MISC MISC |
| online_school_fees_system_project — online_school_fees_system | A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Affected by this vulnerability is an unknown functionality of the file /paysystem/datatable.php of the component GET Parameter Handler. The manipulation of the argument doj leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-232237 was assigned to this vulnerability. | 2023-06-23 | 6.1 | CVE-2023-3381 MISC MISC MISC |
| game_result_matrix_system_project — game_result_matrix_system | A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Affected by this issue is some unknown functionality of the file /dipam/save-delegates.php of the component GET Parameter Handler. The manipulation of the argument del_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-232238 is the identifier assigned to this vulnerability. | 2023-06-23 | 6.1 | CVE-2023-3382 MISC MISC MISC |
| wordpress — wordpress | The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘nsc_bar_content_href’ parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. A partial patch was made available in 2.10.1 and the issue was fully patched in 2.10.2. | 2023-06-24 | 6.1 | CVE-2023-3388 MISC MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Premium Addons for Elementor Premium Addons PRO plugin <= 2.8.24 versions. | 2023-06-23 | 6.1 | CVE-2023-34012 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Andy Moyle Church Admin plugin <= 3.7.29 versions. | 2023-06-23 | 6.1 | CVE-2023-34021 MISC |
|
wordpress — wordpress | The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajax_store_save() function. This makes it possible for unauthenticated attackers to modify plugin settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-27 | 6.1 | CVE-2023-3411 MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `<xwiki-host>/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `<xwiki-host>` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. | 2023-06-23 | 6.1 | CVE-2023-35155 MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn’t enough to entirely fix the vulnerability. | 2023-06-23 | 6.1 | CVE-2023-35156 MISC MISC MISC MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | 6.1 | CVE-2023-35158 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | 6.1 | CVE-2023-35159 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | 6.1 | CVE-2023-35160 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | 6.1 | CVE-2023-35161 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It’s possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. | 2023-06-23 | 6.1 | CVE-2023-35162 MISC MISC MISC MISC |
| webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST controller parameter. | 2023-06-23 | 6.1 | CVE-2023-36287 MISC |
| webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via POST email_create and back parameter. | 2023-06-23 | 6.1 | CVE-2023-36289 MISC |
| codekop — codekop | POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. | 2023-06-23 | 6.1 | CVE-2023-36346 MISC MISC |
| wordpress — wordpress | The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including the entire installations database if a backup occurs and the deletion of the back-up files fail. | 2023-06-27 | 5.9 | CVE-2023-3132 MISC MISC |
| apple — ipados | This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2022-42792 MISC |
| apple — macos | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Monterey 12.6.1, macOS Big Sur 11.7.1, macOS Ventura 13. An app may be able to modify protected parts of the file system | 2023-06-23 | 5.5 | CVE-2022-42860 MISC MISC MISC |
| apple — ipados | A logic issue was addressed with improved checks. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to bypass certain Privacy preferences | 2023-06-23 | 5.5 | CVE-2022-46715 MISC |
| apple — macos | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, macOS Big Sur 11.7.2, macOS Monterey 12.6.2. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2022-46718 MISC MISC MISC MISC |
| google — android | In FaceStatsAnalyzer::InterpolateWeightList of face_stats_analyzer.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-269174022References: N/A | 2023-06-28 | 5.5 | CVE-2023-21152 MISC |
| google — android | In BuildSetRadioNode of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264540700References: N/A | 2023-06-28 | 5.5 | CVE-2023-21155 MISC |
| google — android | In convertCbYCrY of ColorConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-253270285 | 2023-06-28 | 5.5 | CVE-2023-21168 MISC |
| google — android | In multiple methods of DataUsageList.java, there is a possible way to learn about admin user’s network activities due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262741858 | 2023-06-28 | 5.5 | CVE-2023-21173 MISC |
| google — android | In requestAppKeyboardShortcuts of WindowManagerService.java, there is a possible way to infer the app a user is interacting with due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-273906410 | 2023-06-28 | 5.5 | CVE-2023-21177 MISC |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-28191 MISC MISC MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app firewall setting may not take effect after exiting the Settings app | 2023-06-23 | 5.5 | CVE-2023-28202 MISC MISC MISC MISC |
| trendmicro — apex_one | A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including its own protected registry keys on affected installations. | 2023-06-26 | 5.5 | CVE-2023-30902 MISC |
| apple — macos | A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may bypass Gatekeeper checks | 2023-06-23 | 5.5 | CVE-2023-32352 MISC MISC MISC MISC MISC |
| apple — watchos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory | 2023-06-23 | 5.5 | CVE-2023-32354 MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | 5.5 | CVE-2023-32355 MISC MISC MISC |
| apple — macos | An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An unauthenticated user may be able to access recently printed documents | 2023-06-23 | 5.5 | CVE-2023-32360 MISC MISC MISC |
| apple — macos | A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32363 MISC |
| apple — macos | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data | 2023-06-23 | 5.5 | CVE-2023-32367 MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | 5.5 | CVE-2023-32368 MISC MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. Processing an image may result in disclosure of process memory | 2023-06-23 | 5.5 | CVE-2023-32372 MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | 5.5 | CVE-2023-32375 MISC MISC |
| apple — macos | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to modify protected parts of the file system | 2023-06-23 | 5.5 | CVE-2023-32376 MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. Processing a 3D model may result in disclosure of process memory | 2023-06-23 | 5.5 | CVE-2023-32382 MISC MISC MISC |
| apple — macos | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination | 2023-06-23 | 5.5 | CVE-2023-32385 MISC MISC |
| apple — macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32388 MISC MISC MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to disclose kernel memory | 2023-06-23 | 5.5 | CVE-2023-32389 MISC MISC MISC MISC |
| apple — macos | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2023-32392 MISC MISC MISC MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to modify protected parts of the file system | 2023-06-23 | 5.5 | CVE-2023-32395 MISC MISC MISC |
| apple — macos | The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2023-32399 MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Entitlements and privacy permissions granted to this app may be used by a malicious app | 2023-06-23 | 5.5 | CVE-2023-32400 MISC MISC MISC |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2023-32403 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32404 MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32407 MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6, macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Monterey 12.6.6. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2023-32408 MISC MISC MISC MISC MISC MISC |
| apple — macos | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6. An app may be able to leak sensitive kernel state | 2023-06-23 | 5.5 | CVE-2023-32410 MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved entitlements. This issue is fixed in macOS Ventura 13.4, tvOS 16.5, iOS 16.5 and iPadOS 16.5, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32411 MISC MISC MISC MISC MISC |
| apple — macos | This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to read sensitive location information | 2023-06-23 | 5.5 | CVE-2023-32415 MISC MISC MISC |
| apple — macos | This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, tvOS 16.5. An app may be able to bypass Privacy preferences | 2023-06-23 | 5.5 | CVE-2023-32422 MISC MISC MISC |
| trendmicro — apex_one | A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-06-26 | 5.5 | CVE-2023-32556 MISC MISC |
| sqlite — sqlite | sqlite3 v3.40.1 was discovered to contain a segmentation violation at /sqlite3_aflpp/shell.c. | 2023-06-23 | 5.5 | CVE-2023-36191 MISC FEDORA |
| microsoft — edge | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2023-07-01 | 5.4 | CVE-2021-34475 MISC |
| ladybirdweb — faveo_helpdesk | Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS. | 2023-06-24 | 5.4 | CVE-2023-1724 MISC MISC |
| apple — airpods_firmware | An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source device and gain access to your headphones. | 2023-06-23 | 5.4 | CVE-2023-27964 MISC |
| zwaply — cryptocurrency_all-in-one | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Zwaply Cryptocurrency All-in-One plugin <= 3.0.19 versions. | 2023-06-26 | 5.4 | CVE-2023-29435 MISC |
| iframe_shortcode_project — iframe_shortcode | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Flyn San IFrame Shortcode plugin <= 1.0.5 versions. | 2023-06-26 | 5.4 | CVE-2023-29436 MISC |
| trendmicro — apex_central | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32537. | 2023-06-26 | 5.4 | CVE-2023-32536 MISC |
| trendmicro — apex_central | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32536. | 2023-06-26 | 5.4 | CVE-2023-32537 MISC |
| trendmicro — apex_central | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32605. | 2023-06-26 | 5.4 | CVE-2023-32604 MISC |
| trendmicro — apex_central | Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Please note: an attacker must first obtain authentication to Apex Central on the target system in order to exploit this vulnerability. This is similar to, but not identical to CVE-2023-32604. | 2023-06-26 | 5.4 | CVE-2023-32605 MISC |
| admidio — admidio | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | 5.4 | CVE-2023-3304 CONFIRM MISC |
| wordpress — wordpress | The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘lana_text_to_image’ and ‘lana_text_to_img’ shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-24 | 5.4 | CVE-2023-3387 MISC MISC MISC |
| fossbilling — fossbilling | Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. | 2023-06-23 | 5.4 | CVE-2023-3394 MISC MISC |
| wordpress — wordpress | The Salon Booking System plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.6. This is due to missing or incorrect nonce validation on the ‘save_customer’ function. This makes it possible for unauthenticated attackers to change the admin role to customer or change the user meta to arbitrary values via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-28 | 5.4 | CVE-2023-3427 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user’s rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax. | 2023-06-23 | 5.4 | CVE-2023-34464 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch. | 2023-06-23 | 5.4 | CVE-2023-35153 MISC MISC MISC |
| webkul — qloapps | An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user’s session cookie and then impersonate that user via GET configure parameter. | 2023-06-23 | 5.4 | CVE-2023-36288 MISC |
| trendmicro — apex_one | An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32553 | 2023-06-26 | 5.3 | CVE-2023-32552 MISC MISC |
| trendmicro — apex_one | An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. This is similar to, but not identical to CVE-2023-32552. | 2023-06-26 | 5.3 | CVE-2023-32553 MISC MISC |
| wordpress — wordpress | The User Registration plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the ‘lock_content_form_handler’ and ‘display_password_form’ function in versions up to, and including, 3.7.3. This makes it possible for unauthenticated attackers to decrypt and view the password protected content. | 2023-06-27 | 5.3 | CVE-2023-3371 MISC MISC MISC MISC MISC MISC |
| wago — multiple_products | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. | 2023-06-26 | 4.9 | CVE-2023-1619 MISC |
| wago — multiple_products | Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. | 2023-06-26 | 4.9 | CVE-2023-1620 MISC |
| wordpress — wordpress | The Ultimate Product Catalog WordPress plugin before 5.2.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-27 | 4.8 | CVE-2023-2711 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NTZApps CRM Memberships plugin <= 1.6 versions. | 2023-06-23 | 4.8 | CVE-2023-27427 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. | 2023-06-23 | 4.8 | CVE-2023-28751 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Plainware ShiftController Employee Shift Scheduling plugin <= 4.9.23 versions. | 2023-06-26 | 4.8 | CVE-2023-29424 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress plugin <= 1.3.1 versions. | 2023-06-26 | 4.8 | CVE-2023-29434 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPExperts Password Protected plugin <= 2.6.2 versions. | 2023-06-23 | 4.8 | CVE-2023-32580 MISC |
