Vulnerability Summary for the Week of March 6, 2023

Released
Mar 13, 2023
Document ID
SB23-072

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
igamingmodules -- flashgames A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. 2023-03-05 9.8 CVE-2008-10003
MISC
MISC
MISC
codepeople -- polls_cp A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268. 2023-03-04 9.8 CVE-2014-125091
MISC
MISC
MISC
MISC
wordpress -- wordpress The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server 2023-03-06 9.8 CVE-2022-4328
MISC
zbt -- we1626_firmware An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. 2023-03-03 9.8 CVE-2022-45551
MISC
MISC
MISC
zbt -- we1626_firmware An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. 2023-03-03 9.8 CVE-2022-45553
MISC
MISC
MISC
anji-plus -- report Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. 2023-03-03 9.8 CVE-2022-46973
MISC
MISC
cisco -- ip_phone_6871_firmware Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2023-03-03 9.8 CVE-2023-20078
CISCO
judging_management_system -- judging_management_system Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. 2023-03-03 9.8 CVE-2023-24641
MISC
judging_management_system -- judging_management_system Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. 2023-03-03 9.8 CVE-2023-24642
MISC
judging_management_system -- judging_management_system Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. 2023-03-03 9.8 CVE-2023-24643
MISC
yf-exam -- yf-exam CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). 2023-03-03 9.8 CVE-2023-26779
MISC
MISC
best_pos_management_system -- best_pos_management_system Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. 2023-03-09 9.8 CVE-2023-27202
MISC
MISC
best_pos_management_system -- best_pos_management_system Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. 2023-03-09 9.8 CVE-2023-27203
MISC
MISC
best_pos_management_system -- best_pos_management_system Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. 2023-03-09 9.8 CVE-2023-27204
MISC
MISC
best_pos_management_system -- best_pos_management_system Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. 2023-03-09 9.8 CVE-2023-27205
MISC
MISC
sourcecodester -- online_pizza_ordering_system Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. 2023-03-09 9.8 CVE-2023-27207
MISC
MISC
sourcecodester -- online_pizza_ordering_system Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. 2023-03-09 9.8 CVE-2023-27210
MISC
MISC
sourcecodester -- online_pizza_ordering_system Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. 2023-03-09 9.8 CVE-2023-27213
MISC
MISC
sourcecodester -- online_pizza_ordering_system Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. 2023-03-09 9.8 CVE-2023-27214
MISC
MISC
gitpod -- gitpod An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace. 2023-03-03 9.6 CVE-2023-0957
MISC
MISC
MISC
MISC
MISC
MISC
MISC
webkitgtk -- webkitgtk A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. 2023-03-06 8.8 CVE-2019-8720
MISC
MISC
wordpress -- wordpress The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user 2023-03-06 8.8 CVE-2022-4265
MISC
draytek -- vigor_2960_firmware A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. 2023-03-03 8.8 CVE-2023-1162
MISC
MISC
MISC
google -- chrome Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1213
MISC
MISC
google -- chrome Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1214
MISC
MISC
google -- chrome Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1215
MISC
MISC
google -- chrome Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1216
MISC
MISC
google -- chrome Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1218
MISC
MISC
google -- chrome Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1219
MISC
MISC
google -- chrome Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-03-07 8.8 CVE-2023-1220
MISC
MISC
google -- chrome Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 8.8 CVE-2023-1222
MISC
MISC
google -- chrome Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) 2023-03-07 8.8 CVE-2023-1227
MISC
MISC
vantage6 -- vantage6 vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. 2023-03-04 8.8 CVE-2023-23929
MISC
MISC
prestashop -- xen_forum In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. 2023-03-06 8.8 CVE-2023-24763
MISC
MISC
jeecg -- jeecg jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. 2023-03-06 8.8 CVE-2023-24789
MISC
mailcow -- mailcow\ mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs. 2023-03-04 8.8 CVE-2023-26490
MISC
MISC
starsoftcomm -- coocare starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. 2023-03-03 7.8 CVE-2022-45988
MISC
MISC
struktur -- libde265 Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse 2023-03-03 7.8 CVE-2022-47664
MISC
struktur -- libde265 Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) 2023-03-03 7.8 CVE-2022-47665
MISC
hornerautomation -- cscape_envision_rv Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. 2023-03-09 7.8 CVE-2023-0621
MISC
hornerautomation -- cscape_envision_rv Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. 2023-03-09 7.8 CVE-2023-0622
MISC
hornerautomation -- cscape_envision_rv Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. 2023-03-09 7.8 CVE-2023-0623
MISC
kylinos -- kylin_os A vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. 2023-03-03 7.8 CVE-2023-1164
MISC
MISC
MISC
vim -- vim Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. 2023-03-03 7.8 CVE-2023-1170
MISC
CONFIRM
imageinfo -- imageinfo A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. 2023-03-06 7.8 CVE-2023-1190
MISC
MISC
MISC
MISC
ebay -- sketchsvg All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. 2023-03-06 7.8 CVE-2023-26107
MISC
MISC
MISC
systemd -- systemd systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. 2023-03-03 7.8 CVE-2023-26604
MISC
MISC
MISC
live2d -- cubism_editor Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. 2023-03-03 7.8 CVE-2023-27566
MISC
MISC
MISC
MISC
m-files -- m-files_server Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. 2023-03-06 7.6 CVE-2022-4862
MISC
zerocoin -- libzerocoin A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability. 2023-03-06 7.5 CVE-2017-20180
MISC
MISC
MISC
MISC
m-files -- m-files_server Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. 2023-03-06 7.5 CVE-2022-3284
MISC
zbt -- we1626_firmware An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. 2023-03-03 7.5 CVE-2022-45552
MISC
MISC
MISC
cisco -- ip_phone_6871_firmware Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. 2023-03-03 7.5 CVE-2023-20079
CISCO
cisco -- finesse A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. 2023-03-03 7.5 CVE-2023-20088
CISCO
yf-exam -- yf-exam CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. 2023-03-03 7.5 CVE-2023-25402
MISC
MISC
yf-exam -- yf-exam CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication. 2023-03-03 7.5 CVE-2023-25403
MISC
MISC
dot-lens -- dot-lens All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. 2023-03-06 7.5 CVE-2023-26106
MISC
MISC
@nubosoftware -- node-static All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. 2023-03-06 7.5 CVE-2023-26111
MISC
MISC
MISC
MISC
monospace -- directus Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0. 2023-03-03 7.5 CVE-2023-26492
MISC
MISC
MISC
phpseclib -- phpseclib Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. 2023-03-03 7.5 CVE-2023-27560
MISC
CONFIRM
openbsd -- openbsd In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. 2023-03-03 7.5 CVE-2023-27567
MISC
vim -- vim Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. 2023-03-04 7.3 CVE-2023-1175
MISC
CONFIRM
crmeb -- crmeb A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. 2023-03-03 7.2 CVE-2023-1165
MISC
MISC
MISC
fastcms -- fastcms A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363. 2023-03-06 7.2 CVE-2023-1191
MISC
MISC
MISC
MISC
phpipam -- phpipam SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. 2023-03-07 7.2 CVE-2023-1211
MISC
CONFIRM
barracuda -- cloudgen_wan_private_edge_gateway_firmware On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. 2023-03-03 7.2 CVE-2023-26213
FULLDISC
MISC
CONFIRM
MISC
runc -- runc runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. 2023-03-03 7 CVE-2023-27561
MISC
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
google -- android In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755. 2023-03-07 6.7 CVE-2023-20621
MISC
google -- android In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530. 2023-03-07 6.7 CVE-2023-20624
MISC
google -- android In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223. 2023-03-07 6.7 CVE-2023-20626
MISC
google -- android In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585. 2023-03-07 6.7 CVE-2023-20627
MISC
google -- android In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. 2023-03-07 6.7 CVE-2023-20628
MISC
google -- android In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628505; Issue ID: ALPS07628505. 2023-03-07 6.7 CVE-2023-20630
MISC
google -- android In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506. 2023-03-07 6.7 CVE-2023-20632
MISC
google -- android In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508. 2023-03-07 6.7 CVE-2023-20633
MISC
google -- android In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697. 2023-03-07 6.7 CVE-2023-20634
MISC
google -- android In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. 2023-03-07 6.7 CVE-2023-20636
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. 2023-03-07 6.7 CVE-2023-20637
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. 2023-03-07 6.7 CVE-2023-20638
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. 2023-03-07 6.7 CVE-2023-20639
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. 2023-03-07 6.7 CVE-2023-20640
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. 2023-03-07 6.7 CVE-2023-20641
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. 2023-03-07 6.7 CVE-2023-20642
MISC
google -- android In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. 2023-03-07 6.7 CVE-2023-20643
MISC
google -- android In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577. 2023-03-07 6.7 CVE-2023-20650
MISC
draytek -- vigor_2960_firmware A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. 2023-03-03 6.5 CVE-2023-1163
MISC
MISC
MISC
google -- chrome Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) 2023-03-07 6.5 CVE-2023-1217
MISC
MISC
google -- chrome Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 6.5 CVE-2023-1226
MISC
MISC
cisco -- unified_contact_center_express Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. 2023-03-03 6.5 CVE-2023-20061
CISCO
