Vulnerability Summary for the Week of March 6, 2023
Released
Mar 13, 2023
Document ID
SB23-072
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| igamingmodules -- flashgames | A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288. | 2023-03-05 | 9.8 | CVE-2008-10003 MISC MISC MISC |
| codepeople -- polls_cp | A vulnerability has been found in codepeople cp-polls Plugin 1.0.1 and classified as critical. This vulnerability affects unknown code of the file cp-admin-int-message-list.inc.php. The manipulation of the argument lu leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 6d7168cbf12d1c183bacc5cd5678f6f5b0d518d2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222268. | 2023-03-04 | 9.8 | CVE-2014-125091 MISC MISC MISC MISC |
| wordpress -- wordpress | The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server | 2023-03-06 | 9.8 | CVE-2022-4328 MISC |
| zbt -- we1626_firmware | An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | 2023-03-03 | 9.8 | CVE-2022-45551 MISC MISC MISC |
| zbt -- we1626_firmware | An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. | 2023-03-03 | 9.8 | CVE-2022-45553 MISC MISC MISC |
| anji-plus -- report | Report v0.9.8.6 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability. | 2023-03-03 | 9.8 | CVE-2022-46973 MISC MISC |
| cisco -- ip_phone_6871_firmware | Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-03-03 | 9.8 | CVE-2023-20078 CISCO |
| judging_management_system -- judging_management_system | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. | 2023-03-03 | 9.8 | CVE-2023-24641 MISC |
| judging_management_system -- judging_management_system | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. | 2023-03-03 | 9.8 | CVE-2023-24642 MISC |
| judging_management_system -- judging_management_system | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. | 2023-03-03 | 9.8 | CVE-2023-24643 MISC |
| yf-exam -- yf-exam | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). | 2023-03-03 | 9.8 | CVE-2023-26779 MISC MISC |
| best_pos_management_system -- best_pos_management_system | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. | 2023-03-09 | 9.8 | CVE-2023-27202 MISC MISC |
| best_pos_management_system -- best_pos_management_system | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. | 2023-03-09 | 9.8 | CVE-2023-27203 MISC MISC |
| best_pos_management_system -- best_pos_management_system | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. | 2023-03-09 | 9.8 | CVE-2023-27204 MISC MISC |
| best_pos_management_system -- best_pos_management_system | Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. | 2023-03-09 | 9.8 | CVE-2023-27205 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 2023-03-09 | 9.8 | CVE-2023-27207 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. | 2023-03-09 | 9.8 | CVE-2023-27210 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. | 2023-03-09 | 9.8 | CVE-2023-27213 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. | 2023-03-09 | 9.8 | CVE-2023-27214 MISC MISC |
| gitpod -- gitpod | An issue was discovered in Gitpod versions prior to release-2022.11.2.16. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to the Gitpod JSONRPC server using a victim’s credentials, because the Origin header is not restricted. This can lead to the extraction of data from workspaces, to a full takeover of the workspace. | 2023-03-03 | 9.6 | CVE-2023-0957 MISC MISC MISC MISC MISC MISC MISC |
| webkitgtk -- webkitgtk | A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. | 2023-03-06 | 8.8 | CVE-2019-8720 MISC MISC |
| wordpress -- wordpress | The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the prompt_dismiss_notice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could also be done via a CSRF vector against any authenticated user | 2023-03-06 | 8.8 | CVE-2022-4265 MISC |
| draytek -- vigor_2960_firmware | A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1225C of the file mainfunction.cgi. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. | 2023-03-03 | 8.8 | CVE-2023-1162 MISC MISC MISC |
| google -- chrome | Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1213 MISC MISC |
| google -- chrome | Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1214 MISC MISC |
| google -- chrome | Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1215 MISC MISC |
| google -- chrome | Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1216 MISC MISC |
| google -- chrome | Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1218 MISC MISC |