| student_study_center_management_system_project — student_study_center_management_system | Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the “Admin Name” field on Admin Profile page. | 2023-06-26 | 4.8 | CVE-2023-33580 MISC MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Booking and Rental Manager for Bike plugin <= 1.2.1 versions. | 2023-06-23 | 4.8 | CVE-2023-35048 MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6. | 2023-06-23 | 4.8 | CVE-2023-35157 MISC MISC MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-06-29 | 4.7 | CVE-2022-23264 MISC |
| dell — alienware_m15_r6_firmware | Dell BIOS contains an Out-of-bounds Write vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | 2023-06-23 | 4.6 | CVE-2023-28064 MISC |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, iOS 15.7.6 and iPadOS 15.7.6. A shortcut may be able to use sensitive data with certain actions without prompting the user | 2023-06-23 | 4.6 | CVE-2023-32391 MISC MISC MISC MISC |
| wordpress — wordpress | The Short URL plugin for WordPress is vulnerable to stored Cross-Site Scripting via the ‘comment’ parameter due to insufficient input sanitization and output escaping in versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-06-29 | 4.4 | CVE-2023-1602 MISC MISC MISC |
| google — android | In BuildSetConfig of protocolimsbuilder.cpp, there is a possible out of bounds read due to a missing null check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783657References: N/A | 2023-06-28 | 4.4 | CVE-2023-21148 MISC |
| google — android | In handle_set_parameters_ctrl of hal_socket.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-267312009References: N/A | 2023-06-28 | 4.4 | CVE-2023-21150 MISC |
| google — android | In StoreAdbSerialNumber of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783910References: N/A | 2023-06-28 | 4.4 | CVE-2023-21154 MISC |
| google — android | In BuildGetRadioNode of protocolmiscbulider.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the modem with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kerne lAndroid ID: A-264540759References: N/A | 2023-06-28 | 4.4 | CVE-2023-21156 MISC |
| google — android | In inviteInternal of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-274443441 | 2023-06-28 | 4.4 | CVE-2023-21169 MISC |
| google — android | In executeSetClientTarget of ComposerCommandEngine.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-252764410 | 2023-06-28 | 4.4 | CVE-2023-21170 MISC |
| google — android | In list_key_entries of utils.rs, there is a possible way to disable user credentials due to resource exhaustion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-222287335 | 2023-06-28 | 4.4 | CVE-2023-21176 MISC |
| wordpress — wordpress | The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36735 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36736 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36737 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36738 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36739 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36740 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36741 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36742 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36743 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36744 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36745 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36746 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36747 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36748 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2020-36749 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the load_images_thumbnail() and edit_gallery() functions. This makes it possible for unauthenticated attackers to edit galleries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4384 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | wordpress — wordpressCVE-2021-4387 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and opalestate_remove_feature_property() functions. This makes it possible for unauthenticated attackers to set and remove featured properties. | 2023-07-01 | 4.3 | CVE-2021-4388 MISC MISC MISC |
| wordpress — wordpress | The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the save_meta_data() function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4389 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation on the manage_wp_posts_be_qe_save_post() function. This makes it possible for unauthenticated attackers to quick edit templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4390 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwb_wgm_save_post() function. This makes it possible for unauthenticated attackers to modify product gift card details via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4391 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to save product meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4392 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save manual digital orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4393 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the get_items() and extra_tablenav() functions. This makes it possible for unauthenticated attackers to perform read-only actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4395 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta() function. This makes it possible for unauthenticated attackers to save post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4396 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4397 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(), course_synchronization_initiater(), users_link_to_moodle_synchronization(), connection_test_initiater(), admin_menus(), and subscribe_handler() function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4399 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the bsearch_process_settings_import() and bsearch_process_settings_export() functions. This makes it possible for unauthenticated attackers to import and export settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4400 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the mu_add_roles_in_signup_meta() and mu_add_roles_in_signup_meta_recently() functions. This makes it possible for unauthenticated attackers to add additional roles to users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4402 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the validate() function. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4403 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation on the ajaxHandler() function. This makes it possible for unauthenticated attackers to op into notifications via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4404 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| wordpress — wordpress | The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed() function. This makes it possible for unauthenticated attackers to send allowed parameters for autosuggest to elasticpress[.]io via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-07-01 | 4.3 | CVE-2021-4405 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
| apple — macos | A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13. A user may accidentally add a participant to a Shared Album by pressing the Delete key | 2023-06-23 | 4.3 | CVE-2022-42807 MISC |
| wordpress — wordpress | The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachments to site users. | 2023-06-28 | 4.3 | CVE-2023-1844 MISC MISC MISC |
| wordpress — wordpress | The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin’s settings | 2023-06-27 | 4.3 | CVE-2023-2627 MISC |
| wordpress — wordpress | The Subscribe2 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 10.40. This is due to missing or incorrect nonce validation when sending test emails. This makes it possible for unauthenticated attackers to send test emails with custom content to users on sites running a vulnerable version of this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-06-28 | 4.3 | CVE-2023-3407 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1. | 2023-06-23 | 4.3 | CVE-2023-34466 MISC MISC |
| google — android | In installKey of KeyUtil.cpp, there is a possible failure of file encryption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-140762419 | 2023-06-28 | 4.1 | CVE-2023-21178 MISC |
Low Vulnerabilities
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| admidio — admidio | Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9. | 2023-06-23 | 3.5 | CVE-2023-3303 MISC CONFIRM |
| apple — macos | An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | 2023-06-23 | 3.3 | CVE-2022-42834 MISC MISC MISC |
| apple — macos | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. An app may be able to observe unprotected user data | 2023-06-23 | 3.3 | CVE-2023-32386 MISC MISC MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | 2023-07-01 | 3.1 | CVE-2021-42307 MISC |
| microsoft — edge | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2023-06-29 | 3.1 | CVE-2022-29147 MISC |
| apple — ipados | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, iOS 15.7.6 and iPadOS 15.7.6. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication | 2023-06-23 | 2.4 | CVE-2023-32365 MISC MISC |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5, tvOS 16.5. A person with physical access to a device may be able to view contact information from the lock screen | 2023-06-23 | 2.4 | CVE-2023-32394 MISC MISC MISC MISC |
| apple — watchos | This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features | 2023-06-23 | 2.4 | CVE-2023-32417 MISC |
| apple — macos | The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4, watchOS 9.5. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | 2023-06-23 | 2.1 | CVE-2023-32390 MISC MISC MISC |
Severity Not Yet Assigned
| Primary Vendor — Product | Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| jetbrains — teamcity | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | 2023-06-29 | not yet calculated | CVE-2015-1313 MISC MISC |
| gnu_c_library — gnu_c_library | end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. | 2023-06-25 | not yet calculated | CVE-2015-20109 MISC |
| espcms — espcms | An issue was discovered in espcms version P8.18101601. There is a cross site scripting (XSS) vulnerability that allows arbitrary code to be executed via the title parameter. | 2023-06-27 | not yet calculated | CVE-2020-18404 MISC |
| cmseasy — cmseasy | An issue was discovered in cmseasy v7.0.0 that allows user credentials to be sent in clear text due to no encryption of form data. | 2023-06-27 | not yet calculated | CVE-2020-18406 MISC |
| catfishcms — catfishcms | Cross Site Request Forgery (CSRF) vulnerability was discovered in CatfishCMS 4.8.63 that would allow attackers to obtain administrator permissions via /index.php/admin/index/modifymanage.html. | 2023-06-27 | not yet calculated | CVE-2020-18409 MISC |
| chaoji_cms — chaoji_cms | A stored cross site scripting (XSS) vulnerability in /index.php?admin-master-article-edit of Chaoji CMS v2.18 that allows attackers to obtain administrator privileges. | 2023-06-27 | not yet calculated | CVE-2020-18410 MISC |
| chaoji_cms — chaoji_cms | Stored cross site scripting (XSS) vulnerability in /index.php?admin-master-navmenu-add of Chaoji CMS v2.18 that allows attackers to execute arbitrary code. | 2023-06-27 | not yet calculated | CVE-2020-18413 MISC |
| chaoji_cms — chaoji_cms | Stored cross site scripting (XSS) vulnerability in Chaoji CMS v2.18 that allows attackers to execute arbitrary code via /index.php?admin-master-webset. | 2023-06-27 | not yet calculated | CVE-2020-18414 MISC |
| jymusic — jymusic | An cross site request forgery (CSRF) vulnerability discovered in Jymusic v2.0.0.,that allows attackers to execute arbitrary code via /admin.php?s=/addons/config.html&id=6 to modify payment information. | 2023-06-27 | not yet calculated | CVE-2020-18416 MISC |
| feifeicms — feifeicms | A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | 2023-06-27 | not yet calculated | CVE-2020-18418 MISC MISC |
| semcms_php — semcms_php | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | 2023-06-30 | not yet calculated | CVE-2020-18432 MISC |
| cryptoprof_wcms — cryptoprof_wcms | Directory Traversal vulnerability found in Cryptoprof WCMS v.0.3.2 allows a remote attacker to execute arbitrary code via the wex/cssjs.php parameter. | 2023-06-27 | not yet calculated | CVE-2020-19902 MISC |
| bludit — bludit | Bludit 3.9.2 is vulnerable to Remote Code Execution (RCE) via /admin/ajax/upload-images. | 2023-06-26 | not yet calculated | CVE-2020-20210 MISC |
| jquery — jquery | Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element. | 2023-06-26 | not yet calculated | CVE-2020-23064 MISC MISC |
| ez_systems — as_ezpublish_platform/ez_publish_legacy | Cross Site Scripting vulnerabiltiy in eZ Systems AS eZPublish Platform v.5.4 and eZ Publish Legacy v.5.4 allows a remote authenticated attacker to execute arbitrary code via the video-js.swf. | 2023-06-26 | not yet calculated | CVE-2020-23065 MISC |
| tinycme — tinycme | Cross Site Scripting vulnerability in TinyMCE v.4.9.6 and before and v.5.0.0 thru v.5.1.4 allows an attacker to execute arbitrary code via the editor function. | 2023-06-26 | not yet calculated | CVE-2020-23066 MISC MISC |
| requests-xml — requests-xml | requests-xml v0.2.3 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 2023-06-29 | not yet calculated | CVE-2020-26708 MISC |
| py-xml — py-xml | py-xml v1.0 was discovered to contain an XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 2023-06-29 | not yet calculated | CVE-2020-26709 MISC |
| easy-parse — easy-parse | easy-parse v0.1.1 was discovered to contain a XML External Entity Injection (XXE) vulnerability which allows attackers to execute arbitrary code via a crafted XML file. | 2023-06-29 | not yet calculated | CVE-2020-26710 MISC |
| emby — emby_server | Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For header to a local IP-address. | 2023-06-28 | not yet calculated | CVE-2021-25827 MISC MISC CONFIRM |