goauthentik -- authentik authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin (or sent via email by an admin) can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an Identification and an Email stage bound to it. If the flow has policies on the identification stage to skip it when the flow is restored (by checking `request.context['is_restored']`), the flow is not affected by this. With this flow in place, an administrator must create a recovery Link or send a recovery URL to the attacker, who can, due to the improper validation of the token create, set the password for any account. Regardless, for custom recovery flows it is recommended to add a policy that checks if the flow is restored, and skips the identification stage. This issue has been fixed in versions 2023.2.3, 2023.1.3 and 2022.12.2. 2023-03-04 6.5 CVE-2023-26481
MISC
MISC
openzeppelin -- contracts_upgradeable OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2. 2023-03-03 6.5 CVE-2023-26488
MISC
MISC
MISC
google -- android In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778. 2023-03-07 6.4 CVE-2023-20623
MISC
google -- android In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628532; Issue ID: ALPS07628532. 2023-03-07 6.4 CVE-2023-20625
MISC
google -- chrome Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) 2023-03-07 6.3 CVE-2023-1235
MISC
MISC
ajaxlife -- ajaxlife A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. 2023-03-05 6.1 CVE-2008-10002
MISC
MISC
MISC
MISC
media_downloader -- media_downloader A vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability. 2023-03-04 6.1 CVE-2014-125090
MISC
MISC
MISC
maxfoundry -- maxbuttons A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323. 2023-03-05 6.1 CVE-2014-125092
MISC
MISC
MISC
MISC
pluginmirror -- landing-pages A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320. 2023-03-06 6.1 CVE-2015-10090
MISC
MISC
MISC
MISC
qtranslate_slug -- qtranslate_slug A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324. 2023-03-06 6.1 CVE-2015-10092
MISC
MISC
MISC
MISC
seotool-- seotool A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. 2023-03-04 6.1 CVE-2020-36663
MISC
MISC
MISC
MISC
MISC
seotool -- seotool A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. 2023-03-04 6.1 CVE-2020-36664
MISC
MISC
MISC
MISC
MISC
seotool -- seotool A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. 2023-03-04 6.1 CVE-2020-36665
MISC
MISC
MISC
MISC
MISC
saysis -- starcities Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1. 2023-03-06 6.1 CVE-2022-2178
MISC
asosegitim -- sobiad Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01. 2023-03-03 6.1 CVE-2023-0577
MISC
asosegitim -- bookcites Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05. 2023-03-03 6.1 CVE-2023-0578
MISC
kibokolabs -- watu_quiz The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. 2023-03-03 6.1 CVE-2023-0968
MISC
MISC
sourcecodester -- health_center_patient_record_management_system A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331. 2023-03-05 6.1 CVE-2023-1180
MISC
MISC
MISC
enhancesoft -- osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 6.1 CVE-2023-1320
CONFIRM
MISC
draytek -- vigor2860_firmware Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. 2023-03-03 6.1 CVE-2023-23313
MISC
MISC
kitabisa -- teler-waf teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0. 2023-03-03 6.1 CVE-2023-26047
MISC
MISC
MISC
vega-functions_project -- vega-functions Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1. 2023-03-04 6.1 CVE-2023-26486
MISC
MISC
MISC
MISC
MISC
vega-functions -- vega-functions Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any function that can be access via `event.view` (no all such functions can be exploited due to invalid context or signature, but some can, e.g. `console.log`). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS `setImmediate` polyfill basically allows `eval`-like functionality). This issue was patched in 5.23.0. 2023-03-04 6.1 CVE-2023-26487
MISC
MISC
MISC
best_pos_management_system -- best_pos_management_system A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. 2023-03-09 6.1 CVE-2023-27206
MISC
MISC
sourcecodester -- online_pizza_ordering_system A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. 2023-03-09 6.1 CVE-2023-27208
MISC
MISC
sourcecodester -- online_pizza_ordering_system A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. 2023-03-09 6.1 CVE-2023-27211
MISC
MISC
sourcecodester -- online_pizza_ordering_system A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. 2023-03-09 6.1 CVE-2023-27212
MISC
MISC
quickentity_editor -- quickentity_editor quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-03-06 6.1 CVE-2023-27472
MISC
MISC
samba -- samba A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. 2023-03-06 5.9 CVE-2021-20251
MISC
MISC
ghost -- ghost Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. 2023-03-05 5.7 CVE-2023-26510
MISC
MISC
MISC
samourai-wallet-android -- samourai-wallet-android An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. 2023-03-04 5.5 CVE-2021-36689
MISC
MISC
libtiff -- libtiff LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. 2023-03-03 5.5 CVE-2022-4645
MISC
MISC
CONFIRM
FEDORA
fabulatech -- webcam_for_remote_desktop A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. 2023-03-06 5.5 CVE-2023-1186
MISC
MISC
MISC
fabulatech -- webcam_for_remote_desktop A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359. 2023-03-06 5.5 CVE-2023-1187
MISC
MISC
MISC
fabulatech -- webcam_for_remote_desktop A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360. 2023-03-06 5.5 CVE-2023-1188
MISC
MISC
MISC
MISC
wordpress -- wordpress A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability. 2023-03-06 5.4 CVE-2015-10093
MISC
MISC
MISC
MISC
wordpress -- wordpress The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0063
MISC
iwordpress -- wordpress The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0065
MISC
wordpress -- wordpress The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0069
MISC
wordpress -- wordpress The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0076
MISC
wordpress -- wordpress The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users 2023-03-06 5.4 CVE-2023-0078
MISC
wordpress -- wordpress The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0165
MISC
wordpress -- wordpress The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 5.4 CVE-2023-0212
MISC
sourcecodester -- computer_parts_sales_and_inventory_system A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability. 2023-03-05 5.4 CVE-2023-1179
MISC
MISC
MISC
easyimages2.0 -- easyimages2.0 Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. 2023-03-05 5.4 CVE-2023-1181
CONFIRM
MISC
ehuacui-bbs -- ehuacui-bbs A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. 2023-03-06 5.4 CVE-2023-1200
MISC
MISC
MISC
enhancesoft -- osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 5.4 CVE-2023-1315
MISC
CONFIRM
enhancesoft -- osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 5.4 CVE-2023-1316
CONFIRM
MISC
enhancesoft -- osticket Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 5.4 CVE-2023-1317
CONFIRM
MISC
enhancesoft -- osticket Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 5.4 CVE-2023-1318
MISC
CONFIRM
cisco -- prime_infrastructure A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. 2023-03-03 5.4 CVE-2023-20069
CISCO
blogengine.net -- blogengine.net A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. 2023-03-06 5.4 CVE-2023-22856
MISC
blogengine.net -- blogengine.net A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. 2023-03-06 5.4 CVE-2023-22857
MISC
craftcms -- craftcms Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. 2023-03-03 5.4 CVE-2023-23927
MISC
MISC
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. 2023-03-08 5.4 CVE-2023-26950
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. 2023-03-08 5.4 CVE-2023-26952
MISC
wallabag -- wallabag Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. 2023-03-05 5.3 CVE-2023-0734
CONFIRM
MISC
discourse -- discourse Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. 2023-03-04 5.3 CVE-2023-25819
MISC
MISC
nestjs -- nest Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. 2023-03-06 5.3 CVE-2023-26108
MISC
MISC
MISC
MISC
uvdesk -- community-skeleton Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. 2023-03-06 4.8 CVE-2023-1197
CONFIRM
MISC
phpipam -- phpipam Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. 2023-03-07 4.8 CVE-2023-1212
CONFIRM
MISC
enhancesoft -- osticket Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. 2023-03-10 4.8 CVE-2023-1319
MISC
CONFIRM
google -- android In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028. 2023-03-07 4.4 CVE-2023-20635
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. 2023-03-07 4.4 CVE-2023-20644
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609. 2023-03-07 4.4 CVE-2023-20645
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536. 2023-03-07 4.4 CVE-2023-20646
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547. 2023-03-07 4.4 CVE-2023-20647
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612. 2023-03-07 4.4 CVE-2023-20648
MISC
google -- android In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607. 2023-03-07 4.4 CVE-2023-20649
MISC
google -- android In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576. 2023-03-07 4.4 CVE-2023-20651
MISC
joinmastodon -- mastodon The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. 2023-03-06 4.3 CVE-2022-48364
MISC
MISC
MISC
MISC
wordpress -- wordpress The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). 2023-03-06 4.3 CVE-2023-0328
MISC
google -- chrome Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1221
MISC
MISC
google -- chrome Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1223
MISC
MISC
google -- chrome Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1224
MISC
MISC
google -- chrome Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1225
MISC
MISC
google -- chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1228
MISC
MISC
google -- chrome Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1229
MISC
MISC
google -- chrome Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1230
MISC
MISC
google -- chrome Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) 2023-03-07 4.3 CVE-2023-1231
MISC
MISC
google -- chrome Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) 2023-03-07 4.3 CVE-2023-1232
MISC
MISC
google -- chrome Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) 2023-03-07 4.3 CVE-2023-1233
MISC
MISC
google -- chrome Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) 2023-03-07 4.3 CVE-2023-1234
MISC
MISC
google -- chrome Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) 2023-03-07 4.3 CVE-2023-1236
MISC
MISC
cisco -- unified_contact_center_express Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. 2023-03-03 4.3 CVE-2023-20062
CISCO
google -- android In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. 2023-03-07 4.1 CVE-2023-20620
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
Description Published CVSS Score Source & Patch Info