| google -- chrome | Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1219 MISC MISC |
| google -- chrome | Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 8.8 | CVE-2023-1220 MISC MISC |
| google -- chrome | Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 8.8 | CVE-2023-1222 MISC MISC |
| google -- chrome | Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | 2023-03-07 | 8.8 | CVE-2023-1227 MISC MISC |
| vantage6 -- vantage6 | vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. | 2023-03-04 | 8.8 | CVE-2023-23929 MISC MISC |
| prestashop -- xen_forum | In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. | 2023-03-06 | 8.8 | CVE-2023-24763 MISC MISC |
| jeecg -- jeecg | jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. | 2023-03-06 | 8.8 | CVE-2023-24789 MISC |
| mailcow -- mailcow\ | mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to obtain shell access to the Docker container running dovecot. The imapsync Perl script implements all the necessary functionality for this feature, including the XOAUTH2 authentication mechanism. This code path creates a shell command to call openssl. However, since different parts of the specified user password are included without any validation, one can simply execute additional shell commands. Notably, the default ACL for a newly-created mailcow account does not include the necessary permission. The Issue has been fixed within the 2023-03 Update (March 3rd 2023). As a temporary workaround the Syncjob ACL can be removed from all mailbox users, preventing from creating or changing existing Syncjobs. | 2023-03-04 | 8.8 | CVE-2023-26490 MISC MISC |
| starsoftcomm -- coocare | starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. | 2023-03-03 | 7.8 | CVE-2022-45988 MISC MISC |
| struktur -- libde265 | Libde265 1.0.9 is vulnerable to Buffer Overflow in ff_hevc_put_hevc_qpel_pixels_8_sse | 2023-03-03 | 7.8 | CVE-2022-47664 MISC |
| struktur -- libde265 | Libde265 1.0.9 has a heap buffer overflow vulnerability in de265_image::set_SliceAddrRS(int, int, int) | 2023-03-03 | 7.8 | CVE-2022-47665 MISC |
| hornerautomation -- cscape_envision_rv | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | 2023-03-09 | 7.8 | CVE-2023-0621 MISC |
| hornerautomation -- cscape_envision_rv | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | 2023-03-09 | 7.8 | CVE-2023-0622 MISC |
| hornerautomation -- cscape_envision_rv | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process. | 2023-03-09 | 7.8 | CVE-2023-0623 MISC |
| kylinos -- kylin_os | A vulnerability was found in KylinSoft kylin-activation and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. | 2023-03-03 | 7.8 | CVE-2023-1164 MISC MISC MISC |
| vim -- vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | 2023-03-03 | 7.8 | CVE-2023-1170 MISC CONFIRM |
| imageinfo -- imageinfo | A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file imageinfo.hpp. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-222362 is the identifier assigned to this vulnerability. | 2023-03-06 | 7.8 | CVE-2023-1190 MISC MISC MISC MISC |
| ebay -- sketchsvg | All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string. | 2023-03-06 | 7.8 | CVE-2023-26107 MISC MISC MISC |
| systemd -- systemd | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | 2023-03-03 | 7.8 | CVE-2023-26604 MISC MISC MISC |
| live2d -- cubism_editor | Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. | 2023-03-03 | 7.8 | CVE-2023-27566 MISC MISC MISC MISC |
| m-files -- m-files_server | Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3. | 2023-03-06 | 7.6 | CVE-2022-4862 MISC |
| zerocoin -- libzerocoin | A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is ce103a09ec079d0a0ed95475992348bed6e860de. It is recommended to apply a patch to fix this issue. VDB-222318 is the identifier assigned to this vulnerability. | 2023-03-06 | 7.5 | CVE-2017-20180 MISC MISC MISC MISC |
| m-files -- m-files_server | Download key for a file in a vault was passed in an insecure way that could easily be logged in M-Files New Web in M-Files before 22.11.12011.0. This issue affects M-Files New Web: before 22.11.12011.0. | 2023-03-06 | 7.5 | CVE-2022-3284 MISC |
| zbt -- we1626_firmware | An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | 2023-03-03 | 7.5 | CVE-2022-45552 MISC MISC MISC |
| cisco -- ip_phone_6871_firmware | Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | 2023-03-03 | 7.5 | CVE-2023-20079 CISCO |
