US-CERT Vulnerability Summary for the Week of March 27, 2023

High Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
grinnellplans — grinnellplans	A vulnerability was found in grinnellplans-php up to 3.0. It has been declared as critical. Affected by this vulnerability is the function interface_disp_page/interface_disp_page of the file read.php. The manipulation leads to sql injection. The attack can be launched remotely. The name of the patch is 57e4409e19203a94495140ff1b5a697734d17cfb. It is recommended to apply a patch to fix this issue. The identifier VDB-223801 was assigned to this vulnerability.	2023-03-25	9.8	CVE-2015-10097 MISC MISC MISC
pull_it_project — pull_it	The pullit package before 1.4.0 for Node.js allows OS Command Injection because eval is used on an attacker-supplied Git branch name.	2023-03-27	9.8	CVE-2018-25083 MISC MISC
google — android	In parseTrackFragmentRun() of MPEG4Extractor.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-232242894	2023-03-24	9.8	CVE-2022-20532 MISC
totolink — cp900_firmware	TOTOLink outdoor CPE CP900 V6.3c.566_B20171026 is discovered to contain a command injection vulnerability in the setWebWlanIdx function via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.	2023-03-24	9.8	CVE-2022-28495 MISC MISC
google — android	In Pixel cellular firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240662453References: N/A	2023-03-24	9.8	CVE-2022-42498 MISC
google — android	In sms_SendMmCpErrMsg of sms_MmConManagement.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242001391References: N/A	2023-03-24	9.8	CVE-2022-42499 MISC
helpsystems — cobalt_strike	Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.	2023-03-24	9.8	CVE-2022-42948 MISC MISC MISC
componentspace — saml	ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation.	2023-03-24	9.8	CVE-2022-45597 MISC MISC MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code.	2023-03-27	9.8	CVE-2023-1133 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator.	2023-03-27	9.8	CVE-2023-1140 MISC
deltaww — infrasuite_device_master	In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation.	2023-03-27	9.8	CVE-2023-1142 MISC
lfprojects — mlflow	Path Traversal: ‘\..\filename’ in GitHub repository mlflow/mlflow prior to 2.2.1.	2023-03-24	9.8	CVE-2023-1177 CONFIRM MISC
ui — edgerouter_x_firmware	A vulnerability, which was classified as critical, has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. This issue affects some unknown processing of the component NAT Configuration Handler. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-223301 was assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.	2023-03-25	9.8	CVE-2023-1456 MISC MISC
ui — edgerouter_x_firmware	DISPUTED A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6. Affected is an unknown function of the component Static Routing Configuration Handler. The manipulation of the argument next-hop-interface leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-223302 is the identifier assigned to this vulnerability. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.	2023-03-25	9.8	CVE-2023-1457 MISC MISC
ui — edgerouter_x_firmware	DISPUTED A vulnerability has been found in Ubiquiti EdgeRouter X 2.0.9-hotfix.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component OSPF Handler. The manipulation of the argument area leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-223303. NOTE: The vendor position is that post-authentication issues are not accepted as vulnerabilities.	2023-03-25	9.8	CVE-2023-1458 MISC MISC
otcms — otcms	A vulnerability was found in OTCMS 6.72. It has been classified as critical. Affected is the function UseCurl of the file /admin/info_deal.php of the component URL Parameter Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224016.	2023-03-25	9.8	CVE-2023-1634 MISC MISC MISC
linagora — twake	Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.	2023-03-27	9.8	CVE-2023-1665 CONFIRM MISC
google — android	In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258652631	2023-03-24	9.8	CVE-2023-20951 MISC
google — android	In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-261867748	2023-03-24	9.8	CVE-2023-20954 MISC
google — android	In ProfSixDecomTcpSACKoption of RohcPacketCommon, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244450646References: N/A	2023-03-24	9.8	CVE-2023-21057 MISC
google — android	In lcsm_SendRrAcquiAssist of lcsm_bcm_assist.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246169606References: N/A	2023-03-24	9.8	CVE-2023-21058 MISC
dek-1705_project — dek-1705_firmware	DEK-1705 <=Firmware:34.23.1 device was discovered to have a command execution vulnerability.	2023-03-24	9.8	CVE-2023-23149 MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	9.8	CVE-2023-25664 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Attackers using Tensorflow prior to 2.12.0 or 2.11.1 can access heap memory which is not in the control of user, leading to a crash or remote code execution. The fix will be included in TensorFlow version 2.12.0 and will also cherrypick this commit on TensorFlow version 2.11.1.	2023-03-25	9.8	CVE-2023-25668 MISC MISC
hgiga — oaklouds_portal	HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.	2023-03-27	9.8	CVE-2023-25909 CONFIRM
smplredirectionsmanager_project — smplredirectionsmanager	SQL injection vulnerability found in PrestaShop smplredirectionsmanager v.1.1.19 and before allow a remote attacker to gain privileges via the SmplTools::getMatchingRedirectionsFromPartscomponent.	2023-03-24	9.8	CVE-2023-26864 MISC
park_ticketing_management_system_project — park_ticketing_management_system	Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter.	2023-03-27	9.8	CVE-2023-26959 MISC
databasir — databasir	Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter.	2023-03-28	9.8	CVE-2023-27821 MISC MISC
xipblog_project — xipblog	SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components.	2023-03-27	9.8	CVE-2023-27847 MISC MISC
independentsoft — jodf	An issue was discovered in Independentsoft JODF before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.	2023-03-24	9.8	CVE-2023-28150 MISC MISC
independentsoft — jspreadsheet	An issue was discovered in Independentsoft JSpreadsheet before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.	2023-03-24	9.8	CVE-2023-28151 MISC MISC
independentsoft — jword	An issue was discovered in Independentsoft JWord before 1.1.110. The API is prone to XML external entity (XXE) injection via a remote DTD in a DOCX file.	2023-03-24	9.8	CVE-2023-28152 MISC MISC
dataease — dataease	Dataease is an open source data visualization and analysis tool. The blacklist for SQL injection protection is missing entries. This vulnerability has been fixed in version 1.18.5. There are no known workarounds.	2023-03-25	9.8	CVE-2023-28437 MISC MISC MISC
deno — serde_v8	Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Resizable ArrayBuffers passed to asynchronous functions that are shrunk during the asynchronous operation could result in an out-of-bound read/write. It is unlikely that this has been exploited in the wild, as the only version affected is Deno 1.32.0. Deno Deploy users are not affected. The problem has been resolved by disabling resizable ArrayBuffers temporarily in Deno 1.32.1. Deno 1.32.2 will re-enable resizable ArrayBuffers with a proper fix. As a workaround, run with `–v8-flags=–no-harmony-rab-gsab` to disable resizable ArrayBuffers.	2023-03-24	9.8	CVE-2023-28445 MISC MISC MISC
cerebrate-project — cerebrate	In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint.	2023-03-27	9.8	CVE-2023-28883 MISC
wordpress_ping_optimizer_project — wordpress_ping_optimizer	Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.	2023-03-27	8.8	CVE-2022-30705 MISC
essentialplugin — popup_anything	Cross-Site Request Forgery (CSRF) vulnerability in WP OnlineSupport, Essential Plugin Popup Anything – A Marketing Popup and Lead Generation Conversions plugin <= 2.2.1 versions.	2023-03-29	8.8	CVE-2022-38077 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2023.1 the bundled version of Chromium wasn’t sandboxed.	2023-03-29	8.8	CVE-2022-48432 MISC
veronalabs — wp_statistics	The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.	2023-03-27	8.8	CVE-2023-0955 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges.	2023-03-27	8.8	CVE-2023-1134 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation.	2023-03-27	8.8	CVE-2023-1137 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.	2023-03-27	8.8	CVE-2023-1139 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution.	2023-03-27	8.8	CVE-2023-1141 MISC
deltaww — infrasuite_device_master	In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code.	2023-03-27	8.8	CVE-2023-1143 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation.	2023-03-27	8.8	CVE-2023-1144 MISC
ellucian — banner_web_tailor	DISPUTED A vulnerability has been found in Ellucian Banner Web Tailor 8.6 and classified as critical. This vulnerability affects unknown code of the file /PROD_ar/twbkwbis.P_FirstMenu of the component Login Page. The manipulation of the argument PIDM/WEBID leads to improper authorization. The attack can be initiated remotely. After submitting proper login credentials it becomes possible to generate new valid session identifiers on the OTP page. The real existence of this vulnerability is still doubted at the moment. VDB-224014 is the identifier assigned to this vulnerability.	2023-03-25	8.8	CVE-2023-1632 MISC MISC
cal — cal.com	Improper Access Control in GitHub repository calcom/cal.com prior to 2.7.	2023-03-27	8.8	CVE-2023-1647 CONFIRM MISC
google — android	In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-250589026	2023-03-24	8.8	CVE-2023-20960 MISC
gmace_project — gmace	Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions.	2023-03-29	8.8	CVE-2023-23861 MISC
hgiga — powerstation_firmware	HGiga PowerStation remote management function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.	2023-03-27	8.8	CVE-2023-24837 CONFIRM
ladybirdweb — faveo_helpdesk	Faveo Helpdesk 1.0-1.11.1 is vulnerable to SQL Injection. When the user logs in through the login box, he has no judgment on the validity of the user’s input data. The parameters passed from the front end to the back end are controllable, which will lead to SQL injection.	2023-03-24	8.8	CVE-2023-25350 MISC MISC
tenda — ax3_firmware	Tenda AX3 V16.03.12.11 is vulnerable to Buffer Overflow via /goform/SetFirewallCfg.	2023-03-24	8.8	CVE-2023-27042 MISC
apache — inlong	Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick [2] to solve it. [1] https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [2] https://github.com/apache/inlong/pull/7422 https://github.com/apache/inlong/pull/7422	2023-03-27	8.8	CVE-2023-27296 MISC
deno — deno	Deno is a simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Arbitrary program names without any ANSI filtering allows any malicious program to clear the first 2 lines of a `op_spawn_child` or `op_kill` prompt and replace it with any desired text. This works with any command on the respective platform, giving the program the full ability to choose what program they wanted to run. This problem can not be exploited on systems that do not attach an interactive prompt (for example headless servers). This issue has been patched in version 1.31.2.	2023-03-24	8.8	CVE-2023-28446 MISC MISC MISC
infoline — project_management_system	Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.This issue affects Project Management System: before 4.09.31.125.	2023-03-30	8.6	CVE-2023-1725 MISC
simplygallery — simply_gallery_blocks_with_lightbox	The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. The callback function allows numerous actions, the most serious one being reading and updating the WordPress options which could be used to enable registration with a default administrator user role.	2023-03-27	8.1	CVE-2023-0441 MISC
rifartek — iot_wall	RIFARTEK IOT Wall has a vulnerability of incorrect authorization. An authenticated remote attacker with general user privilege is allowed to perform specific privileged function to access and modify all sensitive data.	2023-03-27	8.1	CVE-2023-25017 CONFIRM
apache — fineract	Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Authorized users with limited permissions can gain access to server and may be able to use server for any outbound traffic. This issue affects Apache Fineract: from 1.4 through 1.8.3.	2023-03-28	8.1	CVE-2023-25195 MISC
nextcloud — nextcloud_server	Nextcloud server is an open source, personal cloud implementation. In versions from 24.0.0 and before 24.0.9 a user could escalate their permissions to delete files they were not supposed to deletable but only viewed or downloaded. This issue has been addressed andit is recommended that the Nextcloud Server is upgraded to 24.0.9. There are no known workarounds for this vulnerability.	2023-03-27	8.1	CVE-2023-25817 MISC MISC
muyucms_project — muyucms	MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html.	2023-03-28	8.1	CVE-2023-27700 MISC
rizin — rizin	A flaw was found in rizin. The create_section_from_phdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object’s callback function.	2023-03-24	7.8	CVE-2021-3674 MISC MISC
google — android	In parseParamsBlob of types.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-238083570	2023-03-24	7.8	CVE-2022-20542 MISC
apache — openoffice	Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code from the current directory.	2023-03-24	7.8	CVE-2022-38745 MISC MISC
apache — openoffice	Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Several URI Schemes are defined for this purpose. Links can be activated by clicks, or by automatic document events. The execution of such links must be subject to user approval. In the affected versions of OpenOffice, approval for certain links is not requested; when activated, such links could therefore result in arbitrary script execution.	2023-03-24	7.8	CVE-2022-47502 MISC MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2023.1 in some cases, Gradle and Maven projects could be imported without the “Trust Project” confirmation.	2023-03-29	7.8	CVE-2022-48431 MISC
linux — linux_kernel	A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.	2023-03-27	7.8	CVE-2023-0179 MISC MISC MISC
x.org — x_server	A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege elevation on systems where the X server runs privileged and remote code execution for ssh X forwarding sessions.	2023-03-27	7.8	CVE-2023-0494 MISC MISC MISC
deltaww — infrasuite_device_master	In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation.	2023-03-27	7.8	CVE-2023-1135 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution.	2023-03-27	7.8	CVE-2023-1145 MISC
jiangmin — jiangmin_antivirus	A vulnerability classified as critical was found in JiangMin Antivirus 16.2.2022.418. Affected by this vulnerability is the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224011.	2023-03-25	7.8	CVE-2023-1629 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been declared as critical. This vulnerability affects the function 0x8018E000/0x8018E004 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224026 is the identifier assigned to this vulnerability.	2023-03-26	7.8	CVE-2023-1646 MISC MISC MISC MISC
gpac — gpac	Denial of Service in GitHub repository gpac/gpac prior to 2.4.0.	2023-03-27	7.8	CVE-2023-1654 CONFIRM MISC
google — android	In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-221040577	2023-03-24	7.8	CVE-2023-20906 MISC
google — android	In addPermission of PermissionManagerServiceImpl.java , there is a possible failure to persist permission settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242537498	2023-03-24	7.8	CVE-2023-20911 MISC
google — android	In onTargetSelected of ResolverActivity.java, there is a possible way to share a wrong file due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242605257	2023-03-24	7.8	CVE-2023-20917 MISC
google — android	In avdt_scb_hdl_write_req of avdt_scb_act.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242535997	2023-03-24	7.8	CVE-2023-20931 MISC
google — android	In bta_av_rc_disc_done of bta_av_act.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-226927612	2023-03-24	7.8	CVE-2023-20936 MISC
google — android	In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-237405974	2023-03-24	7.8	CVE-2023-20947 MISC
google — android	In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251778420	2023-03-24	7.8	CVE-2023-20953 MISC
google — android	In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-258653813	2023-03-24	7.8	CVE-2023-20955 MISC
google — android	In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258422561	2023-03-24	7.8	CVE-2023-20957 MISC
google — android	In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-249057848	2023-03-24	7.8	CVE-2023-20959 MISC
google — android	In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519	2023-03-24	7.8	CVE-2023-20963 MISC
google — android	In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121	2023-03-24	7.8	CVE-2023-20964 MISC
google — android	In inflate of inflate.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-242299736	2023-03-24	7.8	CVE-2023-20966 MISC
google — android	In updatePermissionTreeSourcePackage of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permission without the user’s consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-225880325	2023-03-24	7.8	CVE-2023-20971 MISC
google — android	In getAvailabilityStatus of EnableContentCapturePreferenceController.java, there is a possible way to bypass DISALLOW_CONTENT_CAPTURE due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-250573776	2023-03-24	7.8	CVE-2023-20975 MISC
google — android	In BTA_GATTS_HandleValueIndication of bta_gatts_api.cc, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-245915315	2023-03-24	7.8	CVE-2023-20985 MISC
google — android	In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261588851	2023-03-24	7.8	CVE-2023-20993 MISC MISC
google — android	In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279	2023-03-24	7.8	CVE-2023-20995 MISC
google — android	In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918	2023-03-24	7.8	CVE-2023-21000 MISC
google — android	In onContextItemSelected of NetworkProviderSettings.java, there is a possible way for users to change the Wi-Fi settings of other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-237672190	2023-03-24	7.8	CVE-2023-21001 MISC
google — android	In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193935	2023-03-24	7.8	CVE-2023-21002 MISC
google — android	In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193711	2023-03-24	7.8	CVE-2023-21003 MISC
google — android	In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193664	2023-03-24	7.8	CVE-2023-21004 MISC
google — android	In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-261193946	2023-03-24	7.8	CVE-2023-21005 MISC
google — android	In getAvailabilityStatus of several Transcode Permission Controllers, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244569778	2023-03-24	7.8	CVE-2023-21015 MISC
google — android	In InstallStart of InstallStart.java, there is a possible way to change the installer package name due to an improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236687884	2023-03-24	7.8	CVE-2023-21017 MISC
google — android	In isTargetSdkLessThanQOrPrivileged of WifiServiceImpl.java, there is a possible way for the guest user to change admin user network settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255537598	2023-03-24	7.8	CVE-2023-21021 MISC
google — android	In BufferBlock of Suballocation.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-236098131	2023-03-24	7.8	CVE-2023-21022 MISC
google — android	In maybeFinish of FallbackHome.java, there is a possible delay of lockdown screen due to logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246543238	2023-03-24	7.8	CVE-2023-21024 MISC
google — android	In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140	2023-03-24	7.8	CVE-2023-21030 MISC
google — android	In multiple functions of SensorService.cpp, there is a possible access of accurate sensor data due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-230358834	2023-03-24	7.8	CVE-2023-21034 MISC
google — android	In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-184847040	2023-03-24	7.8	CVE-2023-21035 MISC
google — android	In buildCommand of bluetooth_ccc.cc, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-238420277References: N/A	2023-03-24	7.8	CVE-2023-21040 MISC
google — android	In append_to_params of param_util.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-250123688References: N/A	2023-03-24	7.8	CVE-2023-21041 MISC
google — android	In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A	2023-03-24	7.8	CVE-2023-21068 MISC
google — tensorflow	TensorFlow is an open source machine learning platform. Prior to versions 2.12.0 and 2.11.1, `nn_ops.fractional_avg_pool_v2` and `nn_ops.fractional_max_pool_v2` require the first and fourth elements of their parameter `pooling_ratio` to be equal to 1.0, as pooling on batch and channel dimensions is not supported. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.8	CVE-2023-25801 MISC MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25863 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25864 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25865 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25866 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25867 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25868 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25869 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25870 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25871 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25872 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25873 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25874 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25879 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25880 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25881 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25882 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25883 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25884 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25885 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25886 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25887 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25888 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25889 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25890 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25891 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25892 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25893 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25894 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25895 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25896 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25897 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25898 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25899 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25900 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25901 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25902 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25903 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25904 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25905 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25906 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-25907 MISC
adobe — photoshop	Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	7.8	CVE-2023-25908 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26327 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26328 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26329 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26330 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26331 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26332 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26333 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26334 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26335 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26336 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	7.8	CVE-2023-26337 MISC
malwarebytes — adwcleaner	Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link.	2023-03-29	7.8	CVE-2023-28892 MISC MISC
upx_project — upx	A heap-based buffer overflow was discovered in upx, during the generic pointer ‘p’ points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5382.	2023-03-24	7.5	CVE-2021-43311 MISC
upx_project — upx	A heap-based buffer overflow was discovered in upx, during the variable ‘bucket’ points to an inaccessible address. The issue is being triggered in the function PackLinuxElf64::invert_pt_dynamic at p_lx_elf.cpp:5239.	2023-03-24	7.5	CVE-2021-43312 MISC
upx_project — upx	A heap-based buffer overflow was discovered in upx, during the variable ‘bucket’ points to an inaccessible address. The issue is being triggered in the function PackLinuxElf32::invert_pt_dynamic at p_lx_elf.cpp:1688.	2023-03-24	7.5	CVE-2021-43313 MISC
upx_project — upx	A heap-based buffer overflows was discovered in upx, during the generic pointer ‘p’ points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5368	2023-03-24	7.5	CVE-2021-43314 MISC
upx_project — upx	A heap-based buffer overflows was discovered in upx, during the generic pointer ‘p’ points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349	2023-03-24	7.5	CVE-2021-43315 MISC
upx_project — upx	A heap-based buffer overflow was discovered in upx, during the generic pointer ‘p’ points to an inaccessible address in func get_le64().	2023-03-24	7.5	CVE-2021-43316 MISC
upx_project — upx	A heap-based buffer overflows was discovered in upx, during the generic pointer ‘p’ points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf64::elf_lookup() at p_lx_elf.cpp:5404	2023-03-24	7.5	CVE-2021-43317 MISC
huawei — harmonyos	Some products have the double fetch vulnerability. Successful exploitation of this vulnerability may cause denial of service (DoS) attacks to the kernel.	2023-03-27	7.5	CVE-2022-48357 MISC MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2023.1 file content could be disclosed via an external stylesheet path in Markdown preview.	2023-03-29	7.5	CVE-2022-48430 MISC
jetbrains — intellij_idea	In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server.	2023-03-29	7.5	CVE-2022-48433 MISC
deltaww — infrasuite_device_master	In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass.	2023-03-27	7.5	CVE-2023-1136 MISC
deltaww — infrasuite_device_master	Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials.	2023-03-27	7.5	CVE-2023-1138 MISC
google — android	In serializePasspointConfiguration of PasspointXmlUtils.java, there is a possible logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216854451	2023-03-24	7.5	CVE-2023-21027 MISC
google — android	In parse_printerAttributes of ipphelper.c, there is a possible out of bounds read due to a string without a null-terminator. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-180680572	2023-03-24	7.5	CVE-2023-21028 MISC
google — android	In sms_ExtractCbLanguage of sms_CellBroadcast.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-251805610References: N/A	2023-03-24	7.5	CVE-2023-21053 MISC
google — android	In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-247564044References: N/A	2023-03-24	7.5	CVE-2023-21059 MISC
google — android	In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/A	2023-03-24	7.5	CVE-2023-21060 MISC
google — android	Product: AndroidVersions: Android kernelAndroid ID: A-229255400References: N/A	2023-03-24	7.5	CVE-2023-21061 MISC
google — android	Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/A	2023-03-24	7.5	CVE-2023-21067 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An unauthenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.	2023-03-27	7.5	CVE-2023-22247 MISC
amano — xoffice	amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.	2023-03-28	7.5	CVE-2023-23330 MISC MISC
mikrotik — routeros	An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets.	2023-03-27	7.5	CVE-2023-24094 MISC MISC MISC
hgiga — powerstation_firmware	HGiga PowerStation has a vulnerability of Information Leakage. An unauthenticated remote attacker can exploit this vulnerability to obtain the administrator’s credential, resulting in performing arbitrary system operation or disrupt service.	2023-03-27	7.5	CVE-2023-24838 CONFIRM
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, an out of bounds read is in GRUBlockCellGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.5	CVE-2023-25658 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the parameter `indices` for `DynamicStitch` does not match the shape of the parameter `data`, it can trigger an stack OOB read. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25659 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when the parameter `summarize` of `tf.raw_ops.Print` is zero, the new method `SummarizeArray<bool>` will reference to a nullptr, leading to a seg fault. A fix is included in TensorFlow version 2.12 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25660 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 are vulnerable to integer overflow in EditDistance. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25662 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `ctx->step_containter()` is a null ptr, the Lookup function will be executed with a null pointer. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.5	CVE-2023-25663 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, when `SparseSparseMaximum` is given invalid sparse tensors as inputs, it can give a null pointer error. A fix is included in TensorFlow version 2.12 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25665 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a floating point exception in AudioSpectrogram. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25666 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, integer overflow occurs when `2^31 <= num_frames * height * width * channels < 2^32`, for example Full HD screencast of at least 346 frames. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25667 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, if the stride and window size are not positive for `tf.raw_ops.AvgPoolGrad`, it can give a floating point exception. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25669 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a null point error in QuantizedMatMulWithBiasAndDequantize with MKL enabled. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25670 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. There is out-of-bounds access due to mismatched integer type sizes. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25671 MISC MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. The function `tf.raw_ops.LookupTableImportV2` cannot handle scalars in the `values` parameter and gives an NPE. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25672 MISC MISC
google — tensorflow	TensorFlow is an open source platform for machine learning. Versions prior to 2.12.0 and 2.11.1 have a Floating Point Exception in TensorListSplit with XLA. A fix is included in TensorFlow version 2.12.0 and version 2.11.1.	2023-03-25	7.5	CVE-2023-25673 MISC MISC
google — tensorflow	TensorFlow is an open source machine learning platform. Versions prior to 2.12.0 and 2.11.1 have a null pointer error in RandomShuffle with XLA enabled. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.5	CVE-2023-25674 MISC MISC
google — tensorflow	TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.Bincount` segfaults when given a parameter `weights` that is neither the same shape as parameter `arr` nor a length-0 tensor. A fix is included in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.5	CVE-2023-25675 MISC MISC
google — tensorflow	TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, `tf.raw_ops.ParallelConcat` segfaults with a nullptr dereference when given a parameter `shape` with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1.	2023-03-25	7.5	CVE-2023-25676 MISC MISC
aver — ptzapp_2	Aver Information Inc PTZApp2 v20.01044.48 allows attackers to access sensitive files via a crafted GET request.	2023-03-24	7.5	CVE-2023-27055 MISC
google — tensorflow	TensorFlow is an end-to-end open source platform for machine learning. Constructing a tflite model with a paramater `filter_input_channel` of less than 1 gives a FPE. This issue has been patched in version 2.12. TensorFlow will also cherrypick the fix commit on TensorFlow 2.11.1.	2023-03-25	7.5	CVE-2023-27579 MISC MISC
invernyx — smartcars_3	smartCARS 3 is flight tracking software. In version 0.5.8 and prior, all persons who have failed login attempts will have their password stored in error logs. This problem doesn’t occur in version 0.5.9. As a workaround, delete the affected log file, and ensure one logs in correctly.	2023-03-24	7.5	CVE-2023-28441 MISC
versionize_project — versionize	Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the ‘Versionize::deserialize’ implementation provided by the ‘versionize’ crate for ‘vmm_sys_utils::fam::FamStructWrapper’, which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.	2023-03-24	7.5	CVE-2023-28448 MISC MISC MISC
westerndigital — sandisk_privateaccess	SanDisk PrivateAccess versions prior to 6.4.9 support insecure TLS 1.0 and TLS 1.1 protocols which are susceptible to man-in-the-middle attacks thereby compromising confidentiality and integrity of data.	2023-03-24	7.4	CVE-2023-22812 MISC
google — android	In getConfirmationMessage of DefaultAutofillPicker.java, there is a possible way to mislead the user to select default autofill application due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-216117246	2023-03-24	7.3	CVE-2023-20976 MISC
google — android	In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244556535References: N/A	2023-03-24	7.2	CVE-2023-21054 MISC
softnext — spam_sqr	Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. An authenticated remote attacker with administrator privilege can exploit this vulnerability to execute arbitrary system command to perform arbitrary system operation or disrupt service.	2023-03-27	7.2	CVE-2023-24835 CONFIRM
hgiga — oaklouds_mailsherlock	HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database.	2023-03-27	7.2	CVE-2023-24840 CONFIRM
hgiga — oaklouds_mailsherlock	HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operation or disrupt service.	2023-03-27	7.2	CVE-2023-24841 CONFIRM
pluck-cms — pluck	Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Albums are used to create collections of images that can be inserted into web pages across the site. Albums allow the upload of various filetypes, which undergo a normalization process before being available on the site. Due to lack of file extension validation, it is possible to upload a crafted JPEG payload containing an embedded PHP web-shell. An attacker may navigate to it directly to achieve RCE on the underlying web server. Administrator credentials for the Pluck CMS web interface are required to access the albums module feature, and are thus required to exploit this vulnerability. CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C (8.2 High)	2023-03-27	7.2	CVE-2023-25828 MISC
google — android	In read_paint of ttcolr.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254803162	2023-03-24	7.1	CVE-2023-20958 MISC
dino — dino	Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. The attacker can change the display of group chats or force a victim to join a group chat; the victim may then be tricked into disclosing sensitive information.	2023-03-24	7.1	CVE-2023-28686 CONFIRM DEBIAN FEDORA FEDORA FEDORA