wordpress -- wordpress

A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. 2023-03-05 not yet calculated CVE-2006-10001
MISC
MISC
MISC
MISC
email_registration -- email_registration A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2008-10004
MISC
MISC
MISC
MISC
wordpress -- wordpress A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. 2023-03-10 not yet calculated CVE-2013-10020
MISC
MISC
MISC
wordpress -- wordpress A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. 2023-03-11 not yet calculated CVE-2013-10021
MISC
MISC
MISC
MISC
wordpress -- wordpress A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability. 2023-03-10 not yet calculated CVE-2014-125093
MISC
MISC
MISC
MISC

ayttm -- ayttm

A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267. 2023-03-05 not yet calculated CVE-2015-10088
MISC
MISC
MISC
MISC

flame.js -- flame.js

A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291. 2023-03-05 not yet calculated CVE-2015-10089
MISC
MISC
MISC
MISC

bywater_solutions -- bywater-koha-xslt

A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2015-10091
MISC
MISC
MISC
wordpress -- wordpress A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2015-10094
MISC
MISC
MISC
MISC
wordpress -- wordpress A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327. 2023-03-06 not yet calculated CVE-2015-10095
MISC
MISC
MISC
MISC

hgzojer -- vocable_trainer

A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. 2023-03-07 not yet calculated CVE-2017-20181
MISC
MISC
MISC
MISC

mobile_vikings -- django_ajax_utilities

A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611. 2023-03-10 not yet calculated CVE-2017-20182
MISC
MISC
MISC
wordpress -- wordpress The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them. 2023-03-07 not yet calculated CVE-2020-36667
MISC
MISC
wordpress -- wordpress The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information. 2023-03-07 not yet calculated CVE-2020-36668
MISC
MISC
wordpress -- wordpress The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. 2023-03-07 not yet calculated CVE-2020-36669
MISC
MISC
wordpress -- wordpress The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more. 2023-03-07 not yet calculated CVE-2020-36670
MISC
MISC

ibm -- financial_transactoin_manager

IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. 2023-03-10 not yet calculated CVE-2020-5002
MISC
MISC

hclsoftware -- verse

HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. 2023-03-10 not yet calculated CVE-2021-27788
MISC

wyomind -- help_desk_magento_2

Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field. 2023-03-08 not yet calculated CVE-2021-33351
MISC
MISC

wyomind -- help_desk_magento_2

An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. 2023-03-08 not yet calculated CVE-2021-33352
MISC
MISC

wyomind -- help_desk_magento_2

Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. 2023-03-08 not yet calculated CVE-2021-33353
MISC
MISC

gnuplot -- gnuplot

An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). 2023-03-10 not yet calculated CVE-2021-33360
MISC
MISC
kernel -- kernel REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. 2023-03-08 not yet calculated CVE-2021-33639
MISC
yuneec -- mantis_q/px4-autopilot An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. 2023-03-09 not yet calculated CVE-2021-34125
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC

vicidial -- vicidial

Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. 2023-03-06 not yet calculated CVE-2021-35377
MISC
MISC

moodle -- moodle

In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. 2023-03-06 not yet calculated CVE-2021-36392
MISC

moodle -- moodle

In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. 2023-03-06 not yet calculated CVE-2021-36393
MISC

moodle -- moodle

In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. 2023-03-06 not yet calculated CVE-2021-36394
MISC

moodle -- moodle

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. 2023-03-06 not yet calculated CVE-2021-36395
MISC

moodle -- moodle

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. 2023-03-06 not yet calculated CVE-2021-36396
MISC

moodle -- moodle

In Moodle, insufficient capability checks meant message deletions were not limited to the current user. 2023-03-06 not yet calculated CVE-2021-36397
MISC

moodle -- moodle

In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. 2023-03-06 not yet calculated CVE-2021-36398
MISC

moodle -- moodle

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. 2023-03-06 not yet calculated CVE-2021-36399
MISC

moodle -- moodle

In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. 2023-03-06 not yet calculated CVE-2021-36400
MISC

moodle -- moodle

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. 2023-03-06 not yet calculated CVE-2021-36401
MISC