| emby — emby_server | Emby Server versions < 4.6.0.50 is vulnerable to Cross Site Scripting (XSS) vulnerability via a crafted GET request to /web. | 2023-06-28 | not yet calculated | CVE-2021-25828 MISC |
| dzzoffice– dzzoffice | A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | 2023-06-27 | not yet calculated | CVE-2021-30203 MISC |
| dzzoffice — dzzoffice | Incorrect access control in the component /index.php?mod=system&op=orgtree of dzzoffice 2.02.1_SC_UTF8 allows unauthenticated attackers to browse departments and usernames. | 2023-06-27 | not yet calculated | CVE-2021-30205 MISC |
| jfinal — jfinal | Server-Side Template Injection (SSTI) vulnerability in jFinal v.4.9.08 allows a remote attacker to execute arbitrary code via the template function. | 2023-06-26 | not yet calculated | CVE-2021-31635 MISC |
| google — android | In hasInputInfo of Layer.cpp, there is a possible bypass of user interaction requirements due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-194480991 | 2023-06-28 | not yet calculated | CVE-2022-20443 MISC |
| ibm — qradar_siem | IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403. | 2023-06-27 | not yet calculated | CVE-2022-34352 MISC MISC |
| tenda — ac6_ac1200 | Tenda AC6 AC1200 Smart Dual-Band WiFi Router 15.03.06.50_multi was discovered to contain a cross-site scripting (XSS) vulnerability via the deviceId parameter in the Parental Control module. | 2023-06-26 | not yet calculated | CVE-2022-40010 MISC |
| wordpress — wordpress | The Editorial Calendar WordPress plugin through 3.7.12 does not sanitise and escape its settings, allowing users with roles as low as contributor to inject arbitrary web scripts in the plugin admin panel, enabling a Stored Cross-Site Scripting vulnerability targeting higher privileged users. | 2023-06-27 | not yet calculated | CVE-2022-4115 MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.7 before 15.8.5, from 15.9 before 15.9.4, and from 15.10 before 15.10.1 that allows for crafted, unapproved MRs to be introduced and merged without authorization | 2023-06-28 | not yet calculated | CVE-2022-4143 CONFIRM MISC MISC |
| responsive_filemanager– responsive_filemanager | In Responsive Filemanager < 9.12.0, an attacker can bypass upload restrictions resulting in RCE. | 2023-06-28 | not yet calculated | CVE-2022-44276 MISC |
| ucopia — weblib | An issue was discovered in Weblib Ucopia before 6.0.13. The SSH Server has Insecure Permissions. | 2023-06-29 | not yet calculated | CVE-2022-44719 MISC MISC |
| ucopia — weblib | An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot. | 2023-06-29 | not yet calculated | CVE-2022-44720 MISC MISC |
| ericsson — network_manager | Ericsson Network Manager (ENM), versions prior to 22.2, contains a vulnerability in the REST endpoint “editprofile” where Open Redirect HTTP Header Injection can lead to redirection of the submitted request to domain out of control of ENM deployment. The attacker would need admin/elevated access to exploit the vulnerability | 2023-06-29 | not yet calculated | CVE-2022-46407 MISC |
| ericsson — network_manager | Ericsson Network Manager (ENM), versions prior to 22.1, contains a vulnerability in the application Network Connectivity Manager (NCM) where improper Neutralization of Formula Elements in a CSV File can lead to remote code execution or data leakage via maliciously injected hyperlinks. The attacker would need admin/elevated access to exploit the vulnerability. | 2023-06-29 | not yet calculated | CVE-2022-46408 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys feature_name_len integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48331 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_save_keys file_name_len integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48332 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys prefix_len+feature_name_len integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48333 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 5.1.1 has a drm_verify_keys total_len+file_name_len integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48334 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagVerifyProvisioning integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48335 MISC |
| widevine — trusted_application | Widevine Trusted Application (TA) 5.0.0 through 7.1.1 has a PRDiagParseAndStoreData integer overflow and resultant buffer overflow. | 2023-06-26 | not yet calculated | CVE-2022-48336 MISC |
| apple — macos | This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system | 2023-06-28 | not yet calculated | CVE-2022-48505 MISC |
| wordpress — wordpress | The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. | 2023-06-27 | not yet calculated | CVE-2023-0588 MISC |
| wordpress — wordpress | The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-27 | not yet calculated | CVE-2023-0873 MISC |
| wordpress — wordpress | The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 2023-06-27 | not yet calculated | CVE-2023-1166 MISC |
| linux — kernel | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. | 2023-06-30 | not yet calculated | CVE-2023-1206 MISC |
| linux — kernel | A time-of-check to time-of-use issue exists in io_uring subsystem’s IORING_OP_CLOSE operation in the Linux kernel’s versions 5.6 – 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93. | 2023-06-28 | not yet calculated | CVE-2023-1295 MISC MISC MISC MISC MISC |
| wordpress — wordpress | The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting | 2023-06-27 | not yet calculated | CVE-2023-1891 MISC |
| cisco — cisco_adaptive_security_appliance | A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload. | 2023-06-28 | not yet calculated | CVE-2023-20006 CISCO |
| cisco — cisco_web_security_appliance | Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-06-28 | not yet calculated | CVE-2023-20028 CISCO |
| tenable — multiple_products | Vulnerability in Tenable Tenable.Io, Tenable Nessus, Tenable Security Center.This issue affects Tenable.Io: before Plugin Feed ID #202306261202 ; Nessus: before Plugin Feed ID #202306261202 ; Security Center: before Plugin Feed ID #202306261202 . This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. | 2023-06-26 | not yet calculated | CVE-2023-2005 MISC |
| cisco — cisco_telepresence_video_communication_server | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-06-28 | not yet calculated | CVE-2023-20105 CISCO |
| cisco — cisco_unified_communications_manager | A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&P users who were authenticated prior to an attack. | 2023-06-28 | not yet calculated | CVE-2023-20108 CISCO |
| cisco — cisco_unified_communications_manager | A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device. | 2023-06-28 | not yet calculated | CVE-2023-20116 CISCO |
| cisco — cisco_web_security_appliance | Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-06-28 | not yet calculated | CVE-2023-20119 CISCO |
| cisco — cisco_web_security_appliance | Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Cisco Secure Email Gateway, formerly Cisco Email Security Appliance (ESA); and Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow a remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-06-28 | not yet calculated | CVE-2023-20120 CISCO |
| cisco — cisco_secure_workload | A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials. This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels. | 2023-06-28 | not yet calculated | CVE-2023-20136 CISCO |
| cisco — cisco_anyconnect_secure_mobility_client | A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established. This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges. | 2023-06-28 | not yet calculated | CVE-2023-20178 CISCO |
| cisco — cisco_small_business_smart_and_managed_switches | A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. Cisco has not released software updates to address this vulnerability. | 2023-06-28 | not yet calculated | CVE-2023-20188 CISCO |
| cisco — cisco_telepresence_video_communication_server_expressway | Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated attacker with Administrator-level read-only credentials to elevate their privileges to Administrator with read-write credentials on an affected system. Note: “Cisco Expressway Series” refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-06-28 | not yet calculated | CVE-2023-20192 CISCO |
| cisco — cisco_duo | A vulnerability in Cisco Duo Two-Factor Authentication for macOS could allow an authenticated, physical attacker to bypass secondary authentication and access an affected macOS device. This vulnerability is due to the incorrect handling of responses from Cisco Duo when the application is configured to fail open. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permission. | 2023-06-28 | not yet calculated | CVE-2023-20199 CISCO |
| wordpress — wordpress | The Custom 404 Pro WordPress plugin before 3.8.1 does not properly sanitize database inputs, leading to multiple SQL Injection vulnerabilities. | 2023-06-27 | not yet calculated | CVE-2023-2032 MISC |
| wordpress — wordpress | The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users. | 2023-06-27 | not yet calculated | CVE-2023-2068 MISC |
| google — android | In encode of miscdata.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783635References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21158 MISC |
| google — android | In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783565References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21159 MISC |
| google — android | In BuildSetTcsFci of protocolmiscbuilder.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263784118References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21160 MISC |
| google — android | In Parse of simdata.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-263783702References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21161 MISC |
| google — android | In setProfileName of DevicePolicyManagerService.java, there is a possible way to crash the SystemUI menu due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-259942964 | 2023-06-28 | not yet calculated | CVE-2023-21167 MISC |
| google — android | In xmlParseTryOrFinish of parser.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261365944 | 2023-06-28 | not yet calculated | CVE-2023-21180 MISC |
| google — android | In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-264880969 | 2023-06-28 | not yet calculated | CVE-2023-21181 MISC |
| google — android | In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13Android ID: A-252764175 | 2023-06-28 | not yet calculated | CVE-2023-21182 MISC |
| google — android | In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-235863754 | 2023-06-28 | not yet calculated | CVE-2023-21183 MISC |
| google — android | In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-267809568 | 2023-06-28 | not yet calculated | CVE-2023-21184 MISC |
| google — android | In multiple functions of WifiNetworkFactory.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-266700762 | 2023-06-28 | not yet calculated | CVE-2023-21185 MISC |
| google — android | In LogResponse of Dns.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261079188 | 2023-06-28 | not yet calculated | CVE-2023-21186 MISC |
| google — android | In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-246542917 | 2023-06-28 | not yet calculated | CVE-2023-21187 MISC |
| google — android | In btm_ble_update_inq_result of btm_ble_gap.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-264624283 | 2023-06-28 | not yet calculated | CVE-2023-21188 MISC |
| google — android | In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-213942596 | 2023-06-28 | not yet calculated | CVE-2023-21189 MISC |
| google — android | In btm_acl_encrypt_change of btm_acl.cc, there is a possible way for a remote device to turn off encryption without resulting in a terminated connection due to an unusual root cause. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251436534 | 2023-06-28 | not yet calculated | CVE-2023-21190 MISC |
| google — android | In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-269738057 | 2023-06-28 | not yet calculated | CVE-2023-21191 MISC |
| google — android | In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-227207653 | 2023-06-28 | not yet calculated | CVE-2023-21192 MISC |
| google — android | In VideoFrame of VideoFrame.h, there is a possible abort due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-233006499 | 2023-06-28 | not yet calculated | CVE-2023-21193 MISC |
| google — android | In gatt_dbg_op_name of gatt_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-260079141 | 2023-06-28 | not yet calculated | CVE-2023-21194 MISC |
| google — android | In btm_ble_periodic_adv_sync_tx_rcvd of btm_ble_gap.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure over Bluetooth, if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-233879420 | 2023-06-28 | not yet calculated | CVE-2023-21195 MISC |
| google — android | In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-261857395 | 2023-06-28 | not yet calculated | CVE-2023-21196 MISC |
| google — android | In btm_acl_process_sca_cmpl_pkt of btm_acl.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251427561 | 2023-06-28 | not yet calculated | CVE-2023-21197 MISC |
| google — android | In remove_sdp_record of btif_sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-245517503 | 2023-06-28 | not yet calculated | CVE-2023-21198 MISC |
| google — android | In btu_ble_proc_ltk_req of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-254445961 | 2023-06-28 | not yet calculated | CVE-2023-21199 MISC |
| google — android | In on_remove_iso_data_path of btm_iso_impl.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-236688764 | 2023-06-28 | not yet calculated | CVE-2023-21200 MISC |
| google — android | In on_create_record_event of btif_sdp_server.cc, there is a possible out of bounds read due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-263545186 | 2023-06-28 | not yet calculated | CVE-2023-21201 MISC |