Medium Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
linux — linux_kernel	A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data.	2023-03-27	6.8	CVE-2023-1079 MISC
google — android	In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that’s been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-253043058	2023-03-24	6.8	CVE-2023-20926 MISC
google — android	In OEM_OnRequest of sced.cpp, there is a possible shell command execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239701389References: N/A	2023-03-24	6.7	CVE-2022-42500 MISC
google — android	In _ufdt_output_property_to_fdt of ufdt_convert.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259062118	2023-03-24	6.7	CVE-2023-20994 MISC
google — android	In UnwindingWorker of unwinding.cc, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233338564	2023-03-24	6.7	CVE-2023-21018 MISC
google — android	In registerSignalHandlers of main.c, there is a possible local arbitrary code execution due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256591441	2023-03-24	6.7	CVE-2023-21020 MISC
google — android	In cs40l2x_cp_trigger_queue_show of cs40l2x.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224000736References: N/A	2023-03-24	6.7	CVE-2023-21038 MISC
google — android	In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239873326References: N/A	2023-03-24	6.7	CVE-2023-21042 MISC
google — android	In (TBD) of (TBD), there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239872581References: N/A	2023-03-24	6.7	CVE-2023-21043 MISC
google — android	In load_png_image of ExynosHWCHelper.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244423702References: N/A	2023-03-24	6.7	CVE-2023-21050 MISC
google — android	In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323322References: N/A	2023-03-24	6.7	CVE-2023-21051 MISC
google — android	In setToExternal of ril_external_client.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259063189References: N/A	2023-03-24	6.7	CVE-2023-21052 MISC
google — android	In lwis_slc_buffer_free of lwis_device_slc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-245300559References: N/A	2023-03-24	6.7	CVE-2023-21056 MISC
google — android	In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/A	2023-03-24	6.7	CVE-2023-21062 MISC
google — android	In ParseWithAuthType of simdata.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243129862References: N/A	2023-03-24	6.7	CVE-2023-21063 MISC
google — android	In DoSetPinControl of miscservice.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243130078References: N/A	2023-03-24	6.7	CVE-2023-21064 MISC
google — android	In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239630493References: N/A	2023-03-24	6.7	CVE-2023-21065 MISC
google — android	In wl_update_hidden_ap_ie of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254029309References: N/A	2023-03-24	6.7	CVE-2023-21069 MISC
google — android	In add_roam_cache_list of wl_roam.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028776References: N/A	2023-03-24	6.7	CVE-2023-21070 MISC
google — android	In dhd_prot_ioctcmplt_process of dhd_msgbuf.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028518References: N/A	2023-03-24	6.7	CVE-2023-21071 MISC
google — android	In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290781References: N/A	2023-03-24	6.7	CVE-2023-21072 MISC
google — android	In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257290396References: N/A	2023-03-24	6.7	CVE-2023-21073 MISC
google — android	In get_svc_hash of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857862References: N/A	2023-03-24	6.7	CVE-2023-21075 MISC
google — android	In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/A	2023-03-24	6.7	CVE-2023-21076 MISC
google — android	In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257289560References: N/A	2023-03-24	6.7	CVE-2023-21077 MISC
google — android	In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/A	2023-03-24	6.7	CVE-2023-21078 MISC
google — android	In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254839721References: N/A	2023-03-24	6.7	CVE-2023-21079 MISC
scriptcase — scriptcase	db_convert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter.	2023-03-27	6.5	CVE-2022-32199 MISC MISC
secvisogram — csaf-validator-lib	An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.	2023-03-27	6.5	CVE-2022-47924 MISC
postgresql — pgadmin_4	pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. A user of the product may change another user’s settings or alter the database.	2023-03-27	6.5	CVE-2023-0241 MISC MISC
wpvar — wp_shamsi	The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.	2023-03-27	6.5	CVE-2023-0335 MISC
ooohboi_steroids_for_elementor_project — ooohboi_steroids_for_elementor	The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.	2023-03-27	6.5	CVE-2023-0336 MISC
hasthemes — wp_film_studio	The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	6.5	CVE-2023-0500 MISC
hasthemes — wp_insurance	The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	6.5	CVE-2023-0501 MISC
hasthemes — wp_news	The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	6.5	CVE-2023-0502 MISC
strategy11 — formidable_form_builder	The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections.	2023-03-27	6.5	CVE-2023-0816 MISC
miniorange — oauth_single_sign_on	The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a CSRF attack	2023-03-27	6.5	CVE-2023-1093 MISC
ladybirdweb — faveo_servicedesk	Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack.	2023-03-24	6.5	CVE-2023-24625 MISC MISC MISC
wisdomgarden — tronclass_ilearn	WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote attacker with general user privilege can exploit this vulnerability to access files belonging to other users by modifying the file ID within URL.	2023-03-27	6.5	CVE-2023-24834 CONFIRM
opengoofy — hippo4j	Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module.	2023-03-27	6.5	CVE-2023-27096 MISC
sauter-controls — ey-as525f001_firmware	An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. The attacker could then perform further attacks using the SMTP credentials.	2023-03-27	6.5	CVE-2023-27927 MISC
sauter-controls — ey-as525f001_firmware	An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition.	2023-03-27	6.5	CVE-2023-28652 MISC
google — android	In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References: N/A	2023-03-24	6.4	CVE-2023-21055 MISC
apache — fineract	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation apache fineract. Authorized users may be able to exploit this for limited impact on components. This issue affects apache fineract: from 1.4 through 1.8.2.	2023-03-28	6.3	CVE-2023-25197 MISC
twofactorauth_project — twofactorauth	A vulnerability classified as problematic has been found in Arno0x TwoFactorAuth. This affects an unknown part of the file login/login.php. The manipulation of the argument from leads to open redirect. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 8549ad3cf197095f783643e41333586d6a4d0e54. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223803.	2023-03-25	6.1	CVE-2016-15030 MISC MISC MISC MISC
woocommerce_vietnam_checkout_project — woocommerce_vietnam_checkout	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Le Van Toan Woocommerce Vietnam Checkout plugin <= 2.0.4 versions.	2023-03-27	6.1	CVE-2022-46843 MISC
contempothemes — real_estate_7	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Contempoinc Real Estate 7 WordPress theme <= 3.3.1 versions.	2023-03-27	6.1	CVE-2022-47146 MISC
multi_rating_project — multi_rating	Unauth. Reflected Cross-Site Scripting vulnerability in Daniel Powney Multi Rating plugin <= 5.0.5 versions.	2023-03-29	6.1	CVE-2022-47433 MISC
properfraction — profilepress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin <= 4.5.3 versions.	2023-03-29	6.1	CVE-2022-47444 MISC
virames — vira-investing	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).This issue affects Vira-Investing: before 1.0.84.86.	2023-03-30	6.1	CVE-2023-1013 MISC
ykm — ykm_crm	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30.	2023-03-31	6.1	CVE-2023-1060 MISC
otcms — otcms	A vulnerability was found in OTCMS 6.72. It has been declared as problematic. Affected by this vulnerability is the function AutoRun of the file apiRun.php. The manipulation of the argument mode leads to cross site scripting. The attack can be launched remotely. The identifier VDB-224017 was assigned to this vulnerability.	2023-03-25	6.1	CVE-2023-1635 MISC MISC MISC
young_entrepreneur_e-negosyo_system_project — young_entrepreneur_e-negosyo_system	A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file bsenordering/admin/category/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(233)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224243.	2023-03-29	6.1	CVE-2023-1686 MISC MISC MISC
task_allocation_system_project — task_allocation_system	A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file LoginRegistration.php?a=register_user. The manipulation of the argument Fullname leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224244.	2023-03-29	6.1	CVE-2023-1687 MISC MISC
earnings_and_expense_tracker_application_project — earnings_and_expense_tracker_application	A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-224307.	2023-03-29	6.1	CVE-2023-1688 MISC MISC
earnings_and_expense_tracker_app_project — earnings_and_expense_tracker_app	A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. This vulnerability affects unknown code of the file Master.php?a=save_earning. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224308.	2023-03-29	6.1	CVE-2023-1689 MISC MISC
sauter-controls — ey-as525f001_firmware	An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. This action would also grant the attacker privilege escalation.	2023-03-27	6.1	CVE-2023-22300 MISC
hgiga — oaklouds_mailsherlock	HGiga MailSherlock’s specific function has insufficient filtering for user input. An unauthenticated remote attacker can exploit this vulnerability to inject JavaScript, conducting a reflected XSS attack.	2023-03-27	6.1	CVE-2023-24839 CONFIRM
water_billing_system_project — water_billing_system	SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module.	2023-03-27	6.1	CVE-2023-27241 MISC MISC
file_management_system_project — file_management_system	A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit User module.	2023-03-27	6.1	CVE-2023-27245 MISC
dataease — dataease	Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has been fixed in version 1.18.5.	2023-03-24	6.1	CVE-2023-28435 MISC MISC
sauter-controls — ey-as525f001_firmware	An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. If clicked, the attacker could execute the malicious JavaScript (JS) payload in the target’s security context.	2023-03-27	6.1	CVE-2023-28650 MISC
misp-project — malware_information_sharing_platform	In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index.	2023-03-27	6.1	CVE-2023-28884 MISC
snappier_project — snappier	Snappier is a high performance C# implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and reduces workload on the garbage collector. However, when the garbage collector performs compaction and rearranges memory, it must update any byte references on the stack to refer to the updated location. The .NET garbage collector can only update these byte references if they still point within the buffer or to a point one byte past the end of the buffer. If they point outside this area, the buffer itself may be moved while the byte reference stays the same. There are several places in 1.1.0 where byte references very briefly point outside the valid areas of buffers. These are at locations in the code being used for buffer range checks. While the invalid references are never dereferenced directly, if a GC compaction were to occur during the brief window when they are on the stack then it could invalidate the buffer range check and allow other operations to overrun the buffer. This should be very difficult for an attacker to trigger intentionally. It would require a repetitive bulk attack with the hope that a GC compaction would occur at precisely the right moment during one of the requests. However, one of the range checks with this problem is a check based on input data in the decompression buffer, meaning malformed input data could be used to increase the chance of success. Note that any resulting buffer overrun is likely to cause access to protected memory, which will then cause an exception and the process to be terminated. Therefore, the most likely result of an attack is a denial of service. This issue has been patched in release 1.1.1. Users are advised to upgrade. Users unable to upgrade may pin buffers to a fixed location before using them for compression or decompression to mitigate some, but not all, of these cases. At least one temporary decompression buffer is internal to the library and never pinned.	2023-03-27	5.9	CVE-2023-28638 MISC MISC
virames — vira-investing	Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.This issue affects Vira-Investing: before 1.0.84.86.	2023-03-30	5.8	CVE-2023-1014 MISC
linux — linux_kernel	An issue was discovered in the Linux kernel before 5.8. lib/nlattr.c allows attackers to cause a denial of service (unbounded recursion) via a nested Netlink policy with a back reference.	2023-03-24	5.5	CVE-2020-36691 MISC MISC
google — android	In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741	2023-03-24	5.5	CVE-2022-20467 MISC
google — android	In validateForCommonR1andR2 of PasspointConfiguration.java, uncaught errors in parsing stored configs could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-246539931	2023-03-24	5.5	CVE-2022-20499 MISC
google — android	In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242203672References: N/A	2023-03-24	5.5	CVE-2022-42528 MISC
f5 — nginx_agent	Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.	2023-03-29	5.5	CVE-2023-1550 MISC
linux — linux_kernel	A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.	2023-03-24	5.5	CVE-2023-1583 MISC
jiangmin — jiangmin_antivirus	A vulnerability classified as problematic has been found in Jianming Antivirus 16.2.2022.418. Affected is an unknown function in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-224010 is the identifier assigned to this vulnerability.	2023-03-25	5.5	CVE-2023-1628 MISC MISC MISC MISC
jiangmin — jiangmin_antivirus	A vulnerability, which was classified as problematic, has been found in JiangMin Antivirus 16.2.2022.418. Affected by this issue is the function 0x222000 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224012.	2023-03-25	5.5	CVE-2023-1630 MISC MISC MISC MISC
jiangmin — jiangmin_antivirus	A vulnerability, which was classified as problematic, was found in JiangMin Antivirus 16.2.2022.418. This affects the function 0x222010 in the library kvcore.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224013 was assigned to this vulnerability.	2023-03-25	5.5	CVE-2023-1631 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been rated as problematic. Affected by this issue is the function 0x8001E024/0x8001E040 in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-224018 is the identifier assigned to this vulnerability.	2023-03-26	5.5	CVE-2023-1638 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability classified as problematic has been found in IObit Malware Fighter 9.4.0.776. This affects the function 0x8001E04C in the library ImfRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224019.	2023-03-26	5.5	CVE-2023-1639 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability classified as problematic was found in IObit Malware Fighter 9.4.0.776. This vulnerability affects the function 0x222010 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224020.	2023-03-26	5.5	CVE-2023-1640 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability, which was classified as problematic, has been found in IObit Malware Fighter 9.4.0.776. This issue affects the function 0x222018 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224021 was assigned to this vulnerability.	2023-03-26	5.5	CVE-2023-1641 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability, which was classified as problematic, was found in IObit Malware Fighter 9.4.0.776. Affected is the function 0x222034/0x222038/0x22203C/0x222040 in the library ObCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-224022 is the identifier assigned to this vulnerability.	2023-03-26	5.5	CVE-2023-1642 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability has been found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this vulnerability is the function 0x8001E000/0x8001E004/0x8001E018/0x8001E01C/0x8001E024/0x8001E040 in the library ImfHpRegFilter.sys of the component IOCTL Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224023.	2023-03-26	5.5	CVE-2023-1643 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability was found in IObit Malware Fighter 9.4.0.776 and classified as problematic. Affected by this issue is the function 0x8018E010 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224024.	2023-03-26	5.5	CVE-2023-1644 MISC MISC MISC MISC
iobit — malware_fighter	A vulnerability was found in IObit Malware Fighter 9.4.0.776. It has been classified as problematic. This affects the function 0x8018E008 in the library IMFCameraProtect.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-224025 was assigned to this vulnerability.	2023-03-26	5.5	CVE-2023-1645 MISC MISC MISC MISC
google — android	In addNetworkSuggestions of WifiManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-245299920	2023-03-24	5.5	CVE-2023-20910 MISC
google — android	In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700	2023-03-24	5.5	CVE-2023-20929 MISC
google — android	In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518	2023-03-24	5.5	CVE-2023-20952 MISC
google — android	In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210	2023-03-24	5.5	CVE-2023-20962 MISC
google — android	In btm_vendor_specific_evt of btm_devctl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304665	2023-03-24	5.5	CVE-2023-20972 MISC
google — android	In btm_create_conn_cancel_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568245	2023-03-24	5.5	CVE-2023-20973 MISC
google — android	In btm_ble_add_resolving_list_entry_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260078907	2023-03-24	5.5	CVE-2023-20974 MISC
google — android	In BtaAvCo::GetNextSourceDataPacket of bta_av_co.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-259939364	2023-03-24	5.5	CVE-2023-20979 MISC
google — android	In btu_ble_ll_conn_param_upd_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260230274	2023-03-24	5.5	CVE-2023-20980 MISC