moodle -- moodle

In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. 2023-03-06 not yet calculated CVE-2021-36402
MISC

moodle -- moodle

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. 2023-03-06 not yet calculated CVE-2021-36403
MISC
jquery -- jquery Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012. 2023-03-06 not yet calculated CVE-2021-36713
MISC
MISC
json-logic-js -- json-logic-js A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. 2023-03-05 not yet calculated CVE-2021-4329
MISC
MISC
MISC
MISC
wordpress -- wordpress The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download. 2023-03-07 not yet calculated CVE-2021-4330
MISC
MISC
wordpress -- wordpress The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post). 2023-03-07 not yet calculated CVE-2021-4331
MISC
MISC
wordpress -- wordpress The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation. 2023-03-07 not yet calculated CVE-2021-4332
MISC
MISC
wordpress -- wordpress The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-07 not yet calculated CVE-2021-4333
MISC
MISC
ubit_information_technologies -- student_information management_system Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. 2023-03-07 not yet calculated CVE-2021-44196
MISC
ubit_information_technologies -- student_information management_system Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. 2023-03-07 not yet calculated CVE-2021-44197
MISC
cisco -- cisco enterprise_nfv infrastructure_ software A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. 2023-03-10 not yet calculated CVE-2022-20929
MISC
qualcomm -- snapdragon Information Disclosure in Graphics during GPU context switch. 2023-03-10 not yet calculated CVE-2022-22075
MISC
fortinet -- multiple_products An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. 2023-03-07 not yet calculated CVE-2022-22297
MISC
qualcomm -- snapdragon Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. 2023-03-10 not yet calculated CVE-2022-25655
MISC
qualcomm -- snapdragon Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM 2023-03-10 not yet calculated CVE-2022-25694
MISC
qualcomm -- snapdragon Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response 2023-03-10 not yet calculated CVE-2022-25705
MISC
qualcomm -- snapdragon Memory corruption in modem due to use of out of range pointer offset while processing qmi msg 2023-03-10 not yet calculated CVE-2022-25709
MISC
fortinet -- multiple_products A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. 2023-03-07 not yet calculated CVE-2022-27490
MISC
fortinet -- fortimail A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. 2023-03-09 not yet calculated CVE-2022-29056
MISC
openstack-neutron -- openstack-neutron An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. 2023-03-06 not yet calculated CVE-2022-3277
MISC
MISC
qualcomm -- snapdragon Memory corruption in modem due to buffer overflow while processing a PPP packet 2023-03-10 not yet calculated CVE-2022-33213
MISC
qualcomm -- snapdragon Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. 2023-03-10 not yet calculated CVE-2022-33242
MISC
qualcomm -- snapdragon Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout 2023-03-10 not yet calculated CVE-2022-33244
MISC
qualcomm -- snapdragon Memory corruption in WLAN due to use after free 2023-03-10 not yet calculated CVE-2022-33245
MISC
qualcomm -- snapdragon Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. 2023-03-10 not yet calculated CVE-2022-33250
MISC
qualcomm -- snapdragon Transient DOS due to reachable assertion in Modem while processing SIB1 Message. 2023-03-10 not yet calculated CVE-2022-33254
MISC
qualcomm -- snapdragon Memory corruption due to improper validation of array index in Multi-mode call processor. 2023-03-10 not yet calculated CVE-2022-33256
MISC
qualcomm -- snapdragon Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. 2023-03-10 not yet calculated CVE-2022-33257
MISC
qualcomm -- snapdragon Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. 2023-03-10 not yet calculated CVE-2022-33260
MISC
qualcomm -- snapdragon Transient DOS in modem due to reachable assertion. 2023-03-10 not yet calculated CVE-2022-33272
MISC
qualcomm -- snapdragon Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. 2023-03-10 not yet calculated CVE-2022-33278
MISC
qualcomm -- snapdragon Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes. 2023-03-10 not yet calculated CVE-2022-33309
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites 2023-03-09 not yet calculated CVE-2022-3381
CONFIRM
MISC
MISC
linux -- kernel A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2023-03-06 not yet calculated CVE-2022-3424
MISC
MISC
MISC
MISC
gitlab -- gitlab A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. 2023-03-06 not yet calculated CVE-2022-3707
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. 2023-03-09 not yet calculated CVE-2022-3758
MISC
MISC
CONFIRM
mia_technology -- mia-med Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. 2023-03-07 not yet calculated CVE-2022-3760
MISC
gitlab -- dast Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. 2023-03-09 not yet calculated CVE-2022-3767
CONFIRM
MISC
hewlett_packard_enterprise -- hpe_flex/hpe_flex_280 A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. 2023-03-10 not yet calculated CVE-2022-37939
MISC
ceph -- ceph A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. 2023-03-06 not yet calculated CVE-2022-3854
MISC
libpng -- libpng A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function. 2023-03-06 not yet calculated CVE-2022-3857
MISC
fortinet -- fortiweb A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. 2023-03-07 not yet calculated CVE-2022-39951
MISC
fortinet -- fortinac A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. 2023-03-07 not yet calculated CVE-2022-39953
MISC
gitlab -- gitlab A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. 2023-03-08 not yet calculated CVE-2022-4007
CONFIRM
MISC
MISC
qualcomm -- snapdragon Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. 2023-03-10 not yet calculated CVE-2022-40515
MISC
qualcomm -- snapdragon Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. 2023-03-10 not yet calculated CVE-2022-40527
MISC
qualcomm -- snapdragon Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. 2023-03-10 not yet calculated CVE-2022-40530
MISC
qualcomm -- snapdragon
 
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. 2023-03-10 not yet calculated CVE-2022-40531
MISC
qualcomm -- snapdragon Transient DOS due to buffer over-read in WLAN while sending a packet to device. 2023-03-10 not yet calculated CVE-2022-40535
MISC
qualcomm -- snapdragon Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. 2023-03-10 not yet calculated CVE-2022-40537
MISC
qualcomm -- snapdragon Memory corruption in Automotive Android OS due to improper validation of array index. 2023-03-10 not yet calculated CVE-2022-40539
MISC
qualcomm -- snapdragon Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. 2023-03-10 not yet calculated CVE-2022-40540
MISC
fortinet -- fortinac A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. 2023-03-07 not yet calculated CVE-2022-40676
MISC
fortinet -- fortios A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. 2023-03-07 not yet calculated CVE-2022-41328
MISC
fortinet -- multiple_products An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. 2023-03-07 not yet calculated CVE-2022-41329
MISC
fortinet -- fortirecorder An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. 2023-03-07 not yet calculated CVE-2022-41333
MISC