| cisco -- finesse | A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition for new and existing users who are connected through a load balancer. This vulnerability is due to improper IP address filtering by the reverse proxy. An attacker could exploit this vulnerability by sending a series of unauthenticated requests to the reverse proxy. A successful exploit could allow the attacker to cause all current traffic and subsequent requests to the reverse proxy through a load balancer to be dropped, resulting in a DoS condition. | 2023-03-03 | 7.5 | CVE-2023-20088 CISCO |
| yf-exam -- yf-exam | CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. There is no restriction on the suffix of the uploaded file, resulting in any file upload. | 2023-03-03 | 7.5 | CVE-2023-25402 MISC MISC |
| yf-exam -- yf-exam | CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed JWT key, and the stored key uses username format characters. Any user who logged in within 24 hours. A token can be forged with his username to bypass authentication. | 2023-03-03 | 7.5 | CVE-2023-25403 MISC MISC |
| dot-lens -- dot-lens | All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. | 2023-03-06 | 7.5 | CVE-2023-26106 MISC MISC |
| @nubosoftware -- node-static | All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method in the servePath function. | 2023-03-06 | 7.5 | CVE-2023-26111 MISC MISC MISC MISC |
| monospace -- directus | Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS rebinding attack and view sensitive data from internal servers or perform a local port scan. An attacker can exploit this vulnerability to access highly sensitive internal server(s) and steal sensitive information. This issue was fixed in version 9.23.0. | 2023-03-03 | 7.5 | CVE-2023-26492 MISC MISC MISC |
| phpseclib -- phpseclib | Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. | 2023-03-03 | 7.5 | CVE-2023-27560 MISC CONFIRM |
| openbsd -- openbsd | In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. | 2023-03-03 | 7.5 | CVE-2023-27567 MISC |
| vim -- vim | Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378. | 2023-03-04 | 7.3 | CVE-2023-1175 MISC CONFIRM |
| crmeb -- crmeb | A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. | 2023-03-03 | 7.2 | CVE-2023-1165 MISC MISC MISC |
| fastcms -- fastcms | A vulnerability classified as problematic has been found in fastcms. This affects an unknown part of the file admin/TemplateController.java of the component ZIP File Handler. The manipulation leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222363. | 2023-03-06 | 7.2 | CVE-2023-1191 MISC MISC MISC MISC |
| phpipam -- phpipam | SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. | 2023-03-07 | 7.2 | CVE-2023-1211 MISC CONFIRM |
| barracuda -- cloudgen_wan_private_edge_gateway_firmware | On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request allows an authenticated attacker to execute arbitrary commands. For example, a name field can contain :password and a password field can contain shell metacharacters. | 2023-03-03 | 7.2 | CVE-2023-26213 FULLDISC MISC CONFIRM MISC |
| runc -- runc | runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression. | 2023-03-03 | 7 | CVE-2023-27561 MISC MISC MISC |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| google -- android | In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755. | 2023-03-07 | 6.7 | CVE-2023-20621 MISC |
| google -- android | In vow, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628530; Issue ID: ALPS07628530. | 2023-03-07 | 6.7 | CVE-2023-20624 MISC |
| google -- android | In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223. | 2023-03-07 | 6.7 | CVE-2023-20626 MISC |
| google -- android | In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585. | 2023-03-07 | 6.7 | CVE-2023-20627 MISC |
| google -- android | In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460. | 2023-03-07 | 6.7 | CVE-2023-20628 MISC |
| google -- android | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628505; Issue ID: ALPS07628505. | 2023-03-07 | 6.7 | CVE-2023-20630 MISC |
| google -- android | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628506; Issue ID: ALPS07628506. | 2023-03-07 | 6.7 | CVE-2023-20632 MISC |
| google -- android | In usb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628508; Issue ID: ALPS07628508. | 2023-03-07 | 6.7 | CVE-2023-20633 MISC |
| google -- android | In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697. | 2023-03-07 | 6.7 | CVE-2023-20634 MISC |