google — android	In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749764	2023-03-24	5.5	CVE-2023-20996 MISC
google — android	In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749702	2023-03-24	5.5	CVE-2023-20997 MISC
google — android	In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246749936	2023-03-24	5.5	CVE-2023-20998 MISC
google — android	In multiple locations, there is a possible way to trigger a persistent reboot loop due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246750467	2023-03-24	5.5	CVE-2023-20999 MISC
google — android	In AccountTypePreference of AccountTypePreference.java, there is a possible way to mislead the user about accounts installed on the device due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213905884	2023-03-24	5.5	CVE-2023-21016 MISC
google — android	In ih264e_init_proc_ctxt of ih264e_process.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242379731	2023-03-24	5.5	CVE-2023-21019 MISC
google — android	In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548	2023-03-24	5.5	CVE-2023-21026 MISC
google — android	In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898	2023-03-24	5.5	CVE-2023-21029 MISC
google — android	In addNetwork of WifiManager.java, there is a possible way to trigger a persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-244713323	2023-03-24	5.5	CVE-2023-21033 MISC
google — android	In BitmapExport.java, there is a possible failure to truncate images due to a logic error in the code.Product: AndroidVersions: Android kernelAndroid ID: A-264261868References: N/A	2023-03-24	5.5	CVE-2023-21036 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	5.5	CVE-2023-25875 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	5.5	CVE-2023-25876 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	5.5	CVE-2023-25877 MISC
adobe — substance_3d_stager	Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-27	5.5	CVE-2023-25878 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26338 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26339 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26340 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26341 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26342 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26343 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26344 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26345 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26346 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26348 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26349 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26350 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26351 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26352 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26353 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26354 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26355 MISC
adobe — dimension	Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.	2023-03-28	5.5	CVE-2023-26356 MISC
monospace — directus	Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.23.3.	2023-03-24	5.5	CVE-2023-28443 MISC MISC MISC
rapid7 — insightvm	Rapid7 InsightVM suffers from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user’s password is changed by an administrator due to an otherwise unrelated credential leak, that user account’s current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. This vulnerability is mitigated by the use of the Platform Login feature. This issue is related to CVE-2019-5638.	2023-03-24	5.4	CVE-2021-3844 MISC MISC
wpdevart — booking_calendar	Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions.	2023-03-29	5.4	CVE-2022-47438 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2022.10.3 stored XSS in Perforce connection settings was possible	2023-03-27	5.4	CVE-2022-48426 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2022.10.3 stored XSS on “Pending changes” and “Changes” tabs was possible	2023-03-27	5.4	CVE-2022-48427 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2022.10.3 stored XSS on the SSH keys page was possible	2023-03-27	5.4	CVE-2022-48428 MISC
jetbrains — hub	In JetBrains Hub before 2022.3.15573, 2022.2.15572, 2022.1.15583 reflected XSS in dashboards was possible	2023-03-27	5.4	CVE-2022-48429 MISC
basixonline — nex-forms	The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-03-27	5.4	CVE-2023-0272 MISC
menu_shortcode_project — menu_shortcode	The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-03-27	5.4	CVE-2023-0395 MISC
schedulicity — schedulicity	The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.	2023-03-27	5.4	CVE-2023-0491 MISC
wp_image_carousel_project — wp_image_carousel	The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.	2023-03-27	5.4	CVE-2023-0589 MISC
nextendweb — smart_slider_3	The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-03-27	5.4	CVE-2023-0660 MISC
hu-manity — cookie_notice_\&_compliance_for_gdpr_\/_ccpa	The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-03-27	5.4	CVE-2023-0823 MISC
really-simple-plugins — complianz	The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks	2023-03-27	5.4	CVE-2023-1069 MISC
teacms_project — teacms	A vulnerability was found in XiaoBingBy TeaCMS up to 2.0.2. It has been classified as problematic. Affected is an unknown function of the component Article Title Handler. The manipulation with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223800.	2023-03-24	5.4	CVE-2023-1616 MISC MISC MISC
greenshiftwp — greenshift_-_animation_and_page_builder_blocks	Auth. (author+) Cross-Site Scripting (XSS) vulnerability in Wpsoul Greenshift – animation and page builder blocks plugin <= 4.9.9 versions.	2023-03-27	5.4	CVE-2023-22707 MISC
openfind — mail2000	Openfind Mail2000 file uploading function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can exploit this vulnerability to inject JavaScript, conducting an XSS attack.	2023-03-27	5.4	CVE-2023-22902 CONFIRM
rifartek — iot_wall	RIFARTEK IOT Wall transportation function has insufficient filtering for user input. An authenticated remote attacker with general user privilege can inject JavaScript to perform reflected XSS (Reflected Cross-site scripting) attack.	2023-03-27	5.4	CVE-2023-25018 CONFIRM
trudesk_project — trudesk	Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function.	2023-03-29	5.4	CVE-2023-26982 MISC MISC MISC
loan_management_system_project — loan_management_system	SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.	2023-03-24	5.4	CVE-2023-27242 MISC MISC
thoughtworks — gocd	GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that has permissions to configure GoCD pipelines could include JavaScript elements within the label template, causing a XSS vulnerability to be triggered for any users viewing the Value Stream Map or Job Details for runs of the affected pipeline, potentially allowing them to perform arbitrary actions within the victim’s browser context rather than their own. This issue has been fixed in GoCD 23.1.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-27	5.4	CVE-2023-28629 MISC MISC MISC MISC MISC MISC
sauter-controls — ey-as525f001_firmware	A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users.	2023-03-27	5.4	CVE-2023-28655 MISC
secvisogram — csaf-validator-service	The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a DoS of the process answering the current request while having no effect on other requests.	2023-03-27	5.3	CVE-2022-47925 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user’s minor feature. Exploitation of this issue does not require user interaction.	2023-03-27	5.3	CVE-2023-22250 MISC
hgiga — oaklouds_mailsherlock	HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL.	2023-03-27	5.3	CVE-2023-24842 CONFIRM
geosolutionsgroup — geonode	GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Prior to versions 2.20.6, 2.19.6, and 2.18.7, anonymous users can obtain sensitive information about GeoNode configurations from the response of the `/geoserver/rest/about/status` Geoserver REST API endpoint. The Geoserver endpoint is secured by default, but the configuration of Geoserver for GeoNode opens a list of REST endpoints to support some of its public-facing services. The vulnerability impacts both GeoNode 3 and GeoNode 4 instances. Geoserver security configuration is provided by `geoserver-geonode-ext`. A patch for 2.20.7 has been released which blocks access to the affected endpoint. The patch has been backported to branches 2.20.6, 2.19.7, 2.19.6, and 2.18.7. All the published artifacts and Docker images have been updated accordingly. A more advanced patch has been applied to the master and development versions, which require some changes to GeoNode code. They will be available with the next 4.1.0 release. The patched configuration only has an effect on new deployments. For existing setups, the patch must be applied manually inside the Geoserver data directory. The patched file must replace the existing `<geoserver_datadir>/security/rest.properties` file.	2023-03-24	5.3	CVE-2023-28442 MISC MISC MISC
veritas — netbackup_it_analytics	An issue was discovered in Veritas NetBackup IT Analytics 11 before 11.2.0. The application upgrade process included unsigned files that could be exploited and result in a customer installing unauthentic components. A malicious actor could install rogue Collector executable files (aptare.jar or upgrademanager.zip) on the Portal server, which might then be downloaded and installed on collectors.	2023-03-24	5.3	CVE-2023-28818 MISC
linux — kernel	In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not.	2023-03-27	5.3	CVE-2023-28866 MISC MISC MISC
jeffrey-wp — media_library_categories	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeffrey-WP Media Library Categories plugin <= 1.9.9 versions.	2023-03-29	4.8	CVE-2022-47596 MISC
simplefilelist — simple_file_list	The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2023-03-27	4.8	CVE-2023-1025 MISC
webnus — modern_events_calendar_lite	The Modern Events Calendar Lite WordPress plugin through 5.16.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2023-03-27	4.8	CVE-2023-1400 MISC
megamain — mega_main_menu	The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.	2023-03-29	4.8	CVE-2023-1575 MISC MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.	2023-03-27	4.8	CVE-2023-22249 MISC
park_ticketing_management_system_project — park_ticketing_management_system	Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter.	2023-03-27	4.8	CVE-2023-26958 MISC
google — android	In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355	2023-03-24	4.7	CVE-2023-21031 MISC
google — android	In btm_read_link_quality_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over Bluetooth with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569414	2023-03-24	4.5	CVE-2023-20987 MISC
google — android	In btm_read_rssi_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569232	2023-03-24	4.5	CVE-2023-20988 MISC
google — android	In on_iso_link_quality_read of btm_iso_impl.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568750	2023-03-24	4.5	CVE-2023-20992 MISC
google — android	In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-240140929	2023-03-24	4.4	CVE-2023-20956 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262235935	2023-03-24	4.4	CVE-2023-20968 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236313	2023-03-24	4.4	CVE-2023-20969 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-262236005	2023-03-24	4.4	CVE-2023-20970 MISC
google — android	In btm_ble_read_remote_features_complete of btm_ble_gap.cc, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if the firmware were compromised with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254445952	2023-03-24	4.4	CVE-2023-20977 MISC
google — android	In btu_ble_rc_param_req_evt of btu_hcif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256165737	2023-03-24	4.4	CVE-2023-20981 MISC
google — android	In btm_read_tx_power_complete of btm_acl.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568083	2023-03-24	4.4	CVE-2023-20982 MISC
google — android	In btm_ble_rand_enc_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260569449	2023-03-24	4.4	CVE-2023-20983 MISC
google — android	In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878	2023-03-24	4.4	CVE-2023-20984 MISC
google — android	In btm_ble_clear_resolving_list_complete of btm_ble_privacy.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255304475	2023-03-24	4.4	CVE-2023-20986 MISC
google — android	In btm_ble_write_adv_enable_complete of btm_ble_gap.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568367	2023-03-24	4.4	CVE-2023-20989 MISC
google — android	In btm_read_local_oob_complete of btm_sec.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-260568354	2023-03-24	4.4	CVE-2023-20990 MISC
google — android	In btm_ble_process_periodic_adv_sync_lost_evt of ble_scanner_hci_interface.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-255305114	2023-03-24	4.4	CVE-2023-20991 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030027	2023-03-24	4.4	CVE-2023-21006 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029965	2023-03-24	4.4	CVE-2023-21007 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100	2023-03-24	4.4	CVE-2023-21008 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029925	2023-03-24	4.4	CVE-2023-21009 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029915	2023-03-24	4.4	CVE-2023-21010 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029912	2023-03-24	4.4	CVE-2023-21011 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029812	2023-03-24	4.4	CVE-2023-21012 MISC
google — android	In forceStaDisconnection of hostapd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256818945	2023-03-24	4.4	CVE-2023-21013 MISC
google — android	In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326	2023-03-24	4.4	CVE-2023-21014 MISC
google — android	In ufdt_local_fixup_prop of ufdt_overlay.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254929746	2023-03-24	4.4	CVE-2023-21025 MISC
google — android	In _ufdt_output_node_to_fdt of ufdt_convert.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-248085351	2023-03-24	4.4	CVE-2023-21032 MISC
google — android	In dumpstateBoard of Dumpstate.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-263783650References: N/A	2023-03-24	4.4	CVE-2023-21039 MISC
google — android	In init of VendorGraphicBufferMeta, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253425086References: N/A	2023-03-24	4.4	CVE-2023-21044 MISC
google — android	When cpif handles probe failures, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323725References: N/A	2023-03-24	4.4	CVE-2023-21045 MISC
google — android	In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253424924References: N/A	2023-03-24	4.4	CVE-2023-21046 MISC
google — android	In ConvertToHalMetadata of aidl_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-256166866References: N/A	2023-03-24	4.4	CVE-2023-21047 MISC
google — android	In handleEvent of nan.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259304053References: N/A	2023-03-24	4.4	CVE-2023-21048 MISC
google — android	In append_camera_metadata of camera_metadata.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236688120References: N/A	2023-03-24	4.4	CVE-2023-21049 MISC
thoughtworks — gocd	GoCD is an open source continuous delivery server. In GoCD versions from 20.5.0 and below 23.1.0, if the server environment is not correctly configured by administrators to provide access to the relevant PostgreSQL or MySQL backup tools, the credentials for database access may be unintentionally leaked to admin alerts on the GoCD user interface. The vulnerability is triggered only if the GoCD server host is misconfigured to have backups enabled, but does not have access to the `pg_dump` or `mysqldump` utility tools to backup the configured database type (PostgreSQL or MySQL respectively). In such cases, failure to launch the expected backup utility reports the shell environment used to attempt to launch in the server admin alert, which includes the plaintext database password supplied to the configured tool. This vulnerability does not affect backups of the default on-disk H2 database that GoCD is configured to use. This issue has been addressed and fixed in GoCD 23.1.0. Users are advised to upgrade. Users unable to upgrade may disable backups, or administrators should ensure that the required `pg_dump` (PostgreSQL) or `mysqldump` (MySQL) binaries are available on the GoCD server when backups are triggered.	2023-03-27	4.4	CVE-2023-28630 MISC MISC MISC MISC
moodle — moodle	In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.	2023-03-24	4.3	CVE-2022-40208 MISC
wppool — wp_dark_mode	The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. This leads to Local File Inclusion on servers where non-existent directories may be traversed, or when chained with another vulnerability allowing arbitrary directory creation.	2023-03-27	4.3	CVE-2023-0467 MISC
hasthemes — contact_form_7_widget_for_elementor_page_builder_\&_gutenberg_blocks	The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0484 MISC
hasthemes — ht_slider_for_elementor	The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0495 MISC
hasthemes — ht_event	The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0496 MISC
hasthemes — ht_portfolio	The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0497 MISC
hasthemes — wp_education	The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0498 MISC
hasthemes — quickswish	The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0499 MISC
hasthemes — free_woocommerce_theme_99fy_extension	The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0503 MISC
hasthemes — ht_politic	The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0504 MISC
hasthemes — ever_compare	The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-0505 MISC
hasthemes — preview_link_generator	The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-1086 MISC
hasthemes — wc_sales_notification	The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-1087 MISC
hasthemes — wp_plugin_manager	The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-1088 MISC
hasthemes — coupon_zen	The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack	2023-03-27	4.3	CVE-2023-1089 MISC
adobe — commerce	Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. A low-privileged authenticated attacker could leverage this vulnerability to achieve minor information disclosure.	2023-03-27	4.3	CVE-2023-22251 MISC
apache — fineract	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2.	2023-03-28	4.3	CVE-2023-25196 MISC