openstack -- glance

A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. 2023-03-06 not yet calculated CVE-2022-4134
MISC
MISC
MISC
qlik -- qlikview QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. 2023-03-06 not yet calculated CVE-2022-42248
MISC
MISC
fortinet -- fortios A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. 2023-03-07 not yet calculated CVE-2022-42476
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users. 2023-03-09 not yet calculated CVE-2022-4289
MISC
MISC
CONFIRM
gitlab -- dast An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. 2023-03-08 not yet calculated CVE-2022-4315
CONFIRM
MISC
MISC
gitlab -- dast An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. 2023-03-09 not yet calculated CVE-2022-4317
CONFIRM
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. 2023-03-09 not yet calculated CVE-2022-4331
MISC
MISC
CONFIRM
ibm -- mq IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. 2023-03-10 not yet calculated CVE-2022-43902
MISC
MISC
ivanti -- avalanche An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. 2023-03-10 not yet calculated CVE-2022-44574
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. 2023-03-09 not yet calculated CVE-2022-4462
MISC
CONFIRM
MISC
kioware -- kioware KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. 2023-03-06 not yet calculated CVE-2022-44875
MISC
MISC
samba -- active_directory Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). 2023-03-06 not yet calculated CVE-2022-45141
MISC
heimdal -- heimdal The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. 2023-03-06 not yet calculated CVE-2022-45142
MISC
fortinet -- multiple_products An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. 2023-03-07 not yet calculated CVE-2022-45861
MISC
github -- github_enterprise_server An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. 2023-03-07 not yet calculated CVE-2022-46257
MISC
MISC
MISC
MISC
arm -- arm_mali An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. 2023-03-08 not yet calculated CVE-2022-46394
MISC
MISC
arm -- arm_mali An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. 2023-03-06 not yet calculated CVE-2022-46395
CONFIRM
MISC
dell -- bios Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. 2023-03-08 not yet calculated CVE-2022-46752
MISC
unisoc_technologies -- multiple_products In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. 2023-03-10 not yet calculated CVE-2022-47453
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47454
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47455
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47456
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47457
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47458
MISC
unisoc_technologies -- multiple_products In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. 2023-03-10 not yet calculated CVE-2022-47459
MISC
unisoc_technologies -- multiple_products In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. 2023-03-10 not yet calculated CVE-2022-47460
MISC
unisoc_technologies -- multiple_products In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47461
MISC
unisoc_technologies -- multiple_products In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47462
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47471
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47472
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47473
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47474
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47475
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47476
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47477
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47478
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47479
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47480
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47481
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47482
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47483
MISC
unisoc_technologies -- multiple_products In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. 2023-03-10 not yet calculated CVE-2022-47484
MISC
sipe -- yarix A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. 2023-03-10 not yet calculated CVE-2022-48111
MISC
MISC
MISC
c-ares -- c-ares A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. 2023-03-06 not yet calculated CVE-2022-4904
MISC
MISC
FEDORA
ualbertalib -- neosdiscovery A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. 2023-03-05 not yet calculated CVE-2022-4927
MISC
MISC
MISC
MISC
MISC
icplayer -- icplayer A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2022-4928
MISC
MISC
MISC
MISC
MISC
icplayer -- icplayer A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2022-4929
MISC
MISC
MISC
MISC
MISC
syspass -- syspass A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The name of the patch is 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319. 2023-03-06 not yet calculated CVE-2022-4930
MISC
MISC
MISC
MISC
MISC
wordpress -- wordpress The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. 2023-03-07 not yet calculated CVE-2022-4931
MISC
MISC
wordpress -- wordpress The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. 2023-03-07 not yet calculated CVE-2022-4932
MISC
MISC
linux -- kernel A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2023-03-08 not yet calculated CVE-2023-0030
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. 2023-03-09 not yet calculated CVE-2023-0050
CONFIRM
MISC
MISC
wordpress -- wordpress The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 not yet calculated CVE-2023-0064
MISC
wordpress -- wordpress The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 not yet calculated CVE-2023-0068
MISC
openharmony -- openharmy The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. 2023-03-10 not yet calculated CVE-2023-0083
MISC
proofpoint -- enterprise_protection The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. 2023-03-08 not yet calculated CVE-2023-0089
MISC
proofpoint -- enterprise_protection The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. 2023-03-08 not yet calculated CVE-2023-0090
MISC
okta -- advanced_server_access_client Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. 2023-03-06 not yet calculated CVE-2023-0093
MISC
nvidia -- cuda_toolkit_sdk NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. 2023-03-10 not yet calculated CVE-2023-0193
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. 2023-03-09 not yet calculated CVE-2023-0223
CONFIRM
MISC
MISC
qemu -- qemu A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. 2023-03-06 not yet calculated CVE-2023-0330
MISC
wordpress -- wordpress The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-03-06 not yet calculated CVE-2023-0377
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. 2023-03-09 not yet calculated CVE-2023-0483
CONFIRM
MISC
MISC
gigamon -- gigavue-fm/gigavue-os The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. 2023-03-10 not yet calculated CVE-2023-0746
CONFIRM
promis_process_company -- inscada Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. 2023-03-06 not yet calculated CVE-2023-0839
MISC
hashicorp -- consul/consul_enterprise Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. 2023-03-09 not yet calculated CVE-2023-0845
MISC
meddata_informatics -- meddatapacs Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData Informatics MedDataPACS.This issue affects MedDataPACS : before 2023-03-03. 2023-03-06 not yet calculated CVE-2023-0979
MISC
typora -- typora A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. 2023-03-07 not yet calculated CVE-2023-1003
MISC
MISC
MISC
gitlab -- gitlab An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. 2023-03-09 not yet calculated CVE-2023-1072
MISC
CONFIRM
gitlab -- gitlab_ce/ee An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. 2023-03-09 not yet calculated CVE-2023-1084
MISC
MISC
CONFIRM
alpata -- licensed_warehousing_automation_system Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01. 2023-03-10 not yet calculated CVE-2023-1091
MISC
wireshark -- wireshark ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file 2023-03-06 not yet calculated CVE-2023-1161
CONFIRM
MISC
MISC
ecshop -- ecshop A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356. 2023-03-06 not yet calculated CVE-2023-1184
MISC
MISC
MISC
ecshop -- ecshop A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2023-1185
MISC
MISC
MISC
wisecleaner -- wise_folder_hider A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability. 2023-03-06 not yet calculated CVE-2023-1189
MISC
MISC
MISC
saysis -- starcities Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. 2023-03-10 not yet calculated CVE-2023-1198
MISC
devolutions -- server Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. 2023-03-10 not yet calculated CVE-2023-1201
MISC
devolutions -- remote_desktop_manager_powershell_module Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. 2023-03-10 not yet calculated CVE-2023-1203
MISC
netgear -- nighthawk_wifi6_router NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. 2023-03-10 not yet calculated CVE-2023-1205
MISC
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1237
CONFIRM
MISC
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1238
CONFIRM
MISC
answerdev -- answer Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1239
MISC
CONFIRM
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1240
CONFIRM
MISC
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1241
CONFIRM
MISC
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1242
MISC
CONFIRM
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1243
MISC
CONFIRM
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1244
MISC
CONFIRM
answerdev -- answer Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. 2023-03-07 not yet calculated CVE-2023-1245
CONFIRM
MISC
saysis -- starcities Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3. 2023-03-10 not yet calculated CVE-2023-1246
MISC
pimcore -- pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0. 2023-03-07 not yet calculated CVE-2023-1247
MISC
CONFIRM
akinsoft -- wolvox Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. 2023-03-09 not yet calculated CVE-2023-1251
MISC
sourcecodester -- health_center_patient_record_management_system A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483. 2023-03-07 not yet calculated CVE-2023-1253
MISC
MISC
MISC
sourcecodester -- health_center_patient_record_management_system A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484. 2023-03-07 not yet calculated CVE-2023-1254
MISC
MISC
MISC
moxa -- uc_series An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. 2023-03-07 not yet calculated CVE-2023-1257
MISC
wordpress -- wordpress The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled. 2023-03-07 not yet calculated CVE-2023-1263
MISC
MISC
vim -- vim NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. 2023-03-07 not yet calculated CVE-2023-1264
CONFIRM
MISC
ulkem -- pttem_kart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. 2023-03-08 not yet calculated CVE-2023-1267
MISC
easyappointment -- easyappointment Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. 2023-03-08 not yet calculated CVE-2023-1269
CONFIRM
MISC
btcpayserver -- btcpayserver Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. 2023-03-08 not yet calculated CVE-2023-1270
MISC
CONFIRM
sourcecodester -- phone_shop_sales_managements_system A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability. 2023-03-08 not yet calculated CVE-2023-1275
MISC
MISC
MISC
sul1ss_shop -- sul1ss_shop A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599. 2023-03-08 not yet calculated CVE-2023-1276
MISC
MISC
MISC
kylin -- kylin-system-updater A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600. 2023-03-08 not yet calculated CVE-2023-1277
MISC
MISC
MISC
ibos -- ibos A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608. 2023-03-08 not yet calculated CVE-2023-1278
MISC
MISC
MISC
qwik -- qwik Code Injection in GitHub repository builderio/qwik prior to 0.21.0. 2023-03-08 not yet calculated CVE-2023-1283
CONFIRM
MISC
pimcore -- pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. 2023-03-09 not yet calculated CVE-2023-1286
CONFIRM
MISC
dassault_systèmes -- enovia_live_collaboration An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. 2023-03-09 not yet calculated CVE-2023-1287
MISC
dassault_systèmes -- enovia_live_collaboration An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions. 2023-03-09 not yet calculated CVE-2023-1288
MISC
sourcecodester -- sales_tracker_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644. 2023-03-09 not yet calculated CVE-2023-1290
MISC
MISC
MISC
sourcecodester -- sales_tracker_management_system A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability. 2023-03-09 not yet calculated CVE-2023-1291
MISC
MISC
MISC
sourcecodester -- sales_tracker_management_system A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability. 2023-03-09 not yet calculated CVE-2023-1292
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_system A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647. 2023-03-09 not yet calculated CVE-2023-1293
MISC
MISC
MISC
dester -- file_tracker_manager_system A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648. 2023-03-09 not yet calculated CVE-2023-1294
MISC
MISC
MISC
sourcecodester -- covid_19_testing_management_system A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222661 was assigned to this vulnerability. 2023-03-09 not yet calculated CVE-2023-1300
MISC
MISC
MISC
sourcecodester -- friendly_island_pizza_website_and_ordering_system A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability. 2023-03-09 not yet calculated CVE-2023-1301
MISC
MISC
MISC
sourcecodester -- file_tracker_management_system A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663. 2023-03-09 not yet calculated CVE-2023-1302
MISC
MISC
MISC
ucms -- ucms A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683. 2023-03-09 not yet calculated CVE-2023-1303
MISC
MISC
MISC
froxlor -- froxlor Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. 2023-03-10 not yet calculated CVE-2023-1307
MISC
CONFIRM
sourcecodester -- online_graduate_tracer_system A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696. 2023-03-10 not yet calculated CVE-2023-1308
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_system A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222697 was assigned to this vulnerability. 2023-03-10 not yet calculated CVE-2023-1309
MISC
MISC
MISC
sourcecodester -- online_graduate_tracer_system A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability. 2023-03-10 not yet calculated CVE-2023-1310
MISC
MISC
MISC
sourcecodester -- friendly_island_pizza_website_and_ordering_system A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699. 2023-03-10 not yet calculated CVE-2023-1311
MISC
MISC
MISC
pimcore -- pimcore Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. 2023-03-10 not yet calculated CVE-2023-1312
CONFIRM
MISC
cockpit-hq -- cockpit Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. 2023-03-10 not yet calculated CVE-2023-1313
CONFIRM
MISC
lmxcms -- lmxcms A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727. 2023-03-10 not yet calculated CVE-2023-1321
MISC
MISC
lmxcms -- lmxcms A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728. 2023-03-10 not yet calculated CVE-2023-1322
MISC
MISC
guizhou -- 115cms A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. 2023-03-10 not yet calculated CVE-2023-1328
MISC
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache. 2023-03-10 not yet calculated CVE-2023-1333
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache. 2023-03-10 not yet calculated CVE-2023-1334
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site. 2023-03-10 not yet calculated CVE-2023-1335
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching. 2023-03-10 not yet calculated CVE-2023-1336
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files. 2023-03-10 not yet calculated CVE-2023-1337
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules. 2023-03-10 not yet calculated CVE-2023-1338
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules. 2023-03-10 not yet calculated CVE-2023-1339
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1340
MISC
MISC
wordpress -- wordpress
 