| google -- android | In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593. | 2023-03-07 | 6.7 | CVE-2023-20636 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588. | 2023-03-07 | 6.7 | CVE-2023-20637 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537. | 2023-03-07 | 6.7 | CVE-2023-20638 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587. | 2023-03-07 | 6.7 | CVE-2023-20639 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573. | 2023-03-07 | 6.7 | CVE-2023-20640 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629574; Issue ID: ALPS07629574. | 2023-03-07 | 6.7 | CVE-2023-20641 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628586; Issue ID: ALPS07628586. | 2023-03-07 | 6.7 | CVE-2023-20642 MISC |
| google -- android | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628584; Issue ID: ALPS07628584. | 2023-03-07 | 6.7 | CVE-2023-20643 MISC |
| google -- android | In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629577; Issue ID: ALPS07629577. | 2023-03-07 | 6.7 | CVE-2023-20650 MISC |
| draytek -- vigor_2960_firmware | A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4 and classified as problematic. Affected by this vulnerability is the function sub_1DA58 of the file mainfunction.cgi. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. | 2023-03-03 | 6.5 | CVE-2023-1163 MISC MISC MISC |
| google -- chrome | Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | 2023-03-07 | 6.5 | CVE-2023-1217 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 6.5 | CVE-2023-1226 MISC MISC |
| cisco -- unified_contact_center_express | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | 2023-03-03 | 6.5 | CVE-2023-20061 CISCO |
| goauthentik -- authentik | authentik is an open-source Identity Provider. Due to an insufficient access check, a recovery flow link that is created by an admin (or sent via email by an admin) can be used to set the password for any arbitrary user. This attack is only possible if a recovery flow exists, which has both an Identification and an Email stage bound to it. If the flow has policies on the identification stage to skip it when the flow is restored (by checking `request.context['is_restored']`), the flow is not affected by this. With this flow in place, an administrator must create a recovery Link or send a recovery URL to the attacker, who can, due to the improper validation of the token create, set the password for any account. Regardless, for custom recovery flows it is recommended to add a policy that checks if the flow is restored, and skips the identification stage. This issue has been fixed in versions 2023.2.3, 2023.1.3 and 2022.12.2. | 2023-03-04 | 6.5 | CVE-2023-26481 MISC MISC |
| openzeppelin -- contracts_upgradeable | OpenZeppelin Contracts is a library for secure smart contract development. The ERC721Consecutive contract designed for minting NFTs in batches does not update balances when a batch has size 1 and consists of a single token. Subsequent transfers from the receiver of that token may overflow the balance as reported by `balanceOf`. The issue exclusively presents with batches of size 1. The issue has been patched in 4.8.2. | 2023-03-03 | 6.5 | CVE-2023-26488 MISC MISC MISC |
| google -- android | In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778. | 2023-03-07 | 6.4 | CVE-2023-20623 MISC |
| google -- android | In adsp, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628532; Issue ID: ALPS07628532. | 2023-03-07 | 6.4 | CVE-2023-20625 MISC |
| google -- chrome | Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI interaction. (Chromium security severity: Low) | 2023-03-07 | 6.3 | CVE-2023-1235 MISC MISC |
| ajaxlife -- ajaxlife | A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.3.3 is able to address this issue. The name of the patch is 9fb53b67312fe3f4336e01c1e3e1bedb4be0c1c8. It is recommended to upgrade the affected component. VDB-222286 is the identifier assigned to this vulnerability. | 2023-03-05 | 6.1 | CVE-2008-10002 MISC MISC MISC MISC |
| media_downloader -- media_downloader | A vulnerability was found in Media Downloader Plugin 0.1.992. It has been declared as problematic. This vulnerability affects the function dl_file_resumable of the file getfile.php. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.1.993 is able to address this issue. The name of the patch is 77beb720c682b9300035ab5f96eee225181d8a92. It is recommended to upgrade the affected component. VDB-222262 is the identifier assigned to this vulnerability. | 2023-03-04 | 6.1 | CVE-2014-125090 MISC MISC MISC |