Low Vulnerabilities

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
lfprojects — mlflow	Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.	2023-03-24	3.3	CVE-2023-1176 CONFIRM MISC
apiman — apiman	Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource. While not trivial to exploit, it could be achieved by brute-forcing or guessing common names. Access to the non-permitted API Keys could allow use of other users’ resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security). Apiman 3.1.0.Final resolved this issue. Users are advised to upgrade. The only known workaround is to restrict account access.	2023-03-27	3.1	CVE-2023-28640 MISC MISC
juiker — juiker	Juiker app stores debug logs which contains sensitive information to mobile external storage. An unauthenticated physical attacker can access these files to acquire partial user information such as personal contacts.	2023-03-27	2.4	CVE-2022-39043 CONFIRM

Severity Not Yet Assigned

Primary Vendor — Product	Description	Published	CVSS Score	Source & Patch Info
flexera — flexnet_manager_suite	A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.	2023-03-29	not yet calculated	CVE-2017-6894 CONFIRM
flexera — flexnet_publisher	A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher’s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.	2023-03-29	not yet calculated	CVE-2019-8963 CONFIRM
xiaomi — multiple_products	When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.	2023-03-29	not yet calculated	CVE-2020-14140 MISC
wordpress — wordpress	The directory-pro WordPress plugin before 1.9.5, final-user-wp-frontend-user-profiles WordPress plugin before 1.2.2, producer-retailer WordPress plugin through TODO, photographer-directory WordPress plugin before 1.0.9, real-estate-pro WordPress plugin before 1.7.1, institutions-directory WordPress plugin before 1.3.1, lawyer-directory WordPress plugin before 1.2.9, doctor-listing WordPress plugin before 1.3.6, Hotel Listing WordPress plugin before 1.3.7, fitness-trainer WordPress plugin before 1.4.1, wp-membership WordPress plugin before 1.5.7, sold by the same developer (e-plugins), do not implementing any security measures in some AJAX calls. For example in the file plugin.php, the function iv_directories_update_profile_setting() uses update_user_meta with any data provided by the ajax call, which can be used to give the logged in user admin capabilities. Since the plugins allow user registration via a custom form (even if the blog does not allow users to register) it makes any site using it vulnerable.	2023-03-27	not yet calculated	CVE-2020-36666 MISC MISC
cs-cart — shipstation	The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (via action=export) because a typo results in a successful comparison of a blank password and NULL.	2023-03-28	not yet calculated	CVE-2020-8889 MISC
linux — kernel	A flaw was found in the Linux kernel’s implementation of RDMA over infiniband. An attacker with a privileged local account can leak kernel stack information when issuing commands to the /dev/infiniband/rdma_cm device node. While this access is unlikely to leak sensitive user information, it can be further used to defeat existing kernel protection mechanisms.	2023-03-27	not yet calculated	CVE-2021-3923 MISC MISC
flexera — installscript	A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.	2023-03-29	not yet calculated	CVE-2021-41526 CONFIRM MISC
netatalk — netatalk	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.	2023-03-28	not yet calculated	CVE-2022-0194 MISC MISC
tp-link — tl-wr940n	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13993.	2023-03-28	not yet calculated	CVE-2022-0650 MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16581.	2023-03-28	not yet calculated	CVE-2022-1229 MISC MISC
samsung — galaxy_s21	This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of redirections. An attacker can force a redirection to a site that serves malicious content. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the current user. Was ZDI-CAN-15918.	2023-03-28	not yet calculated	CVE-2022-1230 MISC MISC
keycloak — keycloak	A flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.	2023-03-29	not yet calculated	CVE-2022-1274 MISC MISC
keycloak — keycloak	A flaw was found in the Keycloak Node.js Adapter. This flaw allows an attacker to benefit from an Open Redirect vulnerability in the checkSso function.	2023-03-27	not yet calculated	CVE-2022-2237 MISC
netatalk — netatalk	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.	2023-03-28	not yet calculated	CVE-2022-23121 MISC MISC
netatalk — netatalk	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.	2023-03-28	not yet calculated	CVE-2022-23122 MISC MISC
netatalk — netatalk	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.	2023-03-28	not yet calculated	CVE-2022-23123 MISC MISC
netatalk — netatalk	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.	2023-03-28	not yet calculated	CVE-2022-23124 MISC MISC
netatalk — netatalk	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.	2023-03-28	not yet calculated	CVE-2022-23125 MISC MISC
mindsdb — mindsdb	MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. This vulnerability is sometimes called a TarSlip or a ZipSlip variant. Unpacking files using the high-level function `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path remained within the intended destination directory may cause files to be overwritten outside the destination directory. An attacker could craft a malicious tarball with a filename path, such as `../../../../../../../../etc/passwd`, and then serve the archive remotely using a personal bucket `s3`, thus, retrieve the tarball through mindsdb and overwrite the system files of the hosting server. This issue has been addressed in version 22.11.4.3. Users are advised to upgrade. Users unable to upgrade should avoid ingesting archives from untrusted sources.	2023-03-30	not yet calculated	CVE-2022-23522 MISC
tp-link — ac1750	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 prior to 211210 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko kernel module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15773.	2023-03-28	not yet calculated	CVE-2022-24352 MISC
tp-link — ac1750	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link AC1750 1.1.4 Build 20211022 rel.59103(5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB.ko module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-15769.	2023-03-28	not yet calculated	CVE-2022-24353 MISC
canon — imageclass_mf644cdw	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CADM service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15802.	2023-03-28	not yet calculated	CVE-2022-24672 MISC MISC
canon — imageclass_mf644cdw	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15845.	2023-03-28	not yet calculated	CVE-2022-24673 MISC MISC
canon — imageclass_mf644cdw	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privet API. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15834.	2023-03-28	not yet calculated	CVE-2022-24674 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16186.	2023-03-28	not yet calculated	CVE-2022-24907 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16187.	2023-03-28	not yet calculated	CVE-2022-24908 MISC MISC
tp-link — tl-wr940n	This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13911.	2023-03-28	not yet calculated	CVE-2022-24972 MISC
tp-link — tl-wr940n	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13992.	2023-03-28	not yet calculated	CVE-2022-24973 MISC
enterprisedt — completeftp	This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.	2023-03-29	not yet calculated	CVE-2022-2560 MISC
opc_labs — quickopc	This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16596.	2023-03-29	not yet calculated	CVE-2022-2561 MISC MISC
qnap — multiple_products	A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later	2023-03-29	not yet calculated	CVE-2022-27597 MISC
qnap — multiple_products	A vulnerability have been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allow remote authenticated users to get secret values. The vulnerabilities affect the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerabilities in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later	2023-03-29	not yet calculated	CVE-2022-27598 MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetUSB module. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15806.	2023-03-29	not yet calculated	CVE-2022-27641 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-15854.	2023-03-29	not yet calculated	CVE-2022-27642 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15692.	2023-03-29	not yet calculated	CVE-2022-27643 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.	2023-03-29	not yet calculated	CVE-2022-27644 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within readycloud_control.cgi. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15762.	2023-03-29	not yet calculated	CVE-2022-27645 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the circled daemon. A crafted circleinfo.txt file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15879.	2023-03-29	not yet calculated	CVE-2022-27646 MISC MISC
netgear — r6700v3	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the name or email field provided to libreadycloud.so. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15874.	2023-03-29	not yet calculated	CVE-2022-27647 MISC MISC
koyo — screen_creator	This vulnerability allows remote attackers to execute arbitrary code on affected installations of KOYO Screen Creator 0.1.1.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SCA2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-14868.	2023-03-29	not yet calculated	CVE-2022-27648 MISC MISC
kepware — kepserverex	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-18411.	2023-03-29	not yet calculated	CVE-2022-2825 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation 10.16.02.034 CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16202.	2023-03-29	not yet calculated	CVE-2022-28300 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16392.	2023-03-29	not yet calculated	CVE-2022-28301 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16446.	2023-03-29	not yet calculated	CVE-2022-28302 MISC MISC
bentley — bentley_view	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16280.	2023-03-29	not yet calculated	CVE-2022-28303 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16171.	2023-03-29	not yet calculated	CVE-2022-28304 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16172.	2023-03-29	not yet calculated	CVE-2022-28305 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this to execute code in the context of the current process. Was ZDI-CAN-16174.	2023-03-29	not yet calculated	CVE-2022-28306 MISC MISC
bentley — bentley_view	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16306.	2023-03-29	not yet calculated	CVE-2022-28307 MISC MISC
bentley — bentley_view	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16307.	2023-03-29	not yet calculated	CVE-2022-28308 MISC MISC
bentley — bentley_view	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16308.	2023-03-29	not yet calculated	CVE-2022-28309 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16339.	2023-03-29	not yet calculated	CVE-2022-28310 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. Crafted data in a DXF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16341.	2023-03-29	not yet calculated	CVE-2022-28311 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16342.	2023-03-29	not yet calculated	CVE-2022-28312 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. Crafted data in a 3DS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16343.	2023-03-29	not yet calculated	CVE-2022-28313 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16332.	2023-03-29	not yet calculated	CVE-2022-28314 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16367.	2023-03-29	not yet calculated	CVE-2022-28315 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16368.	2023-03-29	not yet calculated	CVE-2022-28316 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16369.	2023-03-29	not yet calculated	CVE-2022-28317 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16379.	2023-03-29	not yet calculated	CVE-2022-28318 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16340.	2023-03-29	not yet calculated	CVE-2022-28319 MISC MISC
bentley — bentley_view	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.16.02.022. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DM files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16282.	2023-03-29	not yet calculated	CVE-2022-28320 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kepware KEPServerEX V6.11.718.0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of text encoding conversions. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-16486.	2023-03-29	not yet calculated	CVE-2022-2848 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16390.	2023-03-29	not yet calculated	CVE-2022-28641 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16424.	2023-03-29	not yet calculated	CVE-2022-28642 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16468.	2023-03-29	not yet calculated	CVE-2022-28643 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16469.	2023-03-29	not yet calculated	CVE-2022-28644 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. Crafted data in a DGN file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16470.	2023-03-29	not yet calculated	CVE-2022-28645 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16570.	2023-03-29	not yet calculated	CVE-2022-28646 MISC MISC
bentley — microstation_connect	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.2.034. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFC files. Crafted data in an IFC file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16573.	2023-03-29	not yet calculated	CVE-2022-28647 MISC MISC
aveva –aveva_edge	This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of APP files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17212.	2023-03-29	not yet calculated	CVE-2022-28685 MISC MISC
aveva –aveva_edge	This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114.	2023-03-29	not yet calculated	CVE-2022-28686 MISC MISC
aveva –aveva_edge	This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257.	2023-03-29	not yet calculated	CVE-2022-28687 MISC MISC
aveva –aveva_edge	This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201.	2023-03-29	not yet calculated	CVE-2022-28688 MISC MISC
avanquest — pdfescape_online	Avanquest Software RAD PDF (PDFEscape Online) 3.19.2.2 is vulnerable to Information Leak / Disclosure. The PDFEscape Online tool provides users with a “white out” functionality for redacting images, text, and other graphics from a PDF document. However, this mechanism does not remove underlying text or PDF object specification information from the PDF. As a result, for example, redacted text may be copy-pasted by a PDF reader.	2023-03-30	not yet calculated	CVE-2022-30350 MISC MISC
pdfzorro — pdfzorro_online	PDFZorro PDFZorro Online r20220428 using TCPDF 6.2.5, despite having workflows claiming to correctly remove redacted information from a supplied PDF file, does not properly sanitize this information in all cases, causing redacted information, including images and text embedded in the PDF file, to be leaked unintentionally. In cases where PDF text objects are present it is possible to copy-paste redacted information into the system clipboard. Once a document is “locked” and marked for redaction once, all redactions performed after this feature is triggered are vulnerable.	2023-03-30	not yet calculated	CVE-2022-30351 MISC MISC
tesla — ice_updater	This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ice_updater update mechanism. The issue results from the lack of proper validation of user-supplied firmware. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17463.	2023-03-29	not yet calculated	CVE-2022-3093 MISC
heimdal — heimdal_kerberos_5	The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash.	2023-03-27	not yet calculated	CVE-2022-3116 MISC
abb — ac500	Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.	2023-03-31	not yet calculated	CVE-2022-3192 MISC
d_link — dir_2150	This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15905.	2023-03-29	not yet calculated	CVE-2022-3210 MISC MISC
matrix — matrix_js_sdk	matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This issue has been fixed in matrix-js-sdk 19.4.0 and users are advised to upgrade. Users unable to upgrade may mitigate this issue by redacting applicable events, waiting for the sync processor to store data, and restarting the client. Alternatively, redacting the applicable events and clearing all storage will often fix most perceived issues. In some cases, no workarounds are possible.	2023-03-28	not yet calculated	CVE-2022-36059 MISC
matrix — matrix_react_sdk	matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear functional, though certain rooms/events will not be rendered. This issue has been fixed in matrix-react-sdk 3.53.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-28	not yet calculated	CVE-2022-36060 MISC
hitachi_energy — sdm600	A vulnerability exists in the SDM600 file permission validation. An attacker could exploit the vulnerability by gaining access to the system and uploading a specially crafted message to the system node, which could result in Arbitrary code Executing. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*	2023-03-28	not yet calculated	CVE-2022-3682 MISC
hitachi_energy — sdm600	A vulnerability exists in the SDM600 API web services authorization validation implementation. An attacker who successfully exploits the vulnerability could read data directly from a data store that is not restricted, or insufficiently protected, having access to sensitive data. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*	2023-03-28	not yet calculated	CVE-2022-3683 MISC
hitachi_energy — sdm600	A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*	2023-03-28	not yet calculated	CVE-2022-3684 MISC
hitachi_energy — sdm600	A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges. This issue affects: All SDM600 versions prior to version 1.3.0. List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.3.0.1339:::::::*	2023-03-28	not yet calculated	CVE-2022-3685 MISC
hitachi_energy — sdm600	A vulnerability exists in a SDM600 endpoint. An attacker could exploit this vulnerability by running multiple parallel requests, the SDM600 web services become busy rendering the application unresponsive. This issue affects: All SDM600 versions prior to version 1.2 FP3 HF4 (Build Nr. 1.2.23000.291) List of CPEs: * cpe:2.3:a:hitachienergy:sdm600:1.0:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.1:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.9002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.10002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.11002.149:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.12002.222:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.13002.72:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.44:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.92:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.108:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.182:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.257:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.342:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.447:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.481:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.506:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.14002.566:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.20000.3174:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.291:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.931:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.21000.105:::::::* * cpe:2.3:a:hitachienergy:sdm600:1.2.23000.291:::::::*	2023-03-28	not yet calculated	CVE-2022-3686 MISC
aveva –aveva_edge	This vulnerability allows remote attackers to disclose sensitive information on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the LoadImportedLibraries method. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. Was ZDI-CAN-17394.	2023-03-29	not yet calculated	CVE-2022-36969 MISC MISC
aveva –aveva_edge	This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 20.0 Build: 4201.2111.1802.0000 Service Pack 2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of APP files. Crafted data in a APP file can cause the application to execute arbitrary Visual Basic scripts. The user interface fails to provide sufficient indication of the hazard. An attacker can leverage this vulnerability to execute code in the context of current process. Was ZDI-CAN-17370.	2023-03-29	not yet calculated	CVE-2022-36970 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the JwtTokenUtility class. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15301.	2023-03-29	not yet calculated	CVE-2022-36971 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15328.	2023-03-29	not yet calculated	CVE-2022-36972 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15329.	2023-03-29	not yet calculated	CVE-2022-36973 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Web File Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15330.	2023-03-29	not yet calculated	CVE-2022-36974 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15332.	2023-03-29	not yet calculated	CVE-2022-36975 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. The specific flaw exists within the GroupDaoImpl class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15333.	2023-03-29	not yet calculated	CVE-2022-36976 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Certificate Management Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15449.	2023-03-29	not yet calculated	CVE-2022-36977 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Notification Server service. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15448.	2023-03-29	not yet calculated	CVE-2022-36978 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AvalancheDaoSupport class. A crafted request can trigger execution of SQL queries composed from a user-supplied string. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15493.	2023-03-29	not yet calculated	CVE-2022-36979 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.2.3490. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the EnterpriseServer service. The issue results from the lack of proper locking when performing operations during authentication. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15528.	2023-03-29	not yet calculated	CVE-2022-36980 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DeviceLogResource class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15966.	2023-03-29	not yet calculated	CVE-2022-36981 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the AgentTaskHandler class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored session cookies, leading to further compromise. Was ZDI-CAN-15967.	2023-03-29	not yet calculated	CVE-2022-36982 MISC MISC