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1341
MISC
MISC
wordpress -- wordpress
 
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1342
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1343
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1344
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1345
MISC
MISC
wordpress -- wordpress The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-03-10 not yet calculated CVE-2023-1346
MISC
MISC
hsycms -- hsycms A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability. 2023-03-11 not yet calculated CVE-2023-1349
MISC
MISC
MISC

liferea -- liferea

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date &gt;/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. 2023-03-11 not yet calculated CVE-2023-1350
MISC
MISC
MISC

sourcecodester -- computer_parts_sales_and_inventory_system

A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability. 2023-03-11 not yet calculated CVE-2023-1351
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system

A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851. 2023-03-11 not yet calculated CVE-2023-1352
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system

A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852. 2023-03-11 not yet calculated CVE-2023-1353
MISC
MISC
MISC

sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system

A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. 2023-03-11 not yet calculated CVE-2023-1354
MISC
MISC
MISC

vim -- vim

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. 2023-03-11 not yet calculated CVE-2023-1355
MISC
CONFIRM

cisco -- ios_xr_software_for_asr9000_series_routers

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads. 2023-03-09 not yet calculated CVE-2023-20049
CISCO

cisco -- ios_xr_software

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. 2023-03-09 not yet calculated CVE-2023-20064
CISCO

openharmony -- openharmony

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. 2023-03-10 not yet calculated CVE-2023-22301
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. 2023-03-06 not yet calculated CVE-2023-22335
MISC
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent

Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. 2023-03-06 not yet calculated CVE-2023-22336
MISC
MISC

dos_company_limited -- ss1/rakuraku_pc_cloud_agent

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. 2023-03-06 not yet calculated CVE-2023-22344
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_software Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. 2023-03-06 not yet calculated CVE-2023-22419
MISC
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_software Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. 2023-03-06 not yet calculated CVE-2023-22421
MISC
MISC
MISC
jtekt_electronics_corporation -- kostac_plc_programming_software Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. 2023-03-06 not yet calculated CVE-2023-22424
MISC
MISC
MISC

web2py -- web2py

Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. 2023-03-06 not yet calculated CVE-2023-22432
MISC
MISC
MISC

openharmony -- openharmony

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. 2023-03-10 not yet calculated CVE-2023-22436
MISC

ec_cube -- 4_series

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. 2023-03-06 not yet calculated CVE-2023-22438
MISC
MISC
MISC
MISC

freshrss -- freshrss

FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occurs in `authorizationToUser()` in `greader.php`. If there is an issue with the request or the credentials, `unauthorized()` or `badRequest()` is called. Both these functions are printing the return of `debugInfo()` in the logs. `debugInfo()` will return the content of the request. By default, this will be saved in `users/_/log_api.txt` and if the const `COPY_LOG_TO_SYSLOG` is true, in syslogs as well. Exploiting this issue requires having access to logs produced by FreshRSS. Using the information from the logs, a malicious individual could get users' API keys (would be displayed if the users fills in a bad username) or passwords. 2023-03-06 not yet calculated CVE-2023-22481
MISC
MISC

ec_cube -- 4_series

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. 2023-03-06 not yet calculated CVE-2023-22838
MISC
MISC

pg_ivm -- pg_ivm

Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it. 2023-03-07 not yet calculated CVE-2023-22847
MISC
MISC
MISC

blog_engine.net -- blog_engine.net

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. 2023-03-06 not yet calculated CVE-2023-22858
MISC