| google — android | In btm_delete_stored_link_key_complete of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-260568359 | 2023-06-28 | not yet calculated | CVE-2023-21202 MISC |
| google — android | In startWpsPbcInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262246082 | 2023-06-28 | not yet calculated | CVE-2023-21203 MISC |
| google — android | In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262246231 | 2023-06-28 | not yet calculated | CVE-2023-21204 MISC |
| google — android | In startWpsPinDisplayInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245376 | 2023-06-28 | not yet calculated | CVE-2023-21205 MISC |
| google — android | In initiateVenueUrlAnqpQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245630 | 2023-06-28 | not yet calculated | CVE-2023-21206 MISC |
| google — android | In initiateTdlsSetupInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236670 | 2023-06-28 | not yet calculated | CVE-2023-21207 MISC |
| google — android | In setCountryCodeInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262245254 | 2023-06-28 | not yet calculated | CVE-2023-21208 MISC |
| google — android | In multiple functions of sta_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236273 | 2023-06-28 | not yet calculated | CVE-2023-21209 MISC |
| google — android | In initiateHs20IconQueryInternal of sta_iface.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236331 | 2023-06-28 | not yet calculated | CVE-2023-21210 MISC |
| google — android | In multiple files, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235998 | 2023-06-28 | not yet calculated | CVE-2023-21211 MISC |
| google — android | In multiple files, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262236031 | 2023-06-28 | not yet calculated | CVE-2023-21212 MISC |
| google — android | In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235951 | 2023-06-28 | not yet calculated | CVE-2023-21213 MISC |
| google — android | In addGroupWithConfigInternal of p2p_iface.cpp, there is a possible out of bounds read due to unsafe deserialization. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-262235736 | 2023-06-28 | not yet calculated | CVE-2023-21214 MISC |
| google — android | there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264698379References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21219 MISC |
| google — android | there is a possible use of unencrypted transport over cellular networks due to an insecure default value. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-264590585References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21220 MISC |
| google — android | In load_dt_data of storage.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-266977723References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21222 MISC |
| google — android | In LPP_ConvertGNSS_DataBitAssistance of LPP_CommonUtil.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-256047000References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21223 MISC |
| google — android | In ss_ProcessReturnResultComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-265276966References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21224 MISC |
| google — android | there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270403821References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21225 MISC |
| google — android | In SAEMM_RetrieveTaiList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-240728187References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21226 MISC |
| google — android | In aoc_service_set_read_blocked of aoc.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-270148537References: N/A | 2023-06-28 | not yet calculated | CVE-2023-21236 MISC |
| google — android | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-13 Android ID: A-251586912 | 2023-06-28 | not yet calculated | CVE-2023-21237 MISC |
| samsung_mobile — multiple_products | Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | 2023-06-28 | not yet calculated | CVE-2023-21512 MISC |
| samsung_mobile — multiple_products | Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | 2023-06-28 | not yet calculated | CVE-2023-21513 MISC |
| samsung_mobile — multiple_products | Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | 2023-06-28 | not yet calculated | CVE-2023-21517 MISC |
| samsung_mobile — multiple_products | Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity. | 2023-06-28 | not yet calculated | CVE-2023-21518 MISC |
| wordpress — wordpress | The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-06-27 | not yet calculated | CVE-2023-2178 MISC |
| gitlab — gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix | 2023-06-28 | not yet calculated | CVE-2023-2232 MISC CONFIRM MISC |
| checkmk — checkmk | User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. | 2023-06-26 | not yet calculated | CVE-2023-22359 MISC |
| ibm — robotic_process_automation_for_cloud_pak | IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074. | 2023-06-27 | not yet calculated | CVE-2023-22593 MISC MISC |
| western_digital — my_cloud_os | An authentication bypass issue via spoofing was discovered in the token-based authentication mechanism that could allow an attacker to carry out an impersonation attack. This issue affects My Cloud OS 5 devices: before 5.26.202. | 2023-07-01 | not yet calculated | CVE-2023-22814 MISC |
| western_digital — my_cloud_os | Post-authentication remote command injection vulnerabilities in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This issue affects My Cloud OS 5 devices: before 5.26.300. | 2023-06-30 | not yet calculated | CVE-2023-22815 MISC |
| western_digital — my_cloud_os | A post-authentication remote command injection vulnerability in a CGI file in Western Digital My Cloud OS 5 devices that could allow an attacker to build files with redirects and execute larger payloads. This issue affects My Cloud OS 5 devices: before 5.26.300. | 2023-06-30 | not yet calculated | CVE-2023-22816 MISC |
| palantir — contour | The Contour Service was not checking that users had permission to create an analysis for a given dataset. This could allow an attacker to clutter up Compass folders with extraneous analyses, that the attacker would otherwise not have permission to create. | 2023-06-27 | not yet calculated | CVE-2023-22834 MISC |
| oracle — apache_airflow | Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Airflow JDBC Provider Connection’s [Connection URL] parameters had no restrictions, which made it possible to implement RCE attacks via different type JDBC drivers, obtain airflow server permission. This issue affects Apache Airflow JDBC Provider: before 4.0.0. | 2023-06-29 | not yet calculated | CVE-2023-22886 MISC |
| lenovo — thinkpad | A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2023-06-26 | not yet calculated | CVE-2023-2290 MISC |
| wordpress — wordpress | The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack | 2023-06-27 | not yet calculated | CVE-2023-2326 MISC |
| ibm — robotic_process_automation_for_cloud_pak | IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500. | 2023-06-27 | not yet calculated | CVE-2023-23468 MISC MISC |
| wordpress — wordpress | The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admin. | 2023-06-27 | not yet calculated | CVE-2023-2482 MISC |
| autodesk — navisworks | A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 2023-06-27 | not yet calculated | CVE-2023-25001 MISC |
| autodesk — multiple_products | A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | 2023-06-27 | not yet calculated | CVE-2023-25002 MISC |
| autodesk — multiple_products | A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Exploitation of these vulnerabilities may lead to code execution. | 2023-06-27 | not yet calculated | CVE-2023-25004 MISC |
| quiltmc — quiltmc | MultiMC Launcher <= 0.6.16 is vulnerable to Directory Traversal. | 2023-06-26 | not yet calculated | CVE-2023-25306 MISC |
| quiltmc — quiltmc | nothub mrpack-install <= v0.16.2 is vulnerable to Directory Traversal. | 2023-06-26 | not yet calculated | CVE-2023-25307 MISC MISC |
| libtiff — libtiff | libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV. | 2023-06-29 | not yet calculated | CVE-2023-25433 MISC MISC |
| wordpress — wordpress | The AI Engine WordPress plugin before 1.6.83 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | 2023-06-27 | not yet calculated | CVE-2023-2580 MISC |
| wordpress — wordpress | The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. | 2023-06-27 | not yet calculated | CVE-2023-2592 MISC |
| arm — nn | A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. | 2023-06-29 | not yet calculated | CVE-2023-26085 MISC CONFIRM |
| git-commit-info — git-commit-info | Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the hash content. | 2023-06-28 | not yet calculated | CVE-2023-26134 MISC MISC MISC |
| flatnest — flatnest | All versions of the package flatnest are vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file. | 2023-06-30 | not yet calculated | CVE-2023-26135 MISC MISC MISC |
| tough-cookie — tough-cookie | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized. | 2023-07-01 | not yet calculated | CVE-2023-26136 MISC MISC MISC MISC |
| hitachi_energy — txpert_hub_coretec_4 | A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. To exploit the vulnerability the attacker can inject shell commands through a particular field of the web user interface that will be executed by the system. | 2023-06-28 | not yet calculated | CVE-2023-2625 MISC |
| ibm — qradar_siem | IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134. | 2023-06-27 | not yet calculated | CVE-2023-26273 MISC MISC |
| ibm — qradar_siem | IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144. | 2023-06-27 | not yet calculated | CVE-2023-26274 MISC MISC |
| ibm — qradar_siem | IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147. | 2023-06-27 | not yet calculated | CVE-2023-26276 MISC MISC |
| hp_inc. — hp_pc_products_using_ami_uefi_firmware | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in certain HP PC products using AMI UEFI Firmware (system BIOS), which might allow arbitrary code execution. AMI has released updates to mitigate the potential vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-26299 MISC |
| d-link — dir-823 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. | 2023-06-29 | not yet calculated | CVE-2023-26612 MISC MISC |
| d-link — dir-823 | An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted get request to excu_shel. | 2023-06-29 | not yet calculated | CVE-2023-26613 MISC MISC |
| d-link — dir-823 | D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management password. | 2023-06-28 | not yet calculated | CVE-2023-26615 MISC MISC |
| d-link — dir-823 | D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. | 2023-06-29 | not yet calculated | CVE-2023-26616 MISC MISC |
| libtiff — libtiff | libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. | 2023-06-29 | not yet calculated | CVE-2023-26966 MISC MISC |
| pluck_cms — pluck_cms | Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. | 2023-06-26 | not yet calculated | CVE-2023-27082 MISC |
| malwarebytes — anti-exploit | Malwarebytes Anti-Exploit 4.4.0.220 is vulnerable to arbitrary file deletion and denial of service via an ALPC message in which FullFileNamePath lacks a ‘\0’ character. | 2023-06-30 | not yet calculated | CVE-2023-27469 MISC MISC |
| ibm — informix_jdbc_driver | IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511. | 2023-06-28 | not yet calculated | CVE-2023-27866 MISC MISC |
| wordpress — wordpress | The CodeColorer WordPress plugin before 0.10.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2023-06-27 | not yet calculated | CVE-2023-2795 MISC |
| proofpoint — insider_threat_management_agent_for_windows | An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. All versions prior to 7.14.3 are affected. Agents for MacOS and Linux and Cloud are unaffected. | 2023-06-27 | not yet calculated | CVE-2023-2818 MISC |
| ivanti — ivanti_endpoint_manager | A deserialization of untrusted data exists in EPM 2022 Su3 and all prior versions that allows an unauthenticated user to elevate rights. This exploit could potentially be used in conjunction with other OS (Operating System) vulnerabilities to escalate privileges on the machine or be used as a stepping stone to get to other network attached machines. | 2023-07-01 | not yet calculated | CVE-2023-28323 MISC |
| ivanti — ivanti_endpoint_manager | A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution. | 2023-07-01 | not yet calculated | CVE-2023-28324 MISC |
| brave_software — brave_browser_for_android | An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. | 2023-07-01 | not yet calculated | CVE-2023-28364 MISC |
| ubiquiti_inc. — unifi_applications_for_linux | A backup file vulnerability found in UniFi applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored. | 2023-07-01 | not yet calculated | CVE-2023-28365 MISC |
| newspicks_inc. — newspicks_app_for_android | “NewsPicks” App for Android versions 10.4.5 and earlier and “NewsPicks” App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service. | 2023-06-30 | not yet calculated | CVE-2023-28387 MISC MISC MISC |
| wordpress — wordpress | The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack | 2023-06-27 | not yet calculated | CVE-2023-2842 MISC |
| mitsuibishi_electric_corporation — melsec_iq-f_series | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series main modules allows a remote unauthenticated attacker to cancel the password/keyword setting and login to the affected products by sending specially crafted packets. | 2023-06-30 | not yet calculated | CVE-2023-2846 MISC MISC MISC |