ivanti — avalanche	This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche 6.3.3.101. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetSettings class. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-15919.	2023-03-29	not yet calculated	CVE-2022-36983 MISC MISC
unified_automation — opc_ua_c++_demo_server	This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpcUa_SecureListener_ProcessSessionCallRequest method. A crafted OPC UA message can force the server to incorrectly update a reference count. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-16927.	2023-03-29	not yet calculated	CVE-2022-37012 MISC MISC
unified_automation — opc_ua_c++_demo_server	This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Unified Automation OPC UA C++ Demo Server 1.7.6-537 [with vendor rollup]. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of certificates. A crafted certificate can force the server into an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-17203.	2023-03-29	not yet calculated	CVE-2022-37013 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17142.	2023-03-29	not yet calculated	CVE-2022-37349 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Collab objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17144.	2023-03-29	not yet calculated	CVE-2022-37350 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17636.	2023-03-29	not yet calculated	CVE-2022-37351 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMF files. Crafted data in a WMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17638.	2023-03-29	not yet calculated	CVE-2022-37352 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17637.	2023-03-29	not yet calculated	CVE-2022-37353 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17628.	2023-03-29	not yet calculated	CVE-2022-37354 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17629.	2023-03-29	not yet calculated	CVE-2022-37355 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17630.	2023-03-29	not yet calculated	CVE-2022-37356 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICO files. Crafted data in an ICO file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17631.	2023-03-29	not yet calculated	CVE-2022-37357 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. Crafted data in a JPG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17632.	2023-03-29	not yet calculated	CVE-2022-37358 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17633.	2023-03-29	not yet calculated	CVE-2022-37359 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17635.	2023-03-29	not yet calculated	CVE-2022-37360 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17674.	2023-03-29	not yet calculated	CVE-2022-37361 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. Crafted data in a PNG file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17660.	2023-03-29	not yet calculated	CVE-2022-37362 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17673.	2023-03-29	not yet calculated	CVE-2022-37363 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17634.	2023-03-29	not yet calculated	CVE-2022-37364 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the saveAs method. The application exposes a JavaScript interface that allows the attacker to write arbitrary files. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-17527.	2023-03-29	not yet calculated	CVE-2022-37365 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17727.	2023-03-29	not yet calculated	CVE-2022-37366 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17726.	2023-03-29	not yet calculated	CVE-2022-37367 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17728.	2023-03-29	not yet calculated	CVE-2022-37368 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17724.	2023-03-29	not yet calculated	CVE-2022-37369 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17725.	2023-03-29	not yet calculated	CVE-2022-37370 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17772.	2023-03-29	not yet calculated	CVE-2022-37371 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17809.	2023-03-29	not yet calculated	CVE-2022-37372 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17810.	2023-03-29	not yet calculated	CVE-2022-37373 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18068.	2023-03-29	not yet calculated	CVE-2022-37374 MISC MISC
pdf-xchange — pdf-xchange_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18069.	2023-03-29	not yet calculated	CVE-2022-37375 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16599.	2023-03-29	not yet calculated	CVE-2022-37376 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537;. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within JavaScript optimizations. The issue results from an improper optimization, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16733.	2023-03-29	not yet calculated	CVE-2022-37377 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the optimization of JavaScript functions. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16867.	2023-03-29	not yet calculated	CVE-2022-37378 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17168.	2023-03-29	not yet calculated	CVE-2022-37379 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17169.	2023-03-29	not yet calculated	CVE-2022-37380 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110.	2023-03-29	not yet calculated	CVE-2022-37381 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeIcon method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17383.	2023-03-29	not yet calculated	CVE-2022-37382 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17111.	2023-03-29	not yet calculated	CVE-2022-37383 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the delay method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17327.	2023-03-29	not yet calculated	CVE-2022-37384 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17301.	2023-03-29	not yet calculated	CVE-2022-37385 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the resetForm method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-17550.	2023-03-29	not yet calculated	CVE-2022-37386 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17552.	2023-03-29	not yet calculated	CVE-2022-37387 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17516.	2023-03-29	not yet calculated	CVE-2022-37388 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17545.	2023-03-29	not yet calculated	CVE-2022-37389 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17551.	2023-03-29	not yet calculated	CVE-2022-37390 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.2.53575. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17661.	2023-03-29	not yet calculated	CVE-2022-37391 MISC MISC
device-mapper-multipath — device-mapper-multipath	A vulnerability was found in the device-mapper-multipath. The device-mapper-multipath allows local users to obtain root access, exploited alone or in conjunction with CVE-2022-41973. Local users that are able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This issue occurs because an attacker can repeat a keyword, which is mishandled when arithmetic ADD is used instead of bitwise OR. This could lead to local privilege escalation to root.	2023-03-29	not yet calculated	CVE-2022-3787 MISC
abb — rccmd	Use of Default Password vulnerability in ABB RCCMD on Windows, Linux, MacOS allows Try Common or Default Usernames and Passwords.This issue affects RCCMD: before 4.40 230207.	2023-03-27	not yet calculated	CVE-2022-4126 MISC
argo — cd	An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.	2023-03-27	not yet calculated	CVE-2022-41354 MISC MISC MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18556.	2023-03-29	not yet calculated	CVE-2022-42424 MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18555.	2023-03-29	not yet calculated	CVE-2022-42425 MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18554.	2023-03-29	not yet calculated	CVE-2022-42426 MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the contact groups configuration page. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18541.	2023-03-29	not yet calculated	CVE-2022-42427 MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18410.	2023-03-29	not yet calculated	CVE-2022-42428 MISC
centreon — centreon	This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to modify poller broker configuration. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18557.	2023-03-29	not yet calculated	CVE-2022-42429 MISC
tesla — model_3	This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the wowlan_config data structure. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17543.	2023-03-29	not yet calculated	CVE-2022-42430 MISC
tesla — model_3	This vulnerability allows local attackers to escalate privileges on affected Tesla vehicles. An attacker must first obtain the ability to execute privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the bcmdhd driver. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-17544.	2023-03-29	not yet calculated	CVE-2022-42431 MISC
linux — kernel	This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel 6.0-rc2. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the nft_osf_eval function. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-18540.	2023-03-29	not yet calculated	CVE-2022-42432 MISC MISC
tp-link — tl-wr841n	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N TL-WR841N(US)_V14_220121 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the ated_tp service. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17356.	2023-03-29	not yet calculated	CVE-2022-42433 MISC
manageengine — opmanager	A blind XML External Entity (XXE) vulnerability exists in the Add UCS Device functionality of ManageEngine OpManager 12.6.168. A specially crafted XML file can lead to SSRF. An attacker can serve a malicious XML payload to trigger this vulnerability.	2023-03-30	not yet calculated	CVE-2022-43473 MISC MISC
canon — imageclass_mf644cdw	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.03 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the BJNP service. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16032.	2023-03-29	not yet calculated	CVE-2022-43608 MISC MISC
ironcad — ironcad	This vulnerability allows remote attackers to execute arbitrary code on affected installations of IronCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. When parsing the VECTOR element, the process does not properly initialize a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17672.	2023-03-29	not yet calculated	CVE-2022-43609 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16350.	2023-03-29	not yet calculated	CVE-2022-43610 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16351.	2023-03-29	not yet calculated	CVE-2022-43611 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16355.	2023-03-29	not yet calculated	CVE-2022-43612 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. When parsing CGM files, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16356.	2023-03-29	not yet calculated	CVE-2022-43613 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF images. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16357.	2023-03-29	not yet calculated	CVE-2022-43614 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16370.	2023-03-29	not yet calculated	CVE-2022-43615 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16371.	2023-03-29	not yet calculated	CVE-2022-43616 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16372.	2023-03-29	not yet calculated	CVE-2022-43617 MISC
corel — coreldraw_graphics_suite	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite 23.5.0.506. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PCX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16377.	2023-03-29	not yet calculated	CVE-2022-43618 MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of ConfigFileUpload requests to the web management portal. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16141.	2023-03-29	not yet calculated	CVE-2022-43619 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16142.	2023-03-29	not yet calculated	CVE-2022-43620 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from an incorrectly implemented comparison. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16152.	2023-03-29	not yet calculated	CVE-2022-43621 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Login requests to the web management portal. When parsing the HNAP_AUTH header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16139.	2023-03-29	not yet calculated	CVE-2022-43622 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetWebFilterSetting requests to the web management portal. When parsing the WebFilterURLs element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16140.	2023-03-29	not yet calculated	CVE-2022-43623 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv6Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv6List element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16145.	2023-03-29	not yet calculated	CVE-2022-43624 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing the NetMask element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16144.	2023-03-29	not yet calculated	CVE-2022-43625 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv4FirewallSettings requests to the web management portal. When parsing subelements within the IPv4FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16146.	2023-03-29	not yet calculated	CVE-2022-43626 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetStaticRouteIPv4Settings requests to the web management portal. When parsing subelements within the StaticRouteIPv4Data element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16147.	2023-03-29	not yet calculated	CVE-2022-43627 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetIPv6FirewallSettings requests to the web management portal. When parsing subelements within the IPv6FirewallRule element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16148.	2023-03-29	not yet calculated	CVE-2022-43628 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysEmailSettings requests to the web management portal. When parsing subelements within the SetSysEmailSettings element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16149.	2023-03-29	not yet calculated	CVE-2022-43629 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When parsing the SOAPAction header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16150.	2023-03-29	not yet calculated	CVE-2022-43630 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetVirtualServerSettings requests to the web management portal. When parsing subelements within the VirtualServerInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16151.	2023-03-29	not yet calculated	CVE-2022-43631 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetQoSSettings requests to the web management portal. When parsing subelements within the QoSInfo element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16153.	2023-03-29	not yet calculated	CVE-2022-43632 MISC MISC
d-link — dir-1935	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of SetSysLogSettings requests to the web management portal. When parsing the IPAddress element, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-16154.	2023-03-29	not yet calculated	CVE-2022-43633 MISC MISC
netatalk — netatalk	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.	2023-03-29	not yet calculated	CVE-2022-43634 MISC MISC
tp-link — tl-wr940n	This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the incorrect implementation of the authentication algorithm. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17332.	2023-03-29	not yet calculated	CVE-2022-43635 MISC
tp-link — tl-wr940n	This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of TP-Link TL-WR940N 6_211111 3.20.1(US) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of sufficient randomness in the sequnce numbers used for session managment. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-18334.	2023-03-29	not yet calculated	CVE-2022-43636 MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18626.	2023-03-29	not yet calculated	CVE-2022-43637 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18627.	2023-03-29	not yet calculated	CVE-2022-43638 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18628.	2023-03-29	not yet calculated	CVE-2022-43639 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18629.	2023-03-29	not yet calculated	CVE-2022-43640 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 12.0.1.12430. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18894.	2023-03-29	not yet calculated	CVE-2022-43641 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the YouTube plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19222.	2023-03-29	not yet calculated	CVE-2022-43642 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Generic plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19460.	2023-03-29	not yet calculated	CVE-2022-43643 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19461.	2023-03-29	not yet calculated	CVE-2022-43644 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IVI plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19462.	2023-03-29	not yet calculated	CVE-2022-43645 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Vimeo plugin for the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19463.	2023-03-29	not yet calculated	CVE-2022-43646 MISC MISC
d-link — dir-825	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-825 1.0.9/EE routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd service, which listens on TCP port 4044. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-19464.	2023-03-29	not yet calculated	CVE-2022-43647 MISC MISC
d-link — dir-3040	This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 1.20B03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MiniDLNA service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the MiniDLNA service. Was ZDI-CAN-19910.	2023-03-29	not yet calculated	CVE-2022-43648 MISC MISC
foxit — pdf_editor	This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 12.0.2.12465. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19478.	2023-03-29	not yet calculated	CVE-2022-43649 MISC MISC
rarlab — winrar	This vulnerability allows remote attackers to disclose sensitive information on affected installations of RARLAB WinRAR 6.11.0.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ZIP files. Crafted data in a ZIP file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-19232.	2023-03-29	not yet calculated	CVE-2022-43650 MISC MISC
nasm — nasm	NASM v2.16 was discovered to contain a null pointer deference in the NASM component	2023-03-29	not yet calculated	CVE-2022-44368 MISC
nasm — nasm	NASM 2.16 (development) is vulnerable to 476: Null Pointer Dereference via output/outaout.c.	2023-03-29	not yet calculated	CVE-2022-44369 MISC
nasm — nasm	NASM v2.16 was discovered to contain a heap buffer overflow in the component quote_for_pmake() asm/nasm.c:856	2023-03-29	not yet calculated	CVE-2022-44370 MISC
wordpress — wordpress	Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.	2023-03-29	not yet calculated	CVE-2022-45355 MISC
xiongmai — multiple_products	Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticated and remote attacker can execute arbitrary code by sending a crafted HTTP request that triggers the overflow condition via a long URI passed to a sprintf call. NOTE: this is different than CVE-2018-10088, but this may overlap CVE-2017-16725.	2023-03-28	not yet calculated	CVE-2022-45460 MISC MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in iThemes WPComplete plugin <= 2.9.2 versions.	2023-03-28	not yet calculated	CVE-2022-45825 MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in biplob018 Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 2.8 versions.	2023-03-28	not yet calculated	CVE-2022-45831 MISC
x-man — x-man	X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage.	2023-03-31	not yet calculated	CVE-2022-46021 MISC MISC
conemu — multiple_products	ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.	2023-03-28	not yet calculated	CVE-2022-46387 MISC MISC
fp.io — vector_packet_processor	FP.io VPP (Vector Packet Processor) 22.10, 22.06, 22.02, 21.10, 21.06, 21.01, 20.09, 20.05, 20.01, 19.08, and 19.04 Generates a Predictable IV with CBC Mode.	2023-03-28	not yet calculated	CVE-2022-46397 MISC MISC
dji_spark — dji_spark	DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device’s internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.	2023-03-27	not yet calculated	CVE-2022-46415 MISC MISC MISC
parrot — bebop	Parrot Bebop 4.7.1. allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device’s internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets.	2023-03-27	not yet calculated	CVE-2022-46416 MISC MISC MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.1 versions.	2023-03-28	not yet calculated	CVE-2022-46848 MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP Darko Responsive Pricing Table plugin <= 5.1.6 versions.	2023-03-28	not yet calculated	CVE-2022-46855 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.6.4 versions.	2023-03-28	not yet calculated	CVE-2022-46863 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin <= 1.5.48 versions.	2023-03-28	not yet calculated	CVE-2022-47170 MISC