| maxfoundry -- maxbuttons | A vulnerability was found in MaxButtons Plugin up to 1.26.0 and classified as problematic. This issue affects the function maxbuttons_strip_px of the file includes/maxbuttons-button.php. The manipulation of the argument button_id leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.26.1 is able to address this issue. The name of the patch is e74564c9e3b7429808e317f4916bd1c26ef0b806. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222323. | 2023-03-05 | 6.1 | CVE-2014-125092 MISC MISC MISC MISC |
| pluginmirror -- landing-pages | A vulnerability, which was classified as problematic, has been found in Landing Pages Plugin up to 1.8.7. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.8 is able to address this issue. The name of the patch is c8e22c1340c11fedfb0a0a67ea690421bdb62b94. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222320. | 2023-03-06 | 6.1 | CVE-2015-10090 MISC MISC MISC MISC |
| qtranslate_slug -- qtranslate_slug | A vulnerability was found in Qtranslate Slug Plugin up to 1.1.16. It has been classified as problematic. Affected is the function add_slug_meta_box of the file includes/class-qtranslate-slug.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.1.17 is able to address this issue. The name of the patch is 74b3932696f9868e14563e51b7d0bb68c53bf5e4. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222324. | 2023-03-06 | 6.1 | CVE-2015-10092 MISC MISC MISC MISC |
| seotool-- seotool | A vulnerability, which was classified as problematic, was found in Artesãos SEOTools up to 0.17.1. This affects the function makeTag of the file OpenGraph.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222231. | 2023-03-04 | 6.1 | CVE-2020-36663 MISC MISC MISC MISC MISC |
| seotool -- seotool | A vulnerability has been found in Artesãos SEOTools up to 0.17.1 and classified as problematic. This vulnerability affects the function setTitle of the file SEOMeta.php. The manipulation of the argument title leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222232. | 2023-03-04 | 6.1 | CVE-2020-36664 MISC MISC MISC MISC MISC |
| seotool -- seotool | A vulnerability was found in Artesãos SEOTools up to 0.17.1 and classified as critical. This issue affects the function eachValue of the file TwitterCards.php. The manipulation of the argument value leads to open redirect. Upgrading to version 0.17.2 is able to address this issue. The name of the patch is ca27cd0edf917e0bc805227013859b8b5a1f01fb. It is recommended to upgrade the affected component. The identifier VDB-222233 was assigned to this vulnerability. | 2023-03-04 | 6.1 | CVE-2020-36665 MISC MISC MISC MISC MISC |
| saysis -- starcities | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saysis Computer Starcities. This issue affects Starcities: before 1.1. | 2023-03-06 | 6.1 | CVE-2022-2178 MISC |
| asosegitim -- sobiad | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).This issue affects SOBIAD: before 23.02.01. | 2023-03-03 | 6.1 | CVE-2023-0577 MISC |
| asosegitim -- bookcites | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).This issue affects Book Cites: before 23.01.05. | 2023-03-03 | 6.1 | CVE-2023-0578 MISC |
| kibokolabs -- watu_quiz | The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2023-03-03 | 6.1 | CVE-2023-0968 MISC MISC |
| sourcecodester -- health_center_patient_record_management_system | A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file hematology_print.php. The manipulation of the argument hem_id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222331. | 2023-03-05 | 6.1 | CVE-2023-1180 MISC MISC MISC |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 6.1 | CVE-2023-1320 CONFIRM MISC |
| draytek -- vigor2860_firmware | Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915, Vigor2765, Vigor2766, Vigor2135 v4.4.2.0; Vigor2763 v4.4.2.1; Vigor2862 and Vigor2926 v3.9.9.0; Vigor2925 v3.9.3; Vigor2952 and Vigor3220 v3.9.7.3; Vigor2133 and Vigor2762 v3.9.6.4; and Vigor2832 v3.9.6.2. | 2023-03-03 | 6.1 | CVE-2023-23313 MISC MISC |
| kitabisa -- teler-waf | teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version v0.2.0 is vulnerable to a bypass attack when a specific case-sensitive hex entities payload with special characters such as CR/LF and horizontal tab is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been patched in version 0.2.0. | 2023-03-03 | 6.1 | CVE-2023-26047 MISC MISC MISC |
| vega-functions_project -- vega-functions | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1. | 2023-03-04 | 6.1 | CVE-2023-26486 MISC MISC MISC MISC MISC |