| wekan — wekan | A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Any user can obtain the privilege to rename within their own board (where they have BoardAdmin access), and renameAttachment does not block XSS payloads. | 2023-06-26 | not yet calculated | CVE-2023-28485 MISC MISC MISC |
| wordpress — wordpress | The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution. | 2023-06-27 | not yet calculated | CVE-2023-2877 MISC |
| apareo — cas | Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentication based on client X509 certificates. These certificates can be provided via TLS handshake or a special HTTP header, such as “ssl_client_cert”. When checking the validity of the provided client certificate, X509CredentialsAuthenticationHandler performs check that this certificate is not revoked. To do so, it fetches URLs provided in the “CRL Distribution Points” extension of the certificate, which are taken from the certificate itself and therefore can be controlled by a malicious user. If the CAS server is configured to use an LDAP server for x509 authentication with a password, for example by setting a “cas.authn.x509.ldap.ldap-url” and “cas.authn.x509.ldap.bind-credential” properties, X509CredentialsAuthenticationHandler fetches revocation URLs from the certificate, which can be LDAP urls. When making requests to this LDAP urls, Apereo CAS uses the same password as for initially configured LDAP server, which can lead to a password leak. An unauthenticated user can leak the password used to LDAP connection configured on server. This issue has been addressed in version 6.6.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-27 | not yet calculated | CVE-2023-28857 MISC MISC MISC |
| trend_micro_inc. — trend_micro_security | Trend Micro Security 2021, 2022, and 2023 (Consumer) are vulnerable to a DLL Hijacking vulnerability which could allow an attacker to use a specific executable file as an execution and/or persistence mechanism which could execute a malicious program each time the executable file is started. | 2023-06-26 | not yet calculated | CVE-2023-28929 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Direct checkout, Add to cart redirect, Quick purchase button, Buy now button, Quick View button for WooCommerce plugin <= 2.1.48 versions. | 2023-06-26 | not yet calculated | CVE-2023-28988 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Order date, Order pickup, Order date time, Pickup Location, delivery date for WooCommerce plugin <= 3.0.19 versions. | 2023-06-26 | not yet calculated | CVE-2023-28991 MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates – WooCommerce Affiliate Plugin plugin <= 5.4.3 versions. | 2023-06-26 | not yet calculated | CVE-2023-28992 MISC |
| autodesk — multiple_products | A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. These vulnerabilities in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2023-06-27 | not yet calculated | CVE-2023-29068 MISC |
| libtiff — libtiff | A null pointer dereference issue was discovered in Libtiff’s tif_dir.c file. This flaw allows an attacker to pass a crafted TIFF image file to the tiffcp utility, which triggers runtime error, causing an undefined behavior, resulting in an application crash, eventually leading to a denial of service. | 2023-06-30 | not yet calculated | CVE-2023-2908 MISC MISC MISC MISC |
| wordpress — wordpress | Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions. | 2023-06-26 | not yet calculated | CVE-2023-29093 MISC |
| malwarebytes — edr_1.0.11_for_linux | The Malwarebytes EDR 1.0.11 for Linux driver doesn’t properly ensure whitelisting of executable libraries loaded by executable files, allowing arbitrary code execution. The attacker can set LD_LIBRARY_PATH, set LD_PRELOAD, or run an executable file in a debugger. | 2023-06-30 | not yet calculated | CVE-2023-29145 MISC MISC |
| malwarebytes — edr_1.0.11_for_linux | In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | 2023-06-30 | not yet calculated | CVE-2023-29147 MISC MISC |
| bosch — building_integration_system | Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network | 2023-06-30 | not yet calculated | CVE-2023-29241 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PI Websolution Cancel order request / Return order / Repeat Order / Reorder for WooCommerce plugin <= 1.3.2 versions. | 2023-06-26 | not yet calculated | CVE-2023-29423 MISC |
| wordpress — wordpress | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Steven A. Zahm Connections Business Directory plugin <= 10.4.36 versions. | 2023-06-26 | not yet calculated | CVE-2023-29437 MISC |
| wordpress — wordpress | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eric Martin SimpleModal Contact Form (SMCF) plugin <= 1.2.9 versions. | 2023-06-26 | not yet calculated | CVE-2023-29438 MISC |
| laola.redbull — laola.redbull_application_for_android | The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. The target of this URI is subsequently loaded into the application’s webview, thus allowing the loading of arbitrary content into the context of the application. This can occur via the fcrbs schema or an explicit intent invocation. | 2023-06-26 | not yet calculated | CVE-2023-29459 MISC MISC |
| lenovo — multiple_products | An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access to the management web server. | 2023-06-26 | not yet calculated | CVE-2023-2992 MISC |
| lenovo — multiple_products | A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the user does not normally have sufficient privileges to execute. | 2023-06-26 | not yet calculated | CVE-2023-2993 MISC |
| wordpress — wordpress | The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare cases achieve Remote Code Execution via phar deserialization. | 2023-06-27 | not yet calculated | CVE-2023-2996 MISC MISC |
| librecad — librecad | A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. | 2023-06-28 | not yet calculated | CVE-2023-30259 MISC |
| openwb– openwb | Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request. | 2023-06-26 | not yet calculated | CVE-2023-30261 MISC MISC MISC |
| bkg — ntrip_professional_caster | Reflected XSS affects the ‘mode’ parameter in the /admin functionality of the web application in versions <=2.0.44 | 2023-06-28 | not yet calculated | CVE-2023-3034 MISC MISC |
| openssl — openssl | A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process’s stack memory to locate the permission model Permission::enabled_ in the host process’s heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 2023-07-01 | not yet calculated | CVE-2023-30586 MISC |
| node.js — node.js | The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20 | 2023-07-01 | not yet calculated | CVE-2023-30589 MISC |
| linux — kernel | A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. | 2023-06-28 | not yet calculated | CVE-2023-3090 MISC MISC |
| palantir — multiple_products | Multiple Services such as VHS(Video History Server) and VCD(Video Clip Distributor) and Clips2 were discovered to be vulnerable to an unauthenticated arbitrary file read/write vulnerability due to missing input validation on filenames. A malicious attacker could read sensitive files from the filesystem or write/delete arbitrary files on the filesystem as well. | 2023-06-26 | not yet calculated | CVE-2023-30945 MISC |
| palantir — foundry | A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry’s Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue. | 2023-06-29 | not yet calculated | CVE-2023-30946 MISC |
| palantir — foundry | A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to ‘Developer Mode’. This enabled users with insufficient privilege the ability to view and interact with Developer Mode settings in a limited capacity. A fix was deployed with workspace-server 7.7.0. | 2023-06-29 | not yet calculated | CVE-2023-30955 MISC |
| ibm — cloud_pak_for_security
| IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant’s account. IBM X-Force ID: 254136. | 2023-06-27 | not yet calculated | CVE-2023-30993 MISC MISC |
| lenovo — xclarity_administrator | An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA’s Common Information Model (CIM) server that could result in read-only access to specific files. | 2023-06-26 | not yet calculated | CVE-2023-3113 MISC |
| linux — kernel | A use-after-free flaw was found in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests, which can lead to performing arbitrary reads and writes in kernel memory. This flaw allows a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system. | 2023-06-30 | not yet calculated | CVE-2023-3117 MISC |
| medtronic — paceart_optima_for_windows | Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic’s Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. | 2023-06-29 | not yet calculated | CVE-2023-31222 MISC |
| libx11 — libx11 | A vulnerability was found in libX11. The security flaw occurs because the functions in src/InitExt.c in libX11 do not check that the values provided for the Request, Event, or Error IDs are within the bounds of the arrays that those functions write to, using those IDs as array indexes. They trust that they were called with values provided by an Xserver adhering to the bounds specified in the X11 protocol, as all X servers provided by X.Org do. As the protocol only specifies a single byte for these values, an out-of-bounds value provided by a malicious server (or a malicious proxy-in-the-middle) can only overwrite other portions of the Display structure and not write outside the bounds of the Display structure itself, possibly causing the client to crash with this memory corruption. | 2023-06-28 | not yet calculated | CVE-2023-3138 MISC MISC MISC MISC |
| pipreqs — pipreqs | A dependency confusion in pipreqs v0.3.0 to v0.4.11 allows attackers to execute arbitrary code via uploading a crafted PyPI package to the chosen repository server. | 2023-06-30 | not yet calculated | CVE-2023-31543 MISC MISC |
| ubiquiti_inc. — unifi_os | UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both (1) running UniFi OS 3.1 and (2) hosting the UniFi Network application. “Applicable Cloud Keys” include the following: Cloud Key Gen2 and Cloud Key Gen2 Plus. | 2023-07-01 | not yet calculated | CVE-2023-31997 MISC |
| d-link — dsl-g256dg | D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. | 2023-06-28 | not yet calculated | CVE-2023-32222 MISC |
| d-link — dsl-224 | D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. | 2023-06-28 | not yet calculated | CVE-2023-32223 MISC |
| d-link — dsl-224 | D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts | 2023-06-28 | not yet calculated | CVE-2023-32224 MISC |
| ibm — business_automation_workflow | IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587. | 2023-06-27 | not yet calculated | CVE-2023-32339 MISC MISC MISC |
| implem_inc. — pleasanter | Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. | 2023-06-30 | not yet calculated | CVE-2023-32607 MISC MISC |
| implem_inc. — pleasanter | Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the server. | 2023-06-30 | not yet calculated | CVE-2023-32608 MISC MISC |
| synck_graphica — mailform_pro_cgi | Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. | 2023-06-29 | not yet calculated | CVE-2023-32610 MISC MISC MISC |
| wavlink_technology_ltd. — wl-wn531ax2 | Client-side enforcement of server-side security issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow an attacker with an administrative privilege to execute OS commands with the root privilege. | 2023-06-30 | not yet calculated | CVE-2023-32612 MISC MISC |
| wavlink_technology_ltd. — wl-wn531ax2 | Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. | 2023-06-30 | not yet calculated | CVE-2023-32613 MISC MISC |
| wavlink_technology_ltd. — wl-wn531ax2 | Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. | 2023-06-30 | not yet calculated | CVE-2023-32620 MISC MISC |
| wavlink_technology_ltd. — wl-wn531ax2 | WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to upload arbitrary files and execute OS commands with the root privilege. | 2023-06-30 | not yet calculated | CVE-2023-32621 MISC MISC |
| wavlink_technology_ltd. — wl-wn531ax2 | Improper neutralization of special elements in WL-WN531AX2 firmware versions prior to 2023526 allows an attacker with an administrative privilege to execute OS commands with the root privilege. | 2023-06-30 | not yet calculated | CVE-2023-32622 MISC MISC |
| monkey_wrench_inc. — snow_monkey_forms | Directory traversal vulnerability in Snow Monkey Forms versions v5.1.0 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. | 2023-06-28 | not yet calculated | CVE-2023-32623 MISC MISC |
| bigbluebutton — bigbluebutton | BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. In affected versions are affected by a Server-Side Request Forgery (SSRF) vulnerability. In an `insertDocument` API request the user is able to supply a URL from which the presentation should be downloaded. This URL was being used without having been successfully validated first. An update to the `followRedirect` method in the `PresentationUrlDownloadService` has been made to validate all URLs to be used for presentation download. Two new properties `presentationDownloadSupportedProtocols` and `presentationDownloadBlockedHosts` have also been added to `bigbluebutton.properties` to allow administrators to define what protocols a URL must use and to explicitly define hosts that a presentation cannot be downloaded from. All URLs passed to `insertDocument` must conform to the requirements of the two previously mentioned properties. Additionally, these URLs must resolve to valid addresses, and these addresses must not be local or loopback addresses. There are no workarounds. Users are advised to upgrade to a patched version of BigBlueButton. | 2023-06-26 | not yet calculated | CVE-2023-33176 MISC MISC MISC MISC MISC |