generex — ups_cs141	There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path.	2023-03-31	not yet calculated	CVE-2022-47188 CONFIRM CONFIRM CONFIRM
generex — ups_cs141	Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device.	2023-03-31	not yet calculated	CVE-2022-47189 CONFIRM CONFIRM CONFIRM
generex — ups_cs141	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root.	2023-03-31	not yet calculated	CVE-2022-47190 CONFIRM CONFIRM CONFIRM
generex — ups_cs141	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges.	2023-03-31	not yet calculated	CVE-2022-47191 CONFIRM CONFIRM CONFIRM
generex — ups_cs141	Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified “users.json” to the web server of the device, allowing him to replace the administrator password.	2023-03-31	not yet calculated	CVE-2022-47192 CONFIRM CONFIRM CONFIRM
linux — kernel	A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.	2023-03-30	not yet calculated	CVE-2022-4744 MISC
rsa — netwitness	Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.	2023-03-28	not yet calculated	CVE-2022-47529 MISC MISC MISC MISC MISC FULLDISC
redgate — sql_monitor	Red Gate SQL Monitor 11.0.14 through 12.1.46 has Incorrect Access Control, exploitable remotely for Escalation of Privileges.	2023-03-30	not yet calculated	CVE-2022-47542 MISC MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in JoomUnited WP Table Manager plugin <= 3.5.2 versions.	2023-03-29	not yet calculated	CVE-2022-47602 MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.1 versions.	2023-03-29	not yet calculated	CVE-2022-47603 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Usersnap plugin <= 4.16 versions.	2023-03-29	not yet calculated	CVE-2022-47607 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mr Digital Simple Image Popup plugin <= 1.3.6 versions.	2023-03-29	not yet calculated	CVE-2022-47610 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud AI ChatBot plugin <= 4.3.0 versions.	2023-03-29	not yet calculated	CVE-2022-47613 MISC
huawei — multiple products	The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48291 MISC MISC
huawei — multiple products	The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48346 MISC MISC
huawei — multiple products	The MediaProvider module has a vulnerability in permission verification. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48347 MISC MISC
huawei — multiple products	The MediaProvider module has a vulnerability of unauthorized data read. Successful exploitation of this vulnerability may affect confidentiality and integrity.	2023-03-27	not yet calculated	CVE-2022-48348 MISC MISC
huawei — multiple products	The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability.	2023-03-27	not yet calculated	CVE-2022-48349 MISC MISC
huawei — multiple products	The HUAWEI Messaging app has a vulnerability of unauthorized file access. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48350 MISC MISC
huawei — multiple products	The secure OS module has configuration defects. Successful exploitation of this vulnerability may affect availability.	2023-03-27	not yet calculated	CVE-2022-48351 MISC MISC
huawei — multiple products	Some smartphones have data initialization issues. Successful exploitation of this vulnerability may cause a system panic.	2023-03-27	not yet calculated	CVE-2022-48352 MISC MISC
huawei — multiple products	Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.	2023-03-27	not yet calculated	CVE-2022-48353 MISC MISC
huawei — multiple products	The Bluetooth module has a heap out-of-bounds write vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.	2023-03-27	not yet calculated	CVE-2022-48354 MISC MISC
huawei — multiple products	The Bluetooth module has a heap out-of-bounds read vulnerability. Successful exploitation of this vulnerability can cause the Bluetooth process to crash.	2023-03-27	not yet calculated	CVE-2022-48355 MISC MISC
huawei — multiple products	The facial recognition module has a vulnerability in input parameter verification. Successful exploitation of this vulnerability may cause failed facial recognition.	2023-03-27	not yet calculated	CVE-2022-48356 MISC MISC
huawei — multiple products	The BatteryHealthActivity has a redirection vulnerability. Successful exploitation of this vulnerability by a malicious app can cause service exceptions.	2023-03-27	not yet calculated	CVE-2022-48358 MISC MISC
huawei — multiple products	The recovery mode for updates has a vulnerability that causes arbitrary disk modification. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48359 MISC MISC
huawei — multiple products	The facial recognition module has a vulnerability in file permission control. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2022-48360 MISC MISC
huawei — multiple products	The Always On Display (AOD) has a path traversal vulnerability in theme files. Successful exploitation of this vulnerability may cause a failure in reading AOD theme resources.	2023-03-27	not yet calculated	CVE-2022-48361 MISC MISC
ffmpeg — ffmpeg	libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).	2023-03-29	not yet calculated	CVE-2022-48434 MISC MISC MISC
zstd — zstd	A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.	2023-03-31	not yet calculated	CVE-2022-4899 MISC
nvidia — gpu_display_driver_for_linux	NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.	2023-04-01	not yet calculated	CVE-2023-0180 MISC
nvidia — gpu_display_driver_for_windows_and_linux	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.	2023-04-01	not yet calculated	CVE-2023-0181 MISC
nvidia — gpu_display_driver_for_windows	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering.	2023-04-01	not yet calculated	CVE-2023-0182 MISC
nvidia — gpu_display_driver_for_linux	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.	2023-04-01	not yet calculated	CVE-2023-0183 MISC
nvidia — gpu_display_driver_for_linux	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.	2023-04-01	not yet calculated	CVE-2023-0185 MISC
nvidia — gpu_display_driver_for_windows	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering.	2023-04-01	not yet calculated	CVE-2023-0186 MISC
nvidia — gpu_display_driver_for_windows_and_linux	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.	2023-04-01	not yet calculated	CVE-2023-0187 MISC
nvidia — gpu_display_driver_for_windows_and_linux	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.	2023-04-01	not yet calculated	CVE-2023-0188 MISC
nvidia — gpu_display_driver_for_linux	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.	2023-04-01	not yet calculated	CVE-2023-0189 MISC
nvidia — gpu_display_driver_for_windows_and_linux	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.	2023-04-01	not yet calculated	CVE-2023-0191 MISC
nvidia — gpu_display_driver_for_windows	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure.	2023-04-01	not yet calculated	CVE-2023-0192 MISC
nvidia — gpu_display_driver_for_windows_and_linux	NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.	2023-04-01	not yet calculated	CVE-2023-0194 MISC
nvidia — gpu_display_driver_for_windows	NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver	2023-04-01	not yet calculated	CVE-2023-0195 MISC
nvidia — vgpu	NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service.	2023-04-01	not yet calculated	CVE-2023-0197 MISC
nvidia — gpu_display_driver_for_linux	NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.	2023-04-01	not yet calculated	CVE-2023-0198 MISC
nvidia — dcgm_for_linux	NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering.	2023-04-01	not yet calculated	CVE-2023-0208 MISC
linux — kernel	A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.	2023-03-27	not yet calculated	CVE-2023-0210 MISC MISC MISC
m-files — installer_for_windows	Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking.	2023-03-29	not yet calculated	CVE-2023-0213 MISC
gitlab — dast_api_scanner	An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.	2023-03-27	not yet calculated	CVE-2023-0326 CONFIRM MISC MISC
akuvox — e11	Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages.	2023-03-31	not yet calculated	CVE-2023-0343 MISC
akuvox — e11	Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server.	2023-03-31	not yet calculated	CVE-2023-0344 MISC
delta_electronics — dx-2100-l1-cn	The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user “root.” If the attacker has credentials for the web service, then the device could be fully compromised.	2023-03-31	not yet calculated	CVE-2023-0432 MISC
openssl –openssl	Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy’ argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()’ function.	2023-03-28	not yet calculated	CVE-2023-0465 MISC MISC MISC MISC MISC
openssl –openssl	The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications.	2023-03-28	not yet calculated	CVE-2023-0466 MISC MISC MISC MISC MISC
hashicorp — vault_and_vault_enterprise	HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the MSSQL plugin through the local, certain parameters are not sanitized when passed to the user-provided MSSQL database. An attacker may modify these parameters to execute a malicious SQL command. This issue is fixed in versions 1.13.1, 1.12.5, and 1.11.9.	2023-03-30	not yet calculated	CVE-2023-0620 MISC
qemu_guest_agent_for_windows — qemu_guest_agent_for_windows	A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent’s Windows installer via repair custom actions to elevate their privileges on the system.	2023-03-29	not yet calculated	CVE-2023-0664 MISC MISC MISC MISC
hashicorp — vault	HashiCorp Vault’s PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. This bug did not affect public or private key material, trust chains or certificate issuance. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.	2023-03-30	not yet calculated	CVE-2023-0665 MISC
silicon_labs — gecko_sdk	An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service.	2023-03-28	not yet calculated	CVE-2023-0775 MISC MISC
podman — podman	A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.	2023-03-27	not yet calculated	CVE-2023-0778 MISC
haproxy — haproxy	An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. There are 5 bytes left uninitialized in the connection buffer when encoding the FCGI_BEGIN_REQUEST record. Sensitive data may be disclosed to configured FastCGI backends in an unexpected way.	2023-03-29	not yet calculated	CVE-2023-0836 MISC
linux — kernel	A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.	2023-03-27	not yet calculated	CVE-2023-1073 MISC MISC MISC
linux — kernel	A memory leak flaw was found in the Linux kernel’s Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service.	2023-03-27	not yet calculated	CVE-2023-1074 MISC MISC MISC
linux — kernel	A flaw was found in the Linux Kernel. The tls_is_tx_ready() incorrectly checks for list emptiness, potentially accessing a type confused entry to the list_head, leaking the last byte of the confused field that overlaps with rec->tx_ready.	2023-03-27	not yet calculated	CVE-2023-1075 MISC
linux — kernel	A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.	2023-03-27	not yet calculated	CVE-2023-1076 MISC MISC
linux — kernel	In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption.	2023-03-27	not yet calculated	CVE-2023-1077 MISC
linux — kernel	A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.	2023-03-27	not yet calculated	CVE-2023-1078 MISC
wordpress — wordpress	The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth Single Sign On Enterprise WordPress plugin before 48.4.9 do not have CSRF checks when deleting Identity Providers (IdP), which could allow attackers to make logged in admins delete arbitrary IdP via a CSRF attack	2023-03-27	not yet calculated	CVE-2023-1092 MISC MISC MISC MISC
abb — flow-x	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.	2023-03-31	not yet calculated	CVE-2023-1258 MISC
linux — kernel	A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.	2023-03-27	not yet calculated	CVE-2023-1380 MISC MISC MISC
x.org — x.org_server	A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.	2023-03-30	not yet calculated	CVE-2023-1393 MISC FEDORA FEDORA FEDORA FEDORA FEDORA
keysight_technologies — n6854a_geolocation	N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution.	2023-03-27	not yet calculated	CVE-2023-1399 MISC
wordpress — wordpress	The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This makes it possible for unauthenticated attackers to modify arbitrary files and achieve remote code execution via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-03-29	not yet calculated	CVE-2023-1509 MISC MISC MISC
robodk — robodk	RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution.	2023-03-28	not yet calculated	CVE-2023-1516 MISC MISC
cp_plus — kvms_pro	CP Plus KVMS Pro versions 2.01.0.T.190521 and prior are vulnerable to sensitive credentials being leaked because they are insufficiently protected.	2023-03-28	not yet calculated	CVE-2023-1518 MISC
jianming — antivirus	A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been declared as critical. This vulnerability affects unknown code in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224008.	2023-03-25	not yet calculated	CVE-2023-1626 MISC MISC MISC MISC
jianming — antivirus	A vulnerability was found in Jianming Antivirus 16.2.2022.418. It has been rated as problematic. This issue affects some unknown processing in the library kvcore.sys of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-224009 was assigned to this vulnerability.	2023-03-25	not yet calculated	CVE-2023-1627 MISC MISC MISC MISC
linux — kernel	A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming CPU from suspend-to-RAM. A local user could use this flaw to potentially get unauthorized access to some memory of the CPU similar to the speculative execution behavior kind of attacks.	2023-03-27	not yet calculated	CVE-2023-1637 MISC MISC
gitlab — dast_api_scanner	An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence.	2023-03-27	not yet calculated	CVE-2023-1648 MISC CONFIRM MISC
linux — kernel	A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. This issue could allow a local attacker to crash the system or it may lead to a kernel information leak problem.	2023-03-29	not yet calculated	CVE-2023-1652 MISC
gpac — gpac	Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0.	2023-03-27	not yet calculated	CVE-2023-1655 CONFIRM MISC
forgerock — multiple_products	Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server (RCS) LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server (RCS): from 1.5.20.9 through 1.5.20.13.	2023-03-29	not yet calculated	CVE-2023-1656 MISC MISC
synopsys — coverity	Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. The root cause of this vulnerability is an insecurely configured servlet mapping for the underlying Apache Tomcat server. As a result, the downloads directory and its contents are accessible. 5.9 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)	2023-03-29	not yet calculated	CVE-2023-1663 MISC MISC
sourcecodester — automatic_question_paper_generator_system	A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. This vulnerability affects unknown code of the file users/classes/view_class.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224104.	2023-03-27	not yet calculated	CVE-2023-1666 MISC MISC MISC
linux — kernel	A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system.	2023-03-30	not yet calculated	CVE-2023-1670 MISC
sourcecodester — automatic_question_paper_generator_system	A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical. This issue affects some unknown processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224231.	2023-03-28	not yet calculated	CVE-2023-1674 MISC MISC MISC
sourcecodester — automatic_question_paper_generator_system	A vulnerability was found in SourceCodester School Registration and Fee System 1.0. It has been classified as critical. Affected is an unknown function of the file /bilal final/edit_stud.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224232.	2023-03-28	not yet calculated	CVE-2023-1675 MISC MISC MISC
driver-soft — drivergenius	A vulnerability was found in DriverGenius 9.70.0.346. It has been declared as critical. Affected by this vulnerability is the function 0x9C402088 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224233 was assigned to this vulnerability.	2023-03-28	not yet calculated	CVE-2023-1676 MISC MISC MISC MISC
driver-soft — drivergenius	A vulnerability was found in DriverGenius 9.70.0.346. It has been rated as problematic. Affected by this issue is the function 0x9c40a0c8/0x9c40a0dc/0x9c40a0e0/0x9c40a0d8/0x9c4060d4/0x9c402004/0x9c402088/0x9c40208c/0x9c4060d0/0x9c4060cc/0x9c4060c4/0x9c402084 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-224234 is the identifier assigned to this vulnerability.	2023-03-28	not yet calculated	CVE-2023-1677 MISC MISC MISC MISC
driver-soft — drivergenius	A vulnerability classified as critical has been found in DriverGenius 9.70.0.346. This affects the function 0x9C40A0D8/0x9C40A0DC/0x9C40A0E0 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224235.	2023-03-28	not yet calculated	CVE-2023-1678 MISC MISC MISC MISC
driver-soft — drivergenius	A vulnerability classified as critical was found in DriverGenius 9.70.0.346. This vulnerability affects the function 0x9C406104/0x9C40A108 in the library mydrivers64.sys of the component IOCTL Handler. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224236.	2023-03-28	not yet calculated	CVE-2023-1679 MISC MISC MISC MISC
xunrui — cms	A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61. This issue affects some unknown processing of the file /dayrui/My/View/main.html. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224237 was assigned to this vulnerability.	2023-03-29	not yet calculated	CVE-2023-1680 MISC MISC MISC
xunrui — cms	A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Affected is an unknown function of the file /config/myfield/test.php. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224238 is the identifier assigned to this vulnerability.	2023-03-28	not yet calculated	CVE-2023-1681 MISC MISC MISC
xunrui — cms	A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224239.	2023-03-29	not yet calculated	CVE-2023-1682 MISC MISC MISC
xunrui — cms	A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Affected by this issue is some unknown functionality of the file /dayrui/Fcms/View/system_log.html. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224240.	2023-03-29	not yet calculated	CVE-2023-1683 MISC MISC MISC
hadsky — hadsky	A vulnerability was found in HadSky 7.7.16. It has been classified as problematic. This affects an unknown part of the file upload/index.php?c=app&a=superadmin:index. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224241 was assigned to this vulnerability.	2023-03-29	not yet calculated	CVE-2023-1684 MISC MISC MISC
hadsky — hadsky	A vulnerability was found in HadSky up to 7.11.8. It has been declared as critical. This vulnerability affects unknown code of the file /install/index.php of the component Installation Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224242 is the identifier assigned to this vulnerability.	2023-03-29	not yet calculated	CVE-2023-1685 MISC MISC MISC MISC
sourcecodester — earnings_and_expense_tracker_app	A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0. This issue affects some unknown processing of the file LoginRegistration.php?a=register_user. The manipulation of the argument fullname leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-224309 was assigned to this vulnerability.	2023-03-29	not yet calculated	CVE-2023-1690 MISC MISC
rapidk7 — nexpose	Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This vulnerability allows an attacker to manipulate URLs to forcefully browse to and access administrative pages. This vulnerability is fixed in version 6.6.187.	2023-03-30	not yet calculated	CVE-2023-1699 MISC
pimcore — pimcore	Cross-site Scripting (XSS) – Reflected in GitHub repository pimcore/pimcore prior to 10.5.20.	2023-03-29	not yet calculated	CVE-2023-1701 CONFIRM MISC
pimcore — pimcore	Cross-site Scripting (XSS) – Generic in GitHub repository pimcore/pimcore prior to 10.5.20.	2023-03-29	not yet calculated	CVE-2023-1702 MISC CONFIRM
pimcore — pimcore	Cross-site Scripting (XSS) – Generic in GitHub repository pimcore/pimcore prior to 10.5.20.	2023-03-29	not yet calculated	CVE-2023-1703 MISC CONFIRM
pimcore — pimcore	Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.20.	2023-03-29	not yet calculated	CVE-2023-1704 CONFIRM MISC
deepset-ai — haystack	Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30.	2023-03-30	not yet calculated	CVE-2023-1712 MISC CONFIRM
sourcecodester — young_entrepeneur_e-negosyo_system	A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected is an unknown function of the file admin/products/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. VDB-224622 is the identifier assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1734 MISC MISC
sourcecodester — young_entrepeneur_e-negosyo_system	A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this vulnerability is an unknown functionality of the file passwordrecover.php. The manipulation of the argument phonenumber leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-224623.	2023-03-30	not yet calculated	CVE-2023-1735 MISC MISC
sourcecodester — young_entrepeneur_e-negosyo_system	A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624.	2023-03-30	not yet calculated	CVE-2023-1736 MISC MISC MISC
sourcecodester — young_entrepeneur_e-negosyo_system	A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument U_USERNAME leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-224625 was assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1737 MISC MISC
sourcecodester — young_entrepeneur_e-negosyo_system	A vulnerability has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php?q=product. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. VDB-224626 is the identifier assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1738 MISC MISC
sourcecodester — simple_and_beautiful_shopping_cart_system	A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical. This issue affects some unknown processing of the file upload.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224627.	2023-03-30	not yet calculated	CVE-2023-1739 MISC MISC MISC