smartbear -- zephr_enterprise

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. 2023-03-08 not yet calculated CVE-2023-22889
MISC

smartbear -- zephr_enterprise

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. 2023-03-08 not yet calculated CVE-2023-22890
MISC

smartbear -- zephr_enterprise

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. 2023-03-08 not yet calculated CVE-2023-22891
MISC

smartbear -- zephr_enterprise

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. 2023-03-08 not yet calculated CVE-2023-22892
MISC

avantfax -- avantfax

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. 2023-03-10 not yet calculated CVE-2023-23326
MISC
MISC

avantfax -- avantfax

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls. 2023-03-10 not yet calculated CVE-2023-23327
MISC
MISC

avantfax -- avantfax

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. 2023-03-10 not yet calculated CVE-2023-23328
MISC
MISC

pg_ivm -- pg_ivm

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. 2023-03-07 not yet calculated CVE-2023-23554
MISC
MISC
MISC
apache -- dubbo A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions. 2023-03-08 not yet calculated CVE-2023-23638
MISC
github -- enterprise_server A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program. 2023-03-08 not yet calculated CVE-2023-23760
MISC
MISC
MISC
MISC
fortinet -- fortianalyzer An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer 2023-03-07 not yet calculated CVE-2023-23776
MISC
rocket.chat -- rocket.chat An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. 2023-03-10 not yet calculated CVE-2023-23911
MISC
azure -- setup-kubectl Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. 2023-03-06 not yet calculated CVE-2023-23939
MISC
MISC
agilebio -- electronic_lab_notebook AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. 2023-03-06 not yet calculated CVE-2023-24217
MISC
MISC
poly/hp -- trio An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. 2023-03-08 not yet calculated CVE-2023-24282
MISC
MISC
openharmony -- openharmony Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. 2023-03-10 not yet calculated CVE-2023-24465
MISC
go -- p256 The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. 2023-03-08 not yet calculated CVE-2023-24532
MISC
MISC
MISC
MISC
go -- p256 Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. 2023-03-08 not yet calculated CVE-2023-24533
MISC
MISC
MISC
phpipam -- phpipam phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. 2023-03-08 not yet calculated CVE-2023-24657
MISC
pmb -- pmb PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. 2023-03-06 not yet calculated CVE-2023-24733
MISC
pmb -- pmb An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. 2023-03-06 not yet calculated CVE-2023-24734
MISC
pmb -- pmb PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. 2023-03-06 not yet calculated CVE-2023-24735
MISC
pmb -- pmb PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. 2023-03-06 not yet calculated CVE-2023-24736
MISC
pmb -- pmb PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. 2023-03-06 not yet calculated CVE-2023-24737
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. 2023-03-08 not yet calculated CVE-2023-24773
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. 2023-03-10 not yet calculated CVE-2023-24774
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. 2023-03-07 not yet calculated CVE-2023-24775
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. 2023-03-06 not yet calculated CVE-2023-24776
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. 2023-03-08 not yet calculated CVE-2023-24777
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. 2023-03-08 not yet calculated CVE-2023-24780
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. 2023-03-07 not yet calculated CVE-2023-24781
MISC
funadmin -- funadmin Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. 2023-03-08 not yet calculated CVE-2023-24782
MISC
ibm -- spectrum_symphony IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. 2023-03-10 not yet calculated CVE-2023-24975
MISC
MISC
hashicorp -- vault/vault_enterprise HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. 2023-03-11 not yet calculated CVE-2023-24999
MISC
ec-cube -- 4_series Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. 2023-03-06 not yet calculated CVE-2023-25077
MISC
MISC
trend_micro -- apex_one_server An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. 2023-03-10 not yet calculated CVE-2023-25143
MISC
trend_micro -- apex_one An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. 2023-03-10 not yet calculated CVE-2023-25144
MISC
MISC
trend_micro -- apex_one A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2023-03-10 not yet calculated CVE-2023-25145
MISC
MISC
trend_micro -- apex_one A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2023-03-10 not yet calculated CVE-2023-25146
MISC
MISC
trend_micro -- apex_one An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. 2023-03-10 not yet calculated CVE-2023-25147
MISC
trend_micro -- apex_one A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2023-03-10 not yet calculated CVE-2023-25148
MISC
MISC
discourse -- discourse-yearly-review discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. 2023-03-06 not yet calculated CVE-2023-25169
MISC
MISC
crmeb -- crmeb CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. 2023-03-07 not yet calculated CVE-2023-25223
MISC
loonflow -- loonflow loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). 2023-03-07 not yet calculated CVE-2023-25230
MISC
prism_launcher -- prism_launcher Prism Launcher <= 6.1 is vulnerable to Directory Traversal. 2023-03-06 not yet calculated CVE-2023-25304
MISC
totolink -- a7100ru TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. 2023-03-08 not yet calculated CVE-2023-25395
MISC
metersphere -- metersphere metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-03-09 not yet calculated CVE-2023-25573
MISC
fortinet -- fortisoar A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. 2023-03-07 not yet calculated CVE-2023-25605
MISC
fortinet -- fortianalyzer A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. 2023-03-07 not yet calculated CVE-2023-25611
MISC
apache -- http_server Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. 2023-03-07 not yet calculated CVE-2023-25690
MISC
metersphere -- metersphere metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue. 2023-03-09 not yet calculated CVE-2023-25814
MISC
openharmony -- openharmony The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. 2023-03-10 not yet calculated CVE-2023-25947
MISC
docker -- buildkit BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`. 2023-03-06 not yet calculated CVE-2023-26054
MISC
MISC
samsung -- multiple_products An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List. 2023-03-10 not yet calculated CVE-2023-26075
MISC
MISC
MISC
snyk -- snyk All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. 2023-03-09 not yet calculated CVE-2023-26109
MISC
snyk -- snyk All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. 2023-03-09 not yet calculated CVE-2023-26110
MISC
fortinet -- multiple_products A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. 2023-03-09 not yet calculated CVE-2023-26208
MISC
fortinet -- multiple_products A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. 2023-03-09 not yet calculated CVE-2023-26209
MISC
ubika -- waap gateway/cloud In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15. 2023-03-08 not yet calculated CVE-2023-26261
MISC
MISC
go -- gosaml2
 