| sealos — sealos | Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. In versions of Sealos prior to 4.2.1-rc4 an improper configuration of role based access control (RBAC) permissions resulted in an attacker being able to obtain cluster control permissions, which could control the entire cluster deployed with Sealos, as well as hundreds of pods and other resources within the cluster. This issue has been addressed in version 4.2.1-rc4. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-29 | not yet calculated | CVE-2023-33190 MISC MISC |
| gira_giersiepen — gira_knx/ip-router | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a “404 – Not Found” status code if a path is accessed that does not exist. However, the value of the path is reflected in the response. As the application will reflect the supplied path without context-sensitive HTML encoding, it is vulnerable to reflective cross-site scripting (XSS). | 2023-06-30 | not yet calculated | CVE-2023-33276 MISC MISC |
| gira_giersiepen — gira_knx/ip-router | The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. | 2023-06-29 | not yet calculated | CVE-2023-33277 MISC MISC |
| perimeter81 — perimeter81_for_macos | com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath. | 2023-06-30 | not yet calculated | CVE-2023-33298 MISC MISC |
| nec_corporation — multiple_products | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to obtain specific files in the product. | 2023-06-28 | not yet calculated | CVE-2023-3330 MISC |
| nec_corporation — multiple_products | Improper Limitation of a Pathname to a Restricted Directory vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to delete specific files in the product. | 2023-06-28 | not yet calculated | CVE-2023-3331 MISC |
| nec_corporation — multiple_products | Improper Neutralization of Input During Web Page Generation vulnerability in NEC Corporation Aterm Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary script, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | 2023-06-28 | not yet calculated | CVE-2023-3332 MISC |
| nec_corporation — multiple_products | Improper Neutralization of Special Elements used in an OS Command vulnerability in NEC Corporation Aterm WG2600HP2, WG2600HP, WG2200HP, WG1800HP2, WG1800HP, WG1400HP, WG600HP, WG300HP, WF300HP, WR9500N, WR9300N, WR8750N, WR8700N, WR8600N, WR8370N, WR8175N and WR8170N all versions allows a attacker to execute an arbitrary OS command with the root privilege, after obtaining a high privilege exploiting CVE-2023-3330 and CVE-2023-3331 vulnerabilities. | 2023-06-28 | not yet calculated | CVE-2023-3333 MISC |
| sophos — web_appliance | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | 2023-06-30 | not yet calculated | CVE-2023-33336 MISC |
| linux — kernel | A flaw null pointer dereference in the Linux kernel DECnet networking protocol was found. A remote user could use this flaw to crash the system. | 2023-06-30 | not yet calculated | CVE-2023-3338 MISC |
| blogengine.net — blogengine.net | An Unrestricted Upload vulnerability, due to insufficient validation on UploadControlled.cs file, in BlogEngine.Net version 3.3.8.0 and earlier allows remote attackers to execute remote code. | 2023-06-26 | not yet calculated | CVE-2023-33404 MISC |
| discourse — discourse | Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution (RCE). | 2023-06-29 | not yet calculated | CVE-2023-33466 MISC |
| linux — kernel | A NULL pointer dereference flaw was found in the Linux kernel’s drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system. | 2023-06-28 | not yet calculated | CVE-2023-3355 MISC |
| ros — ros2_foxy_fitzroy | An unauthorized node injection vulnerability has been identified in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could allow a malicious user to inject malicious ROS2 nodes into the system remotely. Once injected, these nodes could disrupt the normal operations of the system or cause other potentially harmful behavior. | 2023-06-27 | not yet calculated | CVE-2023-33566 MISC |
| ros — ros2_foxy_fitzroy | An unauthorized access vulnerability has been discovered in ROS2 Foxy Fitzroy versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. | 2023-06-27 | not yet calculated | CVE-2023-33567 MISC |
| linux — kernel | A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. | 2023-06-28 | not yet calculated | CVE-2023-3357 MISC |
| bagisto — bagisto | Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). | 2023-06-28 | not yet calculated | CVE-2023-33570 MISC |
| linux — kernel | A null pointer dereference was found in the Linux kernel’s Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | 2023-06-28 | not yet calculated | CVE-2023-3358 MISC |
| linux — kernel | An issue was discovered in the Linux kernel brcm_nvram_parse in drivers/nvmem/brcm_nvram.c. Lacks for the check of the return value of kzalloc() can cause the NULL Pointer Dereference. | 2023-06-28 | not yet calculated | CVE-2023-3359 MISC |
| sourcecodester — lost_and_found_information_system | Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | 2023-06-28 | not yet calculated | CVE-2023-33592 MISC MISC |
| church_crm — church_crm | Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. | 2023-06-29 | not yet calculated | CVE-2023-33661 MISC |
| linux — kernel | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer. We recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable). | 2023-06-28 | not yet calculated | CVE-2023-3389 MISC MISC MISC MISC MISC MISC |
| linux — kernel | A use-after-free vulnerability was found in the Linux kernel’s netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue. We recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97. | 2023-06-28 | not yet calculated | CVE-2023-3390 MISC MISC |
| campcodes — retro_cellphone_online_store | A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351. | 2023-06-25 | not yet calculated | CVE-2023-3396 MISC MISC MISC |
| m-files — m-files_server | Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service | 2023-06-27 | not yet calculated | CVE-2023-3405 MISC |
| shopware — shopware | Shopware is an open source e-commerce software. Due to an incorrect configuration in the `.htaccess` file, the configuration file of the Javascript could be read in production environments (`themes/package-lock.json`). With this information, the specific Shopware version in a deployment might be determined by an attacker, which could be used for further attacks. Users are advised to update to version 5.7.18. There are no known workarounds for this vulnerability. | 2023-06-27 | not yet calculated | CVE-2023-34098 MISC MISC MISC MISC |
| shopware — shopware | Shopware is an open source e-commerce software. The mail validation in the registration process had some flaws, so it was possible to construct different mail addresses, that in the end result in the same address, which is shared by multiple accounts. This issue has been addressed in version 5.7.18 and users are advised to update. There are no known workarounds for this vulnerability. | 2023-06-27 | not yet calculated | CVE-2023-34099 MISC MISC MISC MISC |
| cloudexplorer-dev — cloudexplorer-lite | Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. | 2023-06-27 | not yet calculated | CVE-2023-3423 MISC MISC |
| cloudexplorer-dev — cloudexplorer-lite | Cloudexplorer-lite is an open source cloud software stack. Weak passwords can be easily guessed and are an easy target for brute force attacks. This can lead to an authentication system failure and compromise system security. Versions of cloudexplorer-lite prior to 1.2.0 did not enforce strong passwords. This vulnerability has been fixed in version 1.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-27 | not yet calculated | CVE-2023-34240 MISC |
| plantuml — plantum | Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. | 2023-06-27 | not yet calculated | CVE-2023-3431 MISC MISC |
| plantuml — plantum | Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. | 2023-06-27 | not yet calculated | CVE-2023-3432 MISC MISC |
| xpdf — xpdf | Xpdf 4.04 will deadlock on a PDF object stream whose “Length” field is itself in another object stream. | 2023-06-27 | not yet calculated | CVE-2023-3436 MISC |
| linux — kernel | A flaw was found in the MCTP protocol in the Linux kernel. The function mctp_unregister() reclaims the device’s relevant resource when a netcard detaches. However, a running routine may be unaware of this and cause the use-after-free of the mdev->addrs object, potentially leading to a denial of service. | 2023-06-28 | not yet calculated | CVE-2023-3439 MISC MISC MLIST |
| oracle — apache_airflow | Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of arbitrary dynamic-link libraries, resulting in command execution. Starting version 4.0.0 driver can be set only from the hook constructor. This issue affects Apache Airflow ODBC Provider: before 4.0.0. | 2023-06-27 | not yet calculated | CVE-2023-34395 MISC MISC |
| lenovo — xclarity_administrator | A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API. | 2023-06-26 | not yet calculated | CVE-2023-34418 MISC |
| lenovo — xclarity_administrator | A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API. | 2023-06-26 | not yet calculated | CVE-2023-34420 MISC |
| lenovo — xclarity_administrator | A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. | 2023-06-26 | not yet calculated | CVE-2023-34421 MISC |
| lenovo — xclarity_administrator | A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. | 2023-06-26 | not yet calculated | CVE-2023-34422 MISC |
| spinacms — spinacms | Cross-site Scripting (XSS) – Stored in GitHub repository spinacms/spina prior to 2.15.1. | 2023-06-28 | not yet calculated | CVE-2023-3445 MISC MISC |
| dataease — dataease | DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions Unauthorized users can delete an application erroneously. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-26 | not yet calculated | CVE-2023-34463 MISC |
| itsourcecode — online_hotel_management_system_project | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box. | 2023-06-29 | not yet calculated | CVE-2023-34486 MISC |
| itsourcecode — online_hotel_management_system_project | itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection. | 2023-06-29 | not yet calculated | CVE-2023-34487 MISC |
| ibos — oa | A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects the function actionExport of the file ?r=recruit/interview/export&interviews=x of the component Interview Management Export. The manipulation of the argument interviews leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-232546 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-28 | not yet calculated | CVE-2023-3449 MISC MISC MISC |
| ruijie — rg-bcr860 | A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. This issue affects some unknown processing of the component Network Diagnostic Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232547. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-28 | not yet calculated | CVE-2023-3450 MISC MISC MISC |
| sourcecodester — shopping_website | A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-232674 is the identifier assigned to this vulnerability. | 2023-06-29 | not yet calculated | CVE-2023-3457 MISC MISC MISC |
| sourcecodester — shopping_website | A vulnerability was found in SourceCodester Shopping Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file forgot-password.php. The manipulation of the argument contact leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232675. | 2023-06-29 | not yet calculated | CVE-2023-3458 MISC MISC MISC |
| gibbon — gibbon | Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it’s possible to include the content of several files present in the installation folder in the server’s response. | 2023-06-29 | not yet calculated | CVE-2023-34598 MISC |
| gibbon — gibbon | Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. | 2023-06-29 | not yet calculated | CVE-2023-34599 MISC |
| simplephpscripts — classified_ads_script | A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been classified as problematic. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation of the argument p leads to cross site scripting. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. VDB-232710 is the identifier assigned to this vulnerability. | 2023-06-29 | not yet calculated | CVE-2023-3464 MISC MISC MISC |
| phpgurukl — hostel_management_system | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | 2023-06-28 | not yet calculated | CVE-2023-34647 MISC |
| phpgurukl — user_registration_login_and_management_system | A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to the signup.php. | 2023-06-29 | not yet calculated | CVE-2023-34648 MISC |
| simplephpscripts — classified_ads_script | A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file user.php of the component HTTP POST Request Handler. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232711. | 2023-06-29 | not yet calculated | CVE-2023-3465 MISC MISC MISC |
| phpgurukl — small_crm | PHPgurukl Small CRM v.1.0 is vulnerable to Cross Site Scripting (XSS). | 2023-06-28 | not yet calculated | CVE-2023-34650 MISC MISC |
| phpgurukl — hospital_management_system | PHPgurukl Hospital Management System v.1.0 is vulnerable to Cross Site Scripting (XSS). | 2023-06-28 | not yet calculated | CVE-2023-34651 MISC MISC |
| phpgurukl — hostel_management_system | PHPgurukl Hostel Management System v.1.0 is vulnerable to Cross Site Scripting (XSS) via Add New Course. | 2023-06-28 | not yet calculated | CVE-2023-34652 MISC MISC |
| xiamen_si_xin_communication_technology — video_management_system | An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. | 2023-06-29 | not yet calculated | CVE-2023-34656 MISC |
| telegram — telegram | Telegram v9.6.3 on iOS allows attackers to hide critical information on the User Interface via calling the function SFSafariViewController. | 2023-06-29 | not yet calculated | CVE-2023-34658 MISC |
| thorsten — thorsten | Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. | 2023-06-30 | not yet calculated | CVE-2023-3469 MISC MISC |