sourcecodester — air_cargo_management_system	A vulnerability was found in SourceCodester Air Cargo Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin/user/manage_user.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224628.	2023-03-30	not yet calculated	CVE-2023-1740 MISC MISC MISC
jeecg-boot — jeecg-boot	A vulnerability was found in jeecg-boot 3.5.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file SysDictMapper.java of the component Sleep Command Handler. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224629 was assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1741 MISC MISC MISC
ibos — ibos	A vulnerability was found in IBOS 4.5.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /?r=report/api/getlist of the component Report Search. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224630 is the identifier assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1742 MISC MISC MISC
sourcecodester — grade_point_average_gpa_calculator	A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. This affects an unknown part of the file index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224631.	2023-03-30	not yet calculated	CVE-2023-1743 MISC MISC MISC
ibos — ibos	A vulnerability classified as critical was found in IBOS 4.5.5. This vulnerability affects unknown code of the component htaccess Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224632.	2023-03-30	not yet calculated	CVE-2023-1744 MISC MISC MISC
kmplayer — kmplayer	A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73. This issue affects some unknown processing in the library SHFOLDER.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-224633 was assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1745 MISC MISC MISC MISC MISC
dreamer_cms — dreamer_cms	A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Affected is an unknown function of the component File Upload Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-224634 is the identifier assigned to this vulnerability.	2023-03-30	not yet calculated	CVE-2023-1746 MISC MISC MISC
ibos — ibos	A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635.	2023-03-31	not yet calculated	CVE-2023-1747 MISC MISC MISC
phpmyfaq — phpmyfaq	Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1753 MISC CONFIRM
phpmyfaq — phpmyfaq	Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1754 MISC CONFIRM
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1755 CONFIRM MISC
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1759 MISC CONFIRM
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1760 MISC CONFIRM
phpmyfaq — phpmyfaq	Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1761 MISC CONFIRM
phpmyfaq — phpmyfaq	Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12.	2023-03-31	not yet calculated	CVE-2023-1762 MISC CONFIRM
sourcecodester — grade_point_average_gpa_calculator	A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability.	2023-03-31	not yet calculated	CVE-2023-1769 MISC MISC MISC
sourcecodester — grade_point_average_gpa_calculator	A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671.	2023-03-31	not yet calculated	CVE-2023-1770 MISC MISC MISC
sourcecodester — grade_point_average_gpa_calculator	A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672.	2023-03-31	not yet calculated	CVE-2023-1771 MISC MISC MISC
datagear — datagear	A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability.	2023-03-31	not yet calculated	CVE-2023-1772 MISC MISC MISC
rockoa — rockoa	A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability.	2023-03-31	not yet calculated	CVE-2023-1773 MISC MISC MISC
mattermost — mattermost	When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter’s permission to that channel, allowing an attacker to invite themselves to a private channel.	2023-03-31	not yet calculated	CVE-2023-1774 MISC
mattermost — mattermost	When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients.	2023-03-31	not yet calculated	CVE-2023-1775 MISC
mattermost — mattermost	Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file.	2023-03-31	not yet calculated	CVE-2023-1776 MISC
mattermost — mattermost	Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message.	2023-03-31	not yet calculated	CVE-2023-1777 MISC
jeecg-boot — jeecg-boot	A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699.	2023-03-31	not yet calculated	CVE-2023-1784 MISC MISC MISC
sourcecodester — earnings_and_expense_tracker_app	A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700.	2023-03-31	not yet calculated	CVE-2023-1785 MISC MISC MISC
firefly-iii — firefly-iii	Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0.	2023-04-01	not yet calculated	CVE-2023-1789 MISC CONFIRM
sourcecodester — simple_task_allocation_system	A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724.	2023-04-01	not yet calculated	CVE-2023-1790 MISC MISC MISC
spring — spring_frameware	Spring Framework running version 6.0.0 – 6.0.6 or 5.3.0 – 5.3.25 using “**” as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.	2023-03-27	not yet calculated	CVE-2023-20860 MISC
cloudfoundry — cloud_foundry	This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a client on behalf of a user from that identity provider, the administrator of the UAA deactivates the identity provider from the UAA. It is expected that the UAA would reject a refresh token during a refresh token grant, but it does not (hence the vulnerability). It will continue to issue access tokens to request presenting such refresh tokens, as if the identity provider was still active. As a result, clients with refresh tokens issued through the deactivated identity provider would still have access to Cloud Foundry resources until their refresh token expires (which defaults to 30 days).	2023-03-28	not yet calculated	CVE-2023-20903 MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Collne Inc. Welcart e-Commerce plugin <= 2.8.10 versions.	2023-03-29	not yet calculated	CVE-2023-22705 MISC
openimageio — openimageio	An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.	2023-03-30	not yet calculated	CVE-2023-22845 MISC
qnap_systems_inc — multiple_products	A vulnerability has been reported to affect multiple QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later	2023-03-29	not yet calculated	CVE-2023-23355 MISC
sato_america — cl4nx_plus	An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes.	2023-03-31	not yet calculated	CVE-2023-23594 MISC MISC
wordpress — wordpress	Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Team Heateor Fancy Comments WordPress plugin <= 1.2.10 versions.	2023-03-30	not yet calculated	CVE-2023-23670 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catchsquare WP Smart Preloader plugin <= 1.15 versions.	2023-03-30	not yet calculated	CVE-2023-23675 MISC
wordpress — wordpress	Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions.	2023-03-30	not yet calculated	CVE-2023-23677 MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Labib Ahmed Image Hover Effects For WPBakery Page Builder plugin <= 4.0 versions.	2023-03-30	not yet calculated	CVE-2023-23681 MISC
irfanview — irfanview	Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file.	2023-03-28	not yet calculated	CVE-2023-24304 MISC
tracker_software — pdf-xchange_editor	A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF-XChange Editor version 9.3 by Tracker Software may allow attackers to execute code when a user opens a crafted PDF file. The issue occurs when handling a large number of objects in a PDF file.	2023-03-28	not yet calculated	CVE-2023-24308 MISC
rconfig — rconfig	An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request.	2023-03-27	not yet calculated	CVE-2023-24366 MISC MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.2 versions.	2023-03-30	not yet calculated	CVE-2023-24399 MISC
openimageio — openimageio	A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.	2023-03-30	not yet calculated	CVE-2023-24472 MISC
openimageio — openimageio	An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted targa file can lead to a disclosure of sensitive information. An attacker can provide a malicious file to trigger this vulnerability.	2023-03-30	not yet calculated	CVE-2023-24473 MISC
github — cmark-gfm	cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `>` or `-` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources.	2023-03-31	not yet calculated	CVE-2023-24824 MISC MISC
hashicorp — vault	HashiCorp Vault’s implementation of Shamir’s secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. An attacker with access to, and the ability to observe a large number of unseal operations on the host through a side channel may reduce the search space of a brute force effort to recover the Shamir shares. Fixed in Vault 1.13.1, 1.12.5, and 1.11.9.	2023-03-30	not yet calculated	CVE-2023-25000 MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vova Anokhin WordPress Shortcodes Plugin — Shortcodes Ultimate plugin <= 5.12.6 versions.	2023-03-30	not yet calculated	CVE-2023-25040 MISC
sniproxy — sniproxy	A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). A specially crafted HTTP, TLS or DTLS packet can lead to arbitrary code execution. An attacker could send a malicious packet to trigger this vulnerability.	2023-03-30	not yet calculated	CVE-2023-25076 MISC MISC
stimulsoft — stimulsoft_designer	Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion.	2023-03-28	not yet calculated	CVE-2023-25260 MISC MISC MISC
stimulsoft — multiple_products	Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.	2023-03-27	not yet calculated	CVE-2023-25261 MISC MISC MISC
stimulsoft — stimulsoft_designer	Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).	2023-03-28	not yet calculated	CVE-2023-25262 MISC MISC MISC
stimulsoft — stimulsoft_designer	In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static secret is used. The secret does not differ between the tested versions and different operating systems.	2023-03-27	not yet calculated	CVE-2023-25263 MISC MISC MISC
tensorflow — tensorflow	TensorFlow is an Open Source Machine Learning Framework. In versions prior to 2.11.1 a malicious invalid input crashes a tensorflow model (Check Failed) and can be used to trigger a denial of service attack. A proof of concept can be constructed with the `Convolution3DTranspose` function. This Convolution3DTranspose layer is a very common API in modern neural networks. The ML models containing such vulnerable components could be deployed in ML applications or as cloud services. This failure could be potentially used to trigger a denial of service attack on ML cloud services. An attacker must have privilege to provide input to a `Convolution3DTranspose` call. This issue has been patched and users are advised to upgrade to version 2.11.1. There are no known workarounds for this vulnerability.	2023-03-27	not yet calculated	CVE-2023-25661 MISC MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mehjabin Orthi Interactive SVG Image Map Builder plugin <= 1.0 versions.	2023-03-28	not yet calculated	CVE-2023-25704 MISC
veracode — jenkins	Veracode Scan Jenkins Plugin before 23.3.19.0, when the “Connect using proxy” option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and when a scan is configured for remote agent jobs, allows users (with access to view the job log) to discover proxy credentials.	2023-03-28	not yet calculated	CVE-2023-25721 MISC MISC
veracode — jenkins	A credential-leak issue was discovered in related Veracode products before 2023-03-27. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs, invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access of the Jenkins remote) to discover Veracode API credentials by listing the process and its arguments. Veracode Scan Jenkins Plugin before 23.3.19.0, when configured for remote agent jobs and when the “Connect using proxy” option is enabled and configured with proxy credentials, allows local users of the Jenkins remote to discover proxy credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0 invokes the Veracode Java API Wrapper in a manner that allows local users (with OS-level access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover Veracode API credentials by listing the process and its arguments. Veracode Azure DevOps Extension before 3.20.0, when configured with proxy credentials, allows users (with shell access to the Azure DevOps Services cloud infrastructure or Azure DevOps Server) to discover proxy credentials by listing the process and its arguments.	2023-03-28	not yet calculated	CVE-2023-25722 MISC MISC
podman — podman	runc is a CLI tool for spawning and running containers according to the OCI specification. In affected versions it was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons: 1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker\|podman\|nerdctl) run –cgroupns=host`, with Rootless Docker/Podman/nerdctl) or 2. when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec –rootless`; this condition is very rare). A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/…` on the host . Other users’s cgroup hierarchies are not affected. Users are advised to upgrade to version 1.1.5. Users unable to upgrade may unshare the cgroup namespace (`(docker\|podman\|nerdctl) run –cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts. or add `/sys/fs/cgroup` to `maskedPaths`.	2023-03-29	not yet calculated	CVE-2023-25809 MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source, personal cloud implementation. In affected versions a malicious user could try to reset the password of another user and then brute force the 62^21 combinations for the password reset token. As of commit `704eb3aa` password reset attempts are now throttled. Note that 62^21 combinations would significant compute resources to brute force. None the less it is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. There are no known workarounds for this vulnerability.	2023-03-27	not yet calculated	CVE-2023-25818 MISC MISC MISC
mcubo_ict — mcubo_ict	An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In particular, the web application provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor. That allow an unauthorized actor to perform User Enumeration attacks.	2023-03-28	not yet calculated	CVE-2023-26071 MISC
angular.io — angular.io	All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.	2023-03-30	not yet calculated	CVE-2023-26116 MISC MISC
angular.io — angular.io	All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.	2023-03-30	not yet calculated	CVE-2023-26117 MISC MISC
angular.io — angular.io	All versions of the package angular are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type=”url”> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerability is possible by a large carefully-crafted input, which can result in catastrophic backtracking.	2023-03-30	not yet calculated	CVE-2023-26118 MISC MISC
forcepoint — cloud_security_gateway	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_reset_request.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_reset_request.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.	2023-03-29	not yet calculated	CVE-2023-26290 MISC
forcepoint — cloud_security_gateway	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_form.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_form.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.	2023-03-29	not yet calculated	CVE-2023-26291 MISC
forcepoint — cloud_security_gateway	Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud (login_submit.mhtml modules), Forcepoint Web Security Portal on Hybrid (login_submit.mhtml modules) allows Reflected XSS.This issue affects Cloud Security Gateway (CSG): before 03/29/2023; Web Security: before 03/29/2023.	2023-03-29	not yet calculated	CVE-2023-26292 MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation allowed users to create workflows which are designed to be only available for administrators. Some workflows are designed to be RCE by invoking defined scripts, in order to generate PDFs, invoking webhooks or running scripts on the server. Due to this combination depending on the available apps the issue can result in a RCE at the end. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should disable app `workflow_scripts` and `workflow_pdf_converter` as a mitigation.	2023-03-30	not yet calculated	CVE-2023-26482 MISC MISC
github — cmark-gfm	cmark-gfm is GitHub’s fork of cmark, a CommonMark parsing and rendering library and program in C. A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. This CVE covers quadratic complexity issues when parsing text which leads with either large numbers of `_` characters. This issue has been addressed in version 0.29.0.gfm.10. Users are advised to upgrade. Users unable to upgrade should validate that their input comes from trusted sources. ### Impact A polynomial time complexity issue in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. ### Proof of concept “` $ ~/cmark-gfm$ python3 -c ‘pad = “_” * 100000; print(pad + “.” + pad, end=””)’ \| time ./build/src/cmark-gfm –to plaintext “` Increasing the number 10000 in the above commands causes the running time to increase quadratically. ### Patches This vulnerability have been patched in 0.29.0.gfm.10. ### Note on cmark and cmark-gfm XXX: TBD [cmark-gfm](https://github.com/github/cmark-gfm) is a fork of [cmark](https://github.com/commonmark/cmark) that adds the GitHub Flavored Markdown extensions. The two codebases have diverged over time, but share a common core. These bugs affect both `cmark` and `cmark-gfm`. ### Credit We would like to thank @gravypod for reporting this vulnerability. ### References https://en.wikipedia.org/wiki/Time_complexity ### For more information If you have any questions or comments about this advisory: * Open an issue in [github/cmark-gfm](https://github.com/github/cmark-gfm)	2023-03-31	not yet calculated	CVE-2023-26485 MISC MISC
cocos — cocos-engine	Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. In the github repo for Cocos Engine the `web-interface-check.yml` was subject to command injection. The `web-interface-check.yml` was triggered when a pull request was opened or updated and contained the user controllable field `(${{ github.head_ref }} – the name of the fork’s branch)`. This would allow an attacker to take over the GitHub Runner and run custom commands (potentially stealing secrets such as GITHUB_TOKEN) and altering the repository. The workflow has since been removed for the repository. There are no actions required of users.	2023-03-27	not yet calculated	CVE-2023-26493 MISC MISC MISC
huawei — harmonyos	The InputMethod module has a vulnerability of serialization/deserialization mismatch. Successful exploitation of this vulnerability may cause privilege escalation.	2023-03-27	not yet calculated	CVE-2023-26547 MISC MISC
huawei — harmonyos	The pgmng module has a vulnerability in serialization/deserialization. Successful exploitation of this vulnerability may affect availability.	2023-03-27	not yet calculated	CVE-2023-26548 MISC MISC
huawei — harmonyos	The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Successful exploitation of this vulnerability may affect confidentiality.	2023-03-27	not yet calculated	CVE-2023-26549 MISC MISC
zijper — multiple_products	ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).	2023-03-30	not yet calculated	CVE-2023-26692 MISC
ruijie_networks — rg-ew1200	Ruijie Networks RG-EW1200 Wireless Routers EW_3.0(1)B11P204 was discovered to contain a command injetion vulnerability via the params.path parameter in the upgradeConfirm function.	2023-03-26	not yet calculated	CVE-2023-26800 MISC
lb-link — multiple_products	LB-LINK BL-AC1900_2.0 v1.0.1, LB-LINK BL-WR9000 v2.4.9, LB-LINK BL-X26 v1.2.5, and LB-LINK BL-LTE300 v1.0.8 were discovered to contain a command injection vulnerability via the mac, time1, and time2 parameters at /goform/set_LimitClient_cfg.	2023-03-26	not yet calculated	CVE-2023-26801 MISC
digital_china_networks — dcbi-netlog-lab	An issue in the component /network_config/nsg_masq.cgi of DCN (Digital China Networks) DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.	2023-03-26	not yet calculated	CVE-2023-26802 MISC
d-link — go-rt-ac750	D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main.	2023-04-01	not yet calculated	CVE-2023-26822 MISC MISC
gladinet — centrestack	An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass.	2023-03-31	not yet calculated	CVE-2023-26829 MISC
gladinet — centrestack	An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server.	2023-03-31	not yet calculated	CVE-2023-26830 MISC
prestashop — prestashp_faqs	SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component.	2023-03-31	not yet calculated	CVE-2023-26858 MISC MISC
musescore — musescore	Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. If attacker can additional information, attacker can execute arbitrary code.	2023-03-28	not yet calculated	CVE-2023-26923 MISC
llvm — llvm	LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion.	2023-03-27	not yet calculated	CVE-2023-26924 MISC MISC
d-link — dir_882	An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information.	2023-03-31	not yet calculated	CVE-2023-26925 MISC MISC
atrocore — atrocore	In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload.	2023-03-29	not yet calculated	CVE-2023-26968 MISC
peppermint — peppermint	An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request.	2023-03-29	not yet calculated	CVE-2023-26984 MISC MISC MISC
atutor — atutor	A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.	2023-03-28	not yet calculated	CVE-2023-27008 MISC
appwrite — appwrite	Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.	2023-03-31	not yet calculated	CVE-2023-27159 MISC MISC MISC MISC MISC
forem — forem	forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.	2023-03-31	not yet calculated	CVE-2023-27160 MISC MISC MISC MISC
openapi-generator — openapi-generator	openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.	2023-03-31	not yet calculated	CVE-2023-27162 MISC MISC MISC MISC