| vega-functions -- vega-functions | Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as `push` call argument. The type of the 1st argument is supposed to be an array, but it's not enforced. This makes it possible to specify any object with a `push` function as the 1st argument, `push` function can be set to any function that can be access via `event.view` (no all such functions can be exploited due to invalid context or signature, but some can, e.g. `console.log`). The issue is that`lassoAppend` doesn't enforce proper types of its arguments. This issue opens various XSS vectors, but exact impact and severity depends on the environment (e.g. Core JS `setImmediate` polyfill basically allows `eval`-like functionality). This issue was patched in 5.23.0. | 2023-03-04 | 6.1 | CVE-2023-26487 MISC MISC MISC |
| best_pos_management_system -- best_pos_management_system | A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | 2023-03-09 | 6.1 | CVE-2023-27206 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | 2023-03-09 | 6.1 | CVE-2023-27208 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | 2023-03-09 | 6.1 | CVE-2023-27211 MISC MISC |
| sourcecodester -- online_pizza_ordering_system | A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the redirect parameter. | 2023-03-09 | 6.1 | CVE-2023-27212 MISC MISC |
| quickentity_editor -- quickentity_editor | quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised (XSS vulnerability). Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag in any entity name. This issue has been patched in version 1.28.1 of the application. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-03-06 | 6.1 | CVE-2023-27472 MISC MISC |
| samba -- samba | A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met. | 2023-03-06 | 5.9 | CVE-2021-20251 MISC MISC |
| ghost -- ghost | Ghost 5.35.0 allows authorization bypass: contributors can view draft posts of other users, which is arguably inconsistent with a security policy in which a contributor's draft can only be read by editors until published by an editor. NOTE: the vendor's position is that this behavior has no security impact. | 2023-03-05 | 5.7 | CVE-2023-26510 MISC MISC MISC |
| samourai-wallet-android -- samourai-wallet-android | An issue discovered in com.samourai.wallet.PinEntryActivity.java in Streetside Samourai Wallet 0.99.96i allows attackers to view sensitive information and decrypt data via a brute force attack that uses a recovered samourai.dat file. The PIN is 5 to 8 digits, which may be insufficient in this situation. | 2023-03-04 | 5.5 | CVE-2021-36689 MISC MISC |
| libtiff -- libtiff | LibTIFF 4.4.0 has an out-of-bounds read in tiffcp in tools/tiffcp.c:948, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit e8131125. | 2023-03-03 | 5.5 | CVE-2022-4645 MISC MISC CONFIRM FEDORA |
| fabulatech -- webcam_for_remote_desktop | A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This vulnerability affects unknown code in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-222358 is the identifier assigned to this vulnerability. | 2023-03-06 | 5.5 | CVE-2023-1186 MISC MISC MISC |
| fabulatech -- webcam_for_remote_desktop | A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. This issue affects some unknown processing in the library ftwebcam.sys of the component Global Variable Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222359. | 2023-03-06 | 5.5 | CVE-2023-1187 MISC MISC MISC |
| fabulatech -- webcam_for_remote_desktop | A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. It has been classified as problematic. Affected is an unknown function in the library ftwebcam.sys of the component IoControlCode Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222360. | 2023-03-06 | 5.5 | CVE-2023-1188 MISC MISC MISC MISC |
| wordpress -- wordpress | A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability. | 2023-03-06 | 5.4 | CVE-2015-10093 MISC MISC MISC MISC |
| wordpress -- wordpress | The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0063 MISC |
| iwordpress -- wordpress | The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0065 MISC |
| wordpress -- wordpress | The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0069 MISC |
| wordpress -- wordpress | The Download Attachments WordPress plugin through 1.2.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0076 MISC |
| wordpress -- wordpress | The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS attacks against higher privilege users | 2023-03-06 | 5.4 | CVE-2023-0078 MISC |