| campcodes — retro_cellphone_online_store | A vulnerability, which was classified as critical, was found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/edit_product.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-232752. | 2023-06-30 | not yet calculated | CVE-2023-3473 MISC MISC MISC |
| annet — ac_centralized_management_platform | Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . | 2023-06-29 | not yet calculated | CVE-2023-34734 MISC |
| property_cloud_platform_management_center — property_cloud_platform_management_center | Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. | 2023-06-29 | not yet calculated | CVE-2023-34735 MISC |
| guantang_equipment_management_system — guantang_equipment_management_system | Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. | 2023-06-28 | not yet calculated | CVE-2023-34736 MISC |
| chemex — chemex | Chemex through 3.7.1 is vulnerable to arbitrary file upload. | 2023-06-29 | not yet calculated | CVE-2023-34738 MISC |
| simplephpscripts — simple_blog | A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-232753 was assigned to this vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-3474 MISC MISC |
| simplephpscripts — event_script | A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Affected by this issue is some unknown functionality of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. It is recommended to upgrade the affected component. VDB-232754 is the identifier assigned to this vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-3475 MISC MISC |
| simplephpscripts — guestbook_script | A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. It has been classified as problematic. This affects an unknown part of the file preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-232755. | 2023-06-30 | not yet calculated | CVE-2023-3476 MISC MISC |
| 7-eleven — led_message_cup,_hello_cup_for_android | An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application’s client-side chat censor filter. | 2023-06-28 | not yet calculated | CVE-2023-34761 MISC MISC |
| rocketsoft — rocket_lms | A vulnerability was found in RocketSoft Rocket LMS 1.7. It has been declared as problematic. This vulnerability affects unknown code of the file /contact/store of the component Contact Form. The manipulation of the argument name/subject/message leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-232756. | 2023-06-30 | not yet calculated | CVE-2023-3477 MISC MISC |
| ibos — oa | A vulnerability classified as critical was found in IBOS OA 4.5.5. Affected by this vulnerability is the function actionEdit of the file ?r=dashboard/roleadmin/edit&op=member of the component Add User Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2023-06-30 | not yet calculated | CVE-2023-3478 MISC MISC MISC |
| hestiacp — hestiacp | Cross-site Scripting (XSS) – Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. | 2023-06-30 | not yet calculated | CVE-2023-3479 MISC MISC |
| i-doit — i-doit | i-doit Open v24 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the timeout parameter on the login page. | 2023-06-27 | not yet calculated | CVE-2023-34830 MISC MISC |
| turnitin — lti_tool | The “Submission Web Form” of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. The security issue affects the submission web form (“id” and “title” HTTP POST parameters) where the students submit their reports for similarity/plagiarism checks. | 2023-06-29 | not yet calculated | CVE-2023-34831 MISC MISC |
| mcl_technologies — mcl-net | A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the “/file” endpoint. | 2023-06-29 | not yet calculated | CVE-2023-34834 MISC MISC |
| microworld_technologies — escan_management_console | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary JavaScript code via a vulnerable delete_file parameter. | 2023-06-27 | not yet calculated | CVE-2023-34835 MISC |
| microworld_technologies — escan_management_console | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters. | 2023-06-27 | not yet calculated | CVE-2023-34836 MISC |
| microworld_technologies — escan_management_console | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a vulnerable parameter GrpPath. | 2023-06-27 | not yet calculated | CVE-2023-34837 MISC |
| microworld_technologies — escan_management_console | A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter. | 2023-06-27 | not yet calculated | CVE-2023-34838 MISC |
| issabel-pbx — issabel-pbx | A Cross Site Request Forgery (CSRF) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows a remote attacker to gain privileges via a Custom CSRF exploit to create new user function in the application. | 2023-06-27 | not yet calculated | CVE-2023-34839 MISC |
| angular-ui-notification — angular-ui-notification | angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-34840 MISC MISC MISC |
| traggo_server — traggo_server | Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request. | 2023-06-29 | not yet calculated | CVE-2023-34843 MISC |
| play_with_docker — play_with_docker | Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. | 2023-06-29 | not yet calculated | CVE-2023-34844 MISC |
| ikuai — router_os | An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. | 2023-06-29 | not yet calculated | CVE-2023-34849 MISC |
| temporal_technologies_inc. — temporal_server | Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires the namespace UUID and information from the workflow history for the target namespace. Under these conditions, it is possible to interfere with pending tasks in other namespaces, such as marking a task failed or completed. If a task is targeted for completion by the attacker, the targeted namespace must also be using the same data converter configuration as the initial, valid, namespace for the task completion payload to be decoded by workers in the target namespace. | 2023-06-30 | not yet calculated | CVE-2023-3485 MISC |
| fossbilling — fossbilling | SQL Injection in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | not yet calculated | CVE-2023-3490 MISC MISC |
| fossbilling — fossbilling | Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | not yet calculated | CVE-2023-3491 MISC MISC |
| h3c — magic_b1stv100r012 | H3C Magic B1STW B1STV100R012 was discovered to contain a stack overflow via the function SetAPInfoById. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-26 | not yet calculated | CVE-2023-34924 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34928 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34929 MISC |
| fossbilling — fossbilling | Improper Neutralization of Formula Elements in a CSV File in GitHub repository fossbilling/fossbilling prior to 0.5.3. | 2023-06-30 | not yet calculated | CVE-2023-3493 MISC MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34930 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34931 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34932 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34933 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34934 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34935 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34936 MISC |
| h3c — magic_b1stv100r012 | A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2023-06-28 | not yet calculated | CVE-2023-34937 MISC |
| dataease — dataease | DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. In affected versions a missing authorization check allows unauthorized users to manipulate a dashboard created by the administrator. This vulnerability has been fixed in version 1.18.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-26 | not yet calculated | CVE-2023-35164 MISC |
| dataease — dataease | DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Affected versions of DataEase has a privilege bypass vulnerability where ordinary users can gain access to the user database. Exposed information includes md5 hashes of passwords, username, email, and phone number. The vulnerability has been fixed in v1.18.8. Users are advised to upgrade. There are no known workarounds for the vulnerability. | 2023-06-26 | not yet calculated | CVE-2023-35168 MISC |
| hp_inc. — hp_laserjet_pro | Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventing model. | 2023-06-30 | not yet calculated | CVE-2023-35175 MISC |
| hp_inc. — hp_laserjet_pro | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Denial of Service when using the backup & restore feature through the embedded web service on the device. | 2023-06-30 | not yet calculated | CVE-2023-35176 MISC |
| hp_inc. — hp_laserjet_pro | Certain HP LaserJet Pro print products are potentially vulnerable to a stack-based buffer overflow related to the compact font format parser. | 2023-06-30 | not yet calculated | CVE-2023-35177 MISC |
| hp_inc. — hp_laserjet_pro | Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow when performing a GET request to scan jobs. | 2023-06-30 | not yet calculated | CVE-2023-35178 MISC |
| oracle — apache_airflow | Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_connection` and someone with access to connection resources specifically updating the connection to exploit it. This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1. It is recommended to upgrade to a version that is not affected | 2023-06-27 | not yet calculated | CVE-2023-35798 MISC MISC |
| stormshield — endpoint_security_evolution | Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. An interactive user can use the SES Evolution agent to create arbitrary files with local system privileges. | 2023-06-27 | not yet calculated | CVE-2023-35799 CONFIRM MISC |
| stormshield — endpoint_security_evolution | Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. An ACL entry on the SES Evolution agent directory that contains the agent logs displayed in the GUI allows interactive users to read data, which could allow access to information reserved to administrators. | 2023-06-27 | not yet calculated | CVE-2023-35800 CONFIRM MISC |
| stw_mobile_machines — tensor-technik_wiedmann_tcg-4_connectivity_module_deploymentpackage | STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module DeploymentPackage_v3.04r2-Jellyfish allow an attacker to gain full remote access with root privileges without the need for authentication, giving an attacker arbitrary remote code execution over LTE / 4G network via SMS. | 2023-06-29 | not yet calculated | CVE-2023-35830 MISC MISC |
| spicedb — spicedb | SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Any user making a negative authorization decision based on the results of a `LookupResources` request with 1.22.0 is affected. For example, using `LookupResources` to find a list of resources to allow access to be okay: some subjects that should have access to a resource may not. But if using `LookupResources` to find a list of banned resources instead, then some users that shouldn’t have access may. Generally, `LookupResources` is not and should not be to gate access in this way – that’s what the `Check` API is for. Additionally, version 1.22.0 has included a warning about this bug since its initial release. Users are advised to upgrade to version 1.22.2. Users unable to upgrade should avoid using `LookupResources` for negative authorization decisions. | 2023-06-26 | not yet calculated | CVE-2023-35930 MISC MISC |
| openfga — openfga | OPenFGA is an open source authorization/permission engine built for developers. OpenFGA versions v1.1.0 and prior are vulnerable to a DoS attack when Check and ListObjects calls are executed against authorization models that contain circular relationship definitions. Users are affected by this vulnerability if they are using OpenFGA v1.1.0 or earlier, and if you are executing `Check` or `ListObjects` calls against a vulnerable authorization model. Users are advised to upgrade to version 1.1.1. There are no known workarounds for this vulnerability. Users that do not have circular relationships in their models are not affected. | 2023-06-26 | not yet calculated | CVE-2023-35933 MISC MISC MISC MISC |
| tuleap — tuleap | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. When switching from a project visibility that allows restricted users to `Private without restricted`, restricted users that are project administrators keep this access right. Restricted users that were project administrators before the visibility switch keep the possibility to access the project and do some administration actions. This issue has been resolved in Tuleap version 14.9.99.63. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-06-29 | not yet calculated | CVE-2023-35938 MISC MISC MISC MISC |
| gradle — gradle | Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency’s coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build’s configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit. | 2023-06-30 | not yet calculated | CVE-2023-35946 MISC MISC MISC MISC |
| gradle — gradle | Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability. ### Impact This is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip. * When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. * For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. Gradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build. ### Patches A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. It is recommended that users upgrade to a patched version. ### Workarounds There is no workaround. * If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability. * If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured. ### References * [CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)](https://cwe.mitre.org/data/definitions/22.html) * [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html) * [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability) | 2023-06-30 | not yet calculated | CVE-2023-35947 MISC MISC MISC |
| proofpoint — insider_threat_management_agent | A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | 2023-06-27 | not yet calculated | CVE-2023-35998 MISC |