request-baskets — request-baskets	request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request.	2023-03-31	not yet calculated	CVE-2023-27163 MISC MISC MISC MISC
suprema — biostar_2	Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.	2023-03-29	not yet calculated	CVE-2023-27167 MISC MISC MISC MISC MISC
totolink — a7100ru	TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg.	2023-03-28	not yet calculated	CVE-2023-27229 MISC
totolink — a7100ru	TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg.	2023-03-28	not yet calculated	CVE-2023-27231 MISC
totolink — a7100ru	TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg.	2023-03-28	not yet calculated	CVE-2023-27232 MISC
mk-auth — mk-auth	An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file.	2023-03-28	not yet calculated	CVE-2023-27246 MISC
cynet — client_agent	Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens.	2023-03-28	not yet calculated	CVE-2023-27247 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts.	2023-03-28	not yet calculated	CVE-2023-27394 MISC
kiwi — tcms	Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS accepts SVG files uploaded by users which could potentially contain JavaScript code. If SVG images are viewed directly, i.e. not rendered in an HTML page, this JavaScript code could execute. This vulnerability has been fixed by configuring Kiwi TCMS to serve with the Content-Security-Policy HTTP header which blocks inline JavaScript in all modern browsers. This configuration change is provided in version 12.1 and users are advised to upgrade. Users unable to upgrade may set their Content-Security-Policy HTTP header manually.	2023-03-29	not yet calculated	CVE-2023-27489 MISC MISC
curl — curl	A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and “telnet options” during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application’s intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.	2023-03-30	not yet calculated	CVE-2023-27533 MISC
curl — curl	A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user’s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.	2023-03-30	not yet calculated	CVE-2023-27534 MISC
curl — curl	An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.	2023-03-30	not yet calculated	CVE-2023-27535 MISC
curl — curl	An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.	2023-03-30	not yet calculated	CVE-2023-27536 MISC
curl — curl	A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate “handles”. This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.	2023-03-30	not yet calculated	CVE-2023-27537 MISC
curl — curl	An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.	2023-03-30	not yet calculated	CVE-2023-27538 MISC
muyucms — muyucms	MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html.	2023-03-28	not yet calculated	CVE-2023-27701 MISC
ruijie_networks — multiple_products	RG-EW1200G PRO Wireless Routers EW_3.0(1)B11P204, RG-EW1800GX PRO Wireless Routers EW_3.0(1)B11P204, and RG-EW3200GX PRO Wireless Routers EW_3.0(1)B11P204 were discovered to contain multiple command injection vulnerabilities via the data.ip, data.protocal, data.iface and data.package parameters in the runPackDiagnose function of diagnose.lua.	2023-03-26	not yet calculated	CVE-2023-27796 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP POST parameter called by index.php script.	2023-03-28	not yet calculated	CVE-2023-27886 MISC
discord_api — discordrb	discordrb is an implementation of the Discord API using Ruby. In discordrb before commit `91e13043ffa` the `encoder.rb` file unsafely constructs a shell string using the file parameter, which can potentially leave clients of discordrb vulnerable to command injection. The library is not directly exploitable: the exploit requires that some client of the library calls the vulnerable method with user input. However, if unsafe input reaches the library method, then an attacker can execute arbitrary shell commands on the host machine. Full impact will depend on the permissions of the process running the `discordrb` library and will likely not be total system access. This issue has been addressed in code, but a new release of the `discordrb` gem has not been uploaded to rubygems. This issue is also tracked as `GHSL-2022-094`.	2023-03-27	not yet calculated	CVE-2023-28102 MISC MISC
matri-org — react-sdk	matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. In certain configurations, data sent by remote servers containing special strings in key locations could cause modifications of the `Object.prototype`, disrupting matrix-react-sdk functionality, causing denial of service and potentially affecting program logic. This is fixed in matrix-react-sdk 3.69.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. Note this advisory is distinct from GHSA-2x9c-qwgf-94xr which refers to a similar issue.	2023-03-28	not yet calculated	CVE-2023-28103 MISC MISC
apache — archiva	Privilege escalation via stored XSS using the file upload service to upload malicious content. The issue can be exploited only by authenticated users which can create directory name to inject some XSS content and gain some privileges such admin user.	2023-03-29	not yet calculated	CVE-2023-28158 MISC
apache — openmeetings	Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room	2023-03-28	not yet calculated	CVE-2023-28326 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a GET parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.	2023-03-28	not yet calculated	CVE-2023-28375 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 is vulnerable to a weak session token generation algorithm that can be predicted and can aid in authentication and authorization bypass. This may allow an attacker to hijack a session by predicting the session id and gain unauthorized access to the product.	2023-03-28	not yet calculated	CVE-2023-28395 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. A threat actor could exploit this vulnerability to create a user account without providing valid credentials. A threat actor who successfully exploits this vulnerability could gain access to the pump controller and cause disruption in operation, modify data, or shut down the controller.	2023-03-28	not yet calculated	CVE-2023-28398 MISC
matrix-org — js-sdk	matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer’s ability to process data safely. Note that the matrix-js-sdk can appear to be operating normally but be excluding or corrupting runtime data presented to the consumer. This vulnerability is distinct from GHSA-rfv9-x7hh-xc32 which covers a similar issue. The issue has been patched in matrix-js-sdk 24.0.0 and users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-28	not yet calculated	CVE-2023-28427 MISC MISC
onesignal — react_native_onesignal_sdk	OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). The workflow starts with full write-permissions GitHub repository token since the default workflow permissions on Organization/Repository level are set to read-write. This workflow runs the following step with data controlled by the comment `(${{ github.event.issue.title }} – the full title of the Issue)`, allowing an attacker to take over the GitHub Runner and run custom commands, potentially stealing any secret (if used), or altering the repository. This issue was found with CodeQL using javascript’s Expression injection in Actions query. This issue has been addressed in the repositories github action. No actions are required by users. This issue is also tracked as `GHSL-2023-051`.	2023-03-27	not yet calculated	CVE-2023-28430 MISC MISC MISC
smarty — smarty	Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user’s browser session. This may lead to unauthorized access to sensitive user data, manipulation of the web application’s behavior, or unauthorized actions performed on behalf of the user. Users are advised to upgrade to either version 3.1.48 or to 4.3.1 to resolve this issue. There are no known workarounds for this vulnerability.	2023-03-28	not yet calculated	CVE-2023-28447 MISC MISC
payara — payara	A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed.	2023-03-30	not yet calculated	CVE-2023-28462 MISC
linux — kernel	hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation.	2023-03-31	not yet calculated	CVE-2023-28464 MISC MISC MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that, if successfully exploited, can lead to remote code execution as the root user.	2023-03-29	not yet calculated	CVE-2023-28501 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the “udadmin” service that can lead to remote code execution as the root user.	2023-03-29	not yet calculated	CVE-2023-28502 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special username with a deterministic password can be leveraged to bypass authentication checks and execute OS commands as the root user.	2023-03-29	not yet calculated	CVE-2023-28503 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user.	2023-03-29	not yet calculated	CVE-2023-28504 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is copied into a caller-provided buffer without checking the length. This requires a valid login to exploit.	2023-03-29	not yet calculated	CVE-2023-28505 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login to exploit.	2023-03-29	not yet calculated	CVE-2023-28506 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine will allocate increasing amounts of memory until all system memory is exhausted and the forked process crashes.	2023-03-29	not yet calculated	CVE-2023-28507 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input can corrupt the heap and crash the forked process.	2023-03-29	not yet calculated	CVE-2023-28508 MISC
rocket_software — unidata	Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords transferred on the wire.	2023-03-29	not yet calculated	CVE-2023-28509 MISC
zoom — client_for_meetings_for_it_admin_macos_installers	Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root.	2023-03-27	not yet calculated	CVE-2023-28596 MISC
zoom — zoom	Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user’s device and data, and remote code execution.	2023-03-27	not yet calculated	CVE-2023-28597 MISC
comrak — comrak	comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A range of quadratic parsing issues are present in Comrak. These can be used to craft denial-of-service attacks on services that use Comrak to parse Markdown. This issue has been addressed in version 0.17.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-047`	2023-03-28	not yet calculated	CVE-2023-28626 MISC MISC
pymedusa — medusa	pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa program. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-27	not yet calculated	CVE-2023-28627 MISC MISC
ambdaisland — uri	lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 `authority-regex` allows an attacker to send malicious URLs to be parsed by the `lambdaisland/uri` and return the wrong authority. This issue is similar to but distinct from CVE-2020-8910. The regex in question doesn’t handle the backslash (`\`) character in the username correctly, leading to a wrong output. ex. a payload of `https://example.com\\@google.com` would return that the host is `google.com`, but the correct host should be `example.com`. Given that the library returns the wrong authority this may be abused to bypass host restrictions depending on how the library is used in an application. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-27	not yet calculated	CVE-2023-28628 MISC MISC
comrak — comrak	comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with `parse_document`. This AST can then be converted to HTML via `html::format_document_with_plugins`. However, the HTML formatting code assumes that the AST is well-formed. For example, many AST notes contain `[u8]` fields which the formatting code assumes is valid UTF-8 data. Several bugs can be triggered if this is not the case. Version 0.17.0 contains adjustments to the AST, storing strings instead of unvalidated byte arrays. Users are advised to upgrade. Users unable to upgrade may manually validate UTF-8 correctness of all data when assigning to `&[u8]` and `Vec<u8>` fields in the AST. This issue is also tracked as `GHSL-2023-049`.	2023-03-28	not yet calculated	CVE-2023-28631 MISC MISC
dataease — dataease	DataEase is an open source data visualization analysis tool. In Dataease users are normally allowed to modify data and the data sources are expected to properly sanitize data. The AWS redshift data source does not provide data sanitization which may lead to remote code execution. This vulnerability has been fixed in v1.18.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-28	not yet calculated	CVE-2023-28637 MISC
opencontainers — runc	runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.	2023-03-29	not yet calculated	CVE-2023-28642 MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.	2023-03-30	not yet calculated	CVE-2023-28643 MISC MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.	2023-03-30	not yet calculated	CVE-2023-28644 MISC MISC
nextcloud — nextcloud_richdocuments	Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud.	2023-03-31	not yet calculated	CVE-2023-28645 MISC MISC MISC
nextcloud — nextcloud_for_android	Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability.	2023-03-30	not yet calculated	CVE-2023-28646 MISC MISC
nextcloud — nextcloud_for_ios	Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability.	2023-03-30	not yet calculated	CVE-2023-28647 MISC MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user’s browser session in context of an affected site.	2023-03-28	not yet calculated	CVE-2023-28648 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. The user is not visible in Usernames and Passwords menu list of the application and the password cannot be changed through any normal operation of the device.	2023-03-28	not yet calculated	CVE-2023-28654 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions.	2023-03-28	not yet calculated	CVE-2023-28712 MISC
propump_and_controls — osprey_pump_controller	Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. This may allow an attacker to perform certain actions with administrative privileges if a logged-in user visits a malicious website.	2023-03-28	not yet calculated	CVE-2023-28718 MISC
panasonic — aiseg2	Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands.	2023-03-31	not yet calculated	CVE-2023-28726 MISC
panasonic — aiseg2	Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers.	2023-03-31	not yet calculated	CVE-2023-28727 MISC
anymailing — anymailing	AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign’s creation on front-office due to unrestricted file upload allowing PHP code to be injected. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.	2023-03-30	not yet calculated	CVE-2023-28731 MISC MISC
anymailing — anymailing	Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being granted access to the campaign’s creation on front-office. This issue affects AnyMailing Joomla Plugin in versions below 8.3.0.	2023-03-30	not yet calculated	CVE-2023-28732 MISC MISC MISC
anymailing — anymailing	AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign’s creation on front-office. This issue affects AnyMailing Joomla Plugin Enterprise in versions below 8.3.0.	2023-03-30	not yet calculated	CVE-2023-28733 MISC MISC
ruby — ruby	A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1.	2023-03-31	not yet calculated	CVE-2023-28755 MISC MISC CONFIRM MISC
ruby — ruby	A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2.	2023-03-31	not yet calculated	CVE-2023-28756 MISC CONFIRM MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In affected versions admins of a server were able to upload a logo or a favicon and to provided a file name which was not restricted and could overwrite files in the appdata directory. Administrators may have access to overwrite these files by other means but this method could be exploited by tricking an admin into uploading a maliciously named file. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. Users unable to upgrade should avoid ingesting logo files from untrusted sources.	2023-03-30	not yet calculated	CVE-2023-28833 MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In affected versions the generated fallback password when creating a share was using a weak complexity random number generator, so when the sharer did not change it the password could be guessable to an attacker willing to brute force it. It is recommended that the Nextcloud Server is upgraded to 24.0.10 or 25.0.4. This issue only affects users who do not have a password policy enabled, so enabling a password policy is an effective mitigation for users unable to upgrade.	2023-03-30	not yet calculated	CVE-2023-28835 MISC MISC
202ecommerce — paypal_module_prestashop	PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability.	2023-03-31	not yet calculated	CVE-2023-28843 MISC MISC
nextcloud — nextcloud_server	Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-03-31	not yet calculated	CVE-2023-28844 MISC MISC
nextcloud — nextcloud_talk	Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability.	2023-03-31	not yet calculated	CVE-2023-28845 MISC MISC
unpoly — unpoly	Unpoly is a JavaScript framework for server-side web applications. There is a possible Denial of Service (DoS) vulnerability in the `unpoly-rails` gem that implements the Unpoly server protocol for Rails applications. This issues affects Rails applications that operate as an upstream of a load balancer’s that uses passive health checks. The `unpoly-rails` gem echoes the request URL as an `X-Up-Location` response header. By making a request with exceedingly long URLs (paths or query string), an attacker can cause unpoly-rails to write a exceedingly large response header. If the response header is too large to be parsed by a load balancer downstream of the Rails application, it may cause the load balancer to remove the upstream from a load balancing group. This causes that application instance to become unavailable until a configured timeout is reached or until an active healthcheck succeeds. This issue has been fixed and released as version 2.7.2.2 which is available via RubyGems and GitHub. Users unable to upgrade may: Configure your load balancer to use active health checks, e.g. by periodically requesting a route with a known response that indicates healthiness; Configure your load balancer so the maximum size of response headers is at least twice the maximum size of a URL; or instead of changing your server configuration you may also configure your Rails application to delete redundant `X-Up-Location` headers set by unpoly-rails.	2023-03-30	not yet calculated	CVE-2023-28846 MISC MISC MISC MISC MISC MISC MISC
redis-py — redis-py	redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT, and 4.3.6, 4.4.3, and 4.5.3 were released (changing the behavior for pipeline operations); however, please see CVE-2023-28859 about addressing data leakage across AsyncIO connections in general.	2023-03-26	not yet calculated	CVE-2023-28858 MISC MISC MISC MISC MISC MISC
redis-py — redis-py	redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutions for CVE-2023-28859 address data leakage across AsyncIO connections in general.	2023-03-26	not yet calculated	CVE-2023-28859 MISC MISC MISC MISC MISC
lemonldap — lemonldap	An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.	2023-03-31	not yet calculated	CVE-2023-28862 MISC CONFIRM
java.io — graphql	In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. The fixed versions are 20.1, 19.4, 18.4, 17.5, and 0.0.0-2023-03-20T01-49-44-80e3135.	2023-03-27	not yet calculated	CVE-2023-28867 MISC MISC MISC MISC MISC
vtex.io — graphql	The VTEX [email protected] GraphQL API module does not properly restrict unauthorized access to private configuration data. ([email protected] is unaffected by this issue.)	2023-03-31	not yet calculated	CVE-2023-28877 MISC
artifex — ghostscript	In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.	2023-03-31	not yet calculated	CVE-2023-28879 MISC MISC MISC
general_motors — mylink_infotainment_system	The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via a crafted MP3 file.	2023-03-27	not yet calculated	CVE-2023-28885 MISC
3cx — desktop_app	3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, and 18.12.416 of the Electron macOS application.	2023-03-30	not yet calculated	CVE-2023-29059 MISC MISC MISC MISC MISC
mediawiki — mediawiki	An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. The UserImpactHandler for GrowthExperiments inadvertently returns the timezone preference for arbitrary users, which can be used to de-anonymize users.	2023-03-31	not yet calculated	CVE-2023-29137 MISC
mediawiki — mediawiki	An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. When a user with checkuserlog permissions makes many CheckUserLog API requests in some configurations, denial of service can occur (RequestTimeoutException or upstream request timeout).	2023-03-31	not yet calculated	CVE-2023-29139 MISC
mediawiki — mediawiki	An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Attackers might be able to see edits for which the username has been hidden, because there is no check for rev_deleted.	2023-03-31	not yet calculated	CVE-2023-29140 MISC
mediawiki — mediawiki	An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.	2023-03-31	not yet calculated	CVE-2023-29141 MISC MISC

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

To keep up to date follow us on the below channels.

Tags: threatintel, US-CERT

US-CERT Vulnerability Summary for the Week of March 27, 2023

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

HardeningMeter – Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems

Sliver C2 Detected – 185[.]203[.]119[.]151:31337

GoPhish Login Page Detected – 34[.]163[.]246[.]120:443

Sliver C2 Detected – 146[.]70[.]54[.]90:31337

Sliver C2 Detected – 35[.]224[.]239[.]139:31337

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

You may have missed

HardeningMeter – Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems

Sliver C2 Detected – 185[.]203[.]119[.]151:31337

GoPhish Login Page Detected – 34[.]163[.]246[.]120:443

Sliver C2 Detected – 146[.]70[.]54[.]90:31337

Sliver C2 Detected – 35[.]224[.]239[.]139:31337