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0. 2023-03-03 not yet calculated CVE-2023-26483
MISC
MISC
MISC
MISC
wasmtime -- wasmtime wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G` bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexisting wasm modules to see if they're affected by the incorrect codegen rules and possibly correlate that with an anomalous number of traps during historical execution to locate possibly suspicious modules. The specific bug in Cranelift's x86_64 backend is that a WebAssembly address which is left-shifted by a constant amount from 1 to 3 will get folded into x86_64's addressing modes which perform shifts. For example `(i32.load (i32.shl (local.get 0) (i32.const 3)))` loads from the WebAssembly address `$local0 << 3`. When translated to Cranelift the `$local0 << 3` computation, a 32-bit value, is zero-extended to a 64-bit value and then added to the base address of linear memory. Cranelift would generate an instruction of the form `movl (%base, %local0, 8), %dst` which calculates `%base + %local0 << 3`. The bug here, however, is that the address computation happens with 64-bit values, where the `$local0 << 3` computation was supposed to be truncated to a a 32-bit value. This means that `%local0`, which can use up to 32-bits for an address, gets 3 extra bits of address space to be accessible via this `movl` instruction. The fix in Cranelift is to remove the erroneous lowering rules in the backend which handle these zero-extended expression. The above example is then translated to `movl %local0, %temp; shl $3, %temp; movl (%base, %temp), %dst` which correctly truncates the intermediate computation of `%local0 << 3` to 32-bits inside the `%temp` register which is then added to the `%base` value. Wasmtime version 4.0.1, 5.0.1, and 6.0.1 have been released and have all been patched to no longer contain the erroneous lowering rules. While updating Wasmtime is recommended, there are a number of possible workarounds that embedders can employ to mitigate this issue if updating is not possible. Note that none of these workarounds are on-by-default and require explicit configuration: 1. The `Config::static_memory_maximum_size(0)` option can be used to force all accesses to linear memory to be explicitly bounds-checked. This will perform a bounds check separately from the address-mode computation which correctly calculates the effective address of a load/store. Note that this can have a large impact on the execution performance of WebAssembly modules. 2. The `Config::static_memory_guard_size(1 << 36)` option can be used to greatly increase the guard pages placed after linear memory. This will guarantee that memory accesses up-to-34G away are guaranteed to be semantically correct by reserving unmapped memory for the instance. Note that this reserves a very large amount of virtual memory per-instances and can greatly reduce the maximum number of concurrent instances being run. 3. If using a non-x86_64 host is possible, then that will also work around this bug. This bug does not affect Wasmtime's or Cranelift's AArch64 backend, for example. 2023-03-08 not yet calculated CVE-2023-26489
MISC
MISC
MISC
MISC
MISC
rsshub -- rsshub RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds. 2023-03-03 not yet calculated CVE-2023-26491
MISC
MISC
zoho -- multiple_products ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. 2023-03-06 not yet calculated CVE-2023-26600
MISC
MISC
zoho -- multiple_products Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). 2023-03-06 not yet calculated CVE-2023-26601
MISC
MISC
shopex -- ecshop An arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file. 2023-03-07 not yet calculated CVE-2023-26823
MISC
variscite -- matrix_gui SQL injection vulnerability found in Variscite matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. 2023-03-08 not yet calculated CVE-2023-26922
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. 2023-03-09 not yet calculated CVE-2023-26948
MISC
onekeyadmin -- onekeyadmin An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. 2023-03-06 not yet calculated CVE-2023-26949
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. 2023-03-07 not yet calculated CVE-2023-26953
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. 2023-03-07 not yet calculated CVE-2023-26954
MISC
onekeyadmin -- onekeyadmin
 
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. 2023-03-07 not yet calculated CVE-2023-26955
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. 2023-03-08 not yet calculated CVE-2023-26956
MISC
onekeyadmin -- onekeyadmin onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. 2023-03-09 not yet calculated CVE-2023-26957
MISC
indexcontroller.java -- indexcontroller.java feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will. 2023-03-08 not yet calculated CVE-2023-27088
MISC
radare -- radare2 radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. 2023-03-10 not yet calculated CVE-2023-27114
MISC
MISC
webassembly -- webassembly WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. 2023-03-10 not yet calculated CVE-2023-27115
MISC
MISC
webassembly -- webassembly WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. 2023-03-10 not yet calculated CVE-2023-27116
MISC
webassembly -- webassembly WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. 2023-03-10 not yet calculated CVE-2023-27117
MISC
webassembly -- webassembly WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. 2023-03-10 not yet calculated CVE-2023-27119
MISC
jellyfin -- multiple_products Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request. 2023-03-10 not yet calculated CVE-2023-27161
MISC
MISC
MISC
halo -- multiple_products An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. 2023-03-10 not yet calculated CVE-2023-27164
MISC
MISC
MISC
ibm -- instana Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. 2023-03-03 not yet calculated CVE-2023-27290
MISC
MISC
directus -- directus Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround. 2023-03-06 not yet calculated CVE-2023-27474
MISC
MISC
MISC
go -- goutil Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. 2023-03-07 not yet calculated CVE-2023-27475
MISC
MISC
owslib -- owslib OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details. 2023-03-08 not yet calculated CVE-2023-27476
MISC
MISC
MISC
wasmtime -- wasmtime wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected. 2023-03-08 not yet calculated CVE-2023-27477
MISC
MISC
MISC
MISC
MISC
libmemcached -- libmemcached libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. 2023-03-07 not yet calculated CVE-2023-27478
MISC
MISC
MISC
MISC
xwiki_platform -- xwiki_platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`. 2023-03-07 not yet calculated CVE-2023-27479
MISC
MISC
MISC
xwiki_platform -- xwiki_platform XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually. 2023-03-07 not yet calculated CVE-2023-27480
MISC
MISC
MISC
directus -- directus Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`. 2023-03-07 not yet calculated CVE-2023-27481
MISC
MISC
MISC
homeassistant -- homeassistant homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet. 2023-03-08 not yet calculated CVE-2023-27482
MISC
MISC
crossplane -- crossplane crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate. 2023-03-09 not yet calculated CVE-2023-27483
MISC
MISC
crossplane -- crossplane crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround. 2023-03-09 not yet calculated CVE-2023-27484
MISC
fbs-core -- fbs-core thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue. 2023-03-07 not yet calculated CVE-2023-27485
MISC
MISC
MISC
MISC
xcat -- xcat xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`. 2023-03-08 not yet calculated CVE-2023-27486
MISC
MISC
MISC
MISC
next.js -- next.js NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. 2023-03-09 not yet calculated CVE-2023-27490
MISC
MISC
MISC
MISC
MISC
MISC
apache_software_foundation -- http_server HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. 2023-03-07 not yet calculated CVE-2023-27522
MISC
rack -- rack A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. 2023-03-10 not yet calculated CVE-2023-27530
MISC
veeam -- backup_&_replication Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. 2023-03-10 not yet calculated CVE-2023-27532
MISC
shadowocks -- x-ng ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. 2023-03-03 not yet calculated CVE-2023-27574
MISC
MISC
flarum -- flarum flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level. 2023-03-10 not yet calculated CVE-2023-27577
MISC
MISC
debian-goodies -- debian-goodies debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) 2023-03-05 not yet calculated CVE-2023-27635
MISC
l-soft -- listserv The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. 2023-03-05 not yet calculated CVE-2023-27641
MISC
netgear -- nighthawk_wifi6 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. 2023-03-10 not yet calculated CVE-2023-27850
MISC
netgear -- nighthawk_wifi6 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. 2023-03-10 not yet calculated CVE-2023-27851
MISC
netgear -- nighthawk_wifi6 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. 2023-03-10 not yet calculated CVE-2023-27852
MISC
netgear -- nighthawk_wifi6 NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. 2023-03-10 not yet calculated CVE-2023-27853
MISC
pretix -- pretix rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. 2023-03-06 not yet calculated CVE-2023-27891
MISC
jenkins_project -- jenkins Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. 2023-03-10 not yet calculated CVE-2023-27898
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. 2023-03-10 not yet calculated CVE-2023-27899
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. 2023-03-10 not yet calculated CVE-2023-27900
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. 2023-03-10 not yet calculated CVE-2023-27901
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. 2023-03-10 not yet calculated CVE-2023-27902
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. 2023-03-10 not yet calculated CVE-2023-27903
MISC
jenkins_project -- jenkins Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. 2023-03-10 not yet calculated CVE-2023-27904
MISC
jenkins_project -- jenkins Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. 2023-03-10 not yet calculated CVE-2023-27905
MISC
emacs -- emacsclient-mail.desktop emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. 2023-03-09 not yet calculated CVE-2023-27985
MISC
MISC
MISC
MLIST
emacs -- emacsclient-mail.desktop emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. 2023-03-09 not yet calculated CVE-2023-27986
MISC
MISC
MLIST

Back to top

Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.