| proofpoint — insider_threat_management_agent | A missing authorization check in the MacOS agent configuration endpoint of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to obtain sensitive information. Successful exploitation requires an attacker to first obtain a valid agent authentication token. All versions before 7.14.3 are affected. | 2023-06-27 | not yet calculated | CVE-2023-36000 MISC |
| proofpoint — insider_threat_management_agent | A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. All versions before 7.14.3 are affected. | 2023-06-27 | not yet calculated | CVE-2023-36002 MISC |
| maxprint — maxlink_1200g | Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the “Diagnostic tool” functionality of the device. | 2023-06-30 | not yet calculated | CVE-2023-36143 MISC MISC |
| intelbras — switch_sg_2404_mr | An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. | 2023-06-30 | not yet calculated | CVE-2023-36144 MISC MISC |
| multilaser — re_170 | A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. | 2023-06-30 | not yet calculated | CVE-2023-36146 MISC MISC |
| ateme — flamingo_xl | An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function. | 2023-06-26 | not yet calculated | CVE-2023-36252 MISC |
| talend — data_catalog | Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. | 2023-06-26 | not yet calculated | CVE-2023-36301 MISC |
| codekop — codekop | A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data. | 2023-06-30 | not yet calculated | CVE-2023-36347 MISC MISC |
| meldekarten_generator — meldekarten_generator | Meldekarten generator is an open source project to create a program, running locally in the browser without the need for an internet-connection, to create, store and print registration cards for volunteers. All text fields on the webpage are vulnerable to XSS attacks. The user input isn’t (fully) sanitized after submission. This issue has been addressed in commit `77e04f4af` which is included in the `1.0.0b1.1.2` release. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-27 | not yet calculated | CVE-2023-36463 MISC MISC |
| pypdf — pypdf | pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b”\r”, b”\n”)` in `pypdf/generic/_data_structures.py` to `while peek not in (b”\r”, b”\n”, b””)`. | 2023-06-27 | not yet calculated | CVE-2023-36464 MISC MISC MISC |
| aws_data.all — aws_data.all | AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue can only be triggered by authenticated users. A fix for this issue is available in data.all version 1.5.2 and later. There is no recommended work around. | 2023-06-28 | not yet calculated | CVE-2023-36467 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it’s still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example – it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn’t affect freshly installed versions of XWiki. Further, this vulnerability doesn’t affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents. | 2023-06-29 | not yet calculated | CVE-2023-36468 MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar. | 2023-06-29 | not yet calculated | CVE-2023-36469 MISC MISC MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set’s HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-29 | not yet calculated | CVE-2023-36470 MISC MISC MISC MISC MISC |
| xwiki — xwiki | Xwiki commons is the common modules used by other XWiki top level projects. The HTML sanitizer that is included in XWiki since version 14.6RC1 allowed form and input HTML tags. In the context of XWiki, this allows an attacker without script right to either create forms that can be used for phishing attacks or also in the context of a sheet, the attacker could add an input like `{{html}}<input type=”hidden” name=”content” value=”{{groovy}}println("Hello from Groovy!")” />{{/html}}` that would allow remote code execution when it is submitted by an admin (the sheet is rendered as part of the edit form). The attacker would need to ensure that the edit form looks plausible, though, which can be non-trivial as without script right the attacker cannot display the regular content of the document. This has been patched in XWiki 14.10.6 and 15.2RC1 by removing the central form-related tags from the list of allowed tags. Users are advised to upgrade. As a workaround an admin can manually disallow the tags by adding `form, input, select, textarea, button` to the configuration option `xml.htmlElementSanitizer.forbidTags` in the `xwiki.properties` configuration file. | 2023-06-29 | not yet calculated | CVE-2023-36471 MISC MISC MISC |
| interactsh — interactsh | Interactsh is an open-source tool for detecting out-of-band interactions. Domains configured with interactsh server prior to version 1.0.0 were vulnerable to subdomain takeover for a specific subdomain, i.e `app.` Interactsh server used to create cname entries for `app` pointing to `projectdiscovery.github.io` as default, which intended to used for hosting interactsh web client using GitHub pages. This is a security issue with a self-hosted interactsh server in which the user may not have configured a web client but still have a CNAME entry pointing to GitHub pages, making them vulnerable to subdomain takeover. This allows a threat actor to host / run arbitrary client side code (cross-site scripting) in a user’s browser when browsing the vulnerable subdomain. Version 1.0.0 fixes this issue by making CNAME optional, rather than default. | 2023-06-28 | not yet calculated | CVE-2023-36474 MISC MISC MISC MISC |
| parse_server — parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 5.5.2 and 6.2.1, an attacker can use a prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. A patch is available in versions 5.5.2 and 6.2.1. | 2023-06-28 | not yet calculated | CVE-2023-36475 MISC MISC MISC MISC MISC MISC MISC |
| nixos — nixos | calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Users of calamares-nixos-extensions version 0.3.12 and prior who installed NixOS through the graphical calamares installer, with an unencrypted `/boot`, on either non-UEFI systems or with a LUKS partition different from `/` have their LUKS key file in `/boot` as a plaintext CPIO archive attached to their NixOS initrd. A patch is available and anticipated to be part of version 0.3.13 to backport to NixOS 22.11, 23.05, and unstable channels. Expert users who have a copy of their data may, as a workaround, re-encrypt the LUKS partition(s) themselves. | 2023-06-29 | not yet calculated | CVE-2023-36476 MISC MISC MISC |
| xwiki — xwiki | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor’ space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details. | 2023-06-30 | not yet calculated | CVE-2023-36477 MISC MISC MISC MISC |
| ilias — ilias | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). | 2023-06-29 | not yet calculated | CVE-2023-36484 MISC MISC |
| ilias — ilias | The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. | 2023-06-29 | not yet calculated | CVE-2023-36487 MISC MISC |
| ilias — ilias | ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). | 2023-06-29 | not yet calculated | CVE-2023-36488 MISC MISC |
| zoom — zoom | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | 2023-06-30 | not yet calculated | CVE-2023-36539 MISC |
| ovarro — tbox_rm2 | The affected TBox RTUs are missing authorization for running some API commands. An attacker running these commands could reveal sensitive information such as software versions and web server file contents. | 2023-06-29 | not yet calculated | CVE-2023-36607 MISC |
| ruby — ruby | A ReDoS issue was discovered in the URI component before 0.12.2 for Ruby. The URI parser mishandles invalid URLs that have specific characters. There is an increase in execution time for parsing strings to URI objects with rfc2396_parser.rb and rfc3986_parser.rb. NOTE: this issue exists becuse of an incomplete fix for CVE-2023-28755. Version 0.10.3 is also a fixed version. | 2023-06-29 | not yet calculated | CVE-2023-36617 MISC |
| cloudplanel — cloudplanel | In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass. | 2023-06-25 | not yet calculated | CVE-2023-36630 MISC MISC |
| nettle — libnettle | The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption. | 2023-06-25 | not yet calculated | CVE-2023-36660 MISC MISC MISC |
| jira — atlassian | Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element. (This is fixed in, for example, Shibboleth Service Provider 3.4.1.3 on Windows.) | 2023-06-25 | not yet calculated | CVE-2023-36661 MISC DEBIAN |
| jira — atlassian | The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. This affects User Management for Jira 2.0.0 through 2.17.1, User Management for Confluence 2.0.0 through 2.15.24, and User Management for Bitbucket 2.2.2 through 2.15.24. | 2023-06-26 | not yet calculated | CVE-2023-36662 MISC |
| it-novum — open_it_cockpit | it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface. | 2023-06-25 | not yet calculated | CVE-2023-36663 MISC MISC |
| artifex_software — ghostscript | Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). | 2023-06-25 | not yet calculated | CVE-2023-36664 MISC MISC MISC |
| inex — Ixp-manager | INEX IXP-Manager before 6.3.1 allows XSS. list-preamble.foil.php, page-header-preamble.foil.php, edit-form.foil.php, page-header-preamble.foil.php, overview.foil.php, cust.foil.php, and view.foil.php may be affected. | 2023-06-25 | not yet calculated | CVE-2023-36666 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. | 2023-06-26 | not yet calculated | CVE-2023-36675 MISC |
| pypdf — pypdf | pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details. | 2023-06-30 | not yet calculated | CVE-2023-36807 MISC MISC MISC |
| pypdf — pypdf | pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-06-30 | not yet calculated | CVE-2023-36810 MISC MISC MISC |
| opentsdb– opentsdb | OpenTSDB is a open source, distributed, scalable Time Series Database (TSDB). OpenTSDB is vulnerable to Remote Code Execution vulnerability by writing user-controlled input to Gnuplot configuration file and running Gnuplot with the generated configuration. This issue has been patched in commit `07c4641471c` and further refined in commit `fa88d3e4b`. These patches are available in the `2.4.2` release. Users are advised to upgrade. User unable to upgrade may disable Gunuplot via the config option`tsd.core.enable_ui = true` and remove the shell files `mygnuplot.bat` and `mygnuplot.sh`. | 2023-06-30 | not yet calculated | CVE-2023-36812 MISC MISC MISC |
| veritas — netbackup_appliance | In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. | 2023-06-29 | not yet calculated | CVE-2023-37237 MISC |
| mediawiki — mediawiki | An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. The googleanalyticstrackurl parser function does not properly escape JavaScript in the onclick handler and does not prevent use of javascript: URLs. | 2023-06-29 | not yet calculated | CVE-2023-37251 MISC |
| mediawiki — mediawiki | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. XSS can occur in Special:CargoQuery via a crafted page item when using the default format. | 2023-06-29 | not yet calculated | CVE-2023-37254 MISC |
| mediawiki — mediawiki | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In Special:CheckUser, a check of the “get edits” type is vulnerable to HTML injection through the User-Agent HTTP request header. | 2023-06-29 | not yet calculated | CVE-2023-37255 MISC |
| mediawiki — mediawiki | An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. It allows one to store javascript: URLs in URL fields, and automatically links these URLs. | 2023-06-29 | not yet calculated | CVE-2023-37256 MISC |
| joplin — joplin | Joplin before 2.11.5 allows XSS via a USE element in an SVG document. | 2023-06-30 | not yet calculated | CVE-2023-37298 MISC MISC MISC |
| joplin — joplin | Joplin before 2.11.5 allows XSS via an AREA element of an image map. | 2023-06-30 | not yet calculated | CVE-2023-37299 MISC MISC MISC |
| mediawiki — mediawiki | An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users. | 2023-06-30 | not yet calculated | CVE-2023-37300 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Because it doesn’t use EditEntity for undo and restore, the intended interaction with AbuseFilter does not occur. | 2023-06-30 | not yet calculated | CVE-2023-37301 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. There is XSS via a crafted badge title attribute. This is also related to lack of escaping in wbTemplate (from resources/wikibase/templates.js) for quotes (which can be in a title attribute). | 2023-06-30 | not yet calculated | CVE-2023-37302 MISC MISC MISC |
| mediawiki — mediawiki | An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an attempt to block a user fails after a temporary browser hang and a DBQueryDisconnectedError error message. | 2023-06-30 | not yet calculated | CVE-2023-37303 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. includes/DoubleWiki.php allows XSS via the column alignment feature. | 2023-06-30 | not yet calculated | CVE-2023-37304 MISC MISC |
| mediawiki — mediawiki | An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. In includes/Page/PageContentHandler.php and includes/Page/PageDisplayHandler.php, hidden users can be exposed via public interfaces. | 2023-06-30 | not yet calculated | CVE-2023-37305 MISC MISC |
| misp — misp | MISP 2.4.172 mishandles different certificate file extensions in server sync. An attacker can obtain sensitive information because of the nature of the error messages. | 2023-06-30 | not yet calculated | CVE-2023-37306 MISC MISC |
| misp — misp | In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. | 2023-06-30 | not yet calculated | CVE-2023-37307 MISC MISC |
| pacparser — pacparser | pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security products). | 2023-06-30 | not yet calculated | CVE-2023-37360 MISC |
| hnswlib — hnswlib | Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. | 2023-06-30 | not yet calculated | CVE-2023-37365 MISC |
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