| wordpress -- wordpress | The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0165 MISC |
| wordpress -- wordpress | The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | 5.4 | CVE-2023-0212 MISC |
| sourcecodester -- computer_parts_sales_and_inventory_system | A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Affected is an unknown function of the component Add Supplier Handler. The manipulation of the argument company_name/province/city/phone_number leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222330 is the identifier assigned to this vulnerability. | 2023-03-05 | 5.4 | CVE-2023-1179 MISC MISC MISC |
| easyimages2.0 -- easyimages2.0 | Cross-site Scripting (XSS) - Stored in GitHub repository icret/easyimages2.0 prior to 2.6.7. | 2023-03-05 | 5.4 | CVE-2023-1181 CONFIRM MISC |
| ehuacui-bbs -- ehuacui-bbs | A vulnerability was found in ehuacui bbs. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-222388. | 2023-03-06 | 5.4 | CVE-2023-1200 MISC MISC MISC |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 5.4 | CVE-2023-1315 MISC CONFIRM |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 5.4 | CVE-2023-1316 CONFIRM MISC |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 5.4 | CVE-2023-1317 CONFIRM MISC |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 5.4 | CVE-2023-1318 MISC CONFIRM |
| cisco -- prime_infrastructure | A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device. | 2023-03-03 | 5.4 | CVE-2023-20069 CISCO |
| blogengine.net -- blogengine.net | A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially crafted file. | 2023-03-06 | 5.4 | CVE-2023-22856 MISC |
| blogengine.net -- blogengine.net | A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious payload into a blog post. | 2023-03-06 | 5.4 | CVE-2023-22857 MISC |
| craftcms -- craftcms | Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. | 2023-03-03 | 5.4 | CVE-2023-23927 MISC MISC MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. | 2023-03-08 | 5.4 | CVE-2023-26950 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. | 2023-03-08 | 5.4 | CVE-2023-26952 MISC |
| wallabag -- wallabag | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | 2023-03-05 | 5.3 | CVE-2023-0734 CONFIRM MISC |
| discourse -- discourse | Discourse is an open source platform for community discussion. Tags that are normally private are showing in metadata. This affects any site running the `tests-passed` or `beta` branches >= 3.1.0.beta2. The issue is patched in the latest `beta` and `tests-passed` version of Discourse. | 2023-03-04 | 5.3 | CVE-2023-25819 MISC MISC |
| nestjs -- nest | Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | 2023-03-06 | 5.3 | CVE-2023-26108 MISC MISC MISC MISC |
| uvdesk -- community-skeleton | Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. | 2023-03-06 | 4.8 | CVE-2023-1197 CONFIRM MISC |
| phpipam -- phpipam | Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. | 2023-03-07 | 4.8 | CVE-2023-1212 CONFIRM MISC |
| enhancesoft -- osticket | Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. | 2023-03-10 | 4.8 | CVE-2023-1319 MISC CONFIRM |
| google -- android | In keyinstall, there is a possible information disclosure due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07563028. | 2023-03-07 | 4.4 | CVE-2023-20635 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628603; Issue ID: ALPS07628603. | 2023-03-07 | 4.4 | CVE-2023-20644 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628609; Issue ID: ALPS07628609. | 2023-03-07 | 4.4 | CVE-2023-20645 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628536; Issue ID: ALPS07628536. | 2023-03-07 | 4.4 | CVE-2023-20646 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628547; Issue ID: ALPS07628547. | 2023-03-07 | 4.4 | CVE-2023-20647 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628612; Issue ID: ALPS07628612. | 2023-03-07 | 4.4 | CVE-2023-20648 MISC |
| google -- android | In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628607; Issue ID: ALPS07628607. | 2023-03-07 | 4.4 | CVE-2023-20649 MISC |
| google -- android | In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576. | 2023-03-07 | 4.4 | CVE-2023-20651 MISC |
| joinmastodon -- mastodon | The undo_mark_statuses_as_sensitive method in app/services/approve_appeal_service.rb in Mastodon 3.5.x before 3.5.3 does not use the server's representative account, resulting in moderator identity disclosure when a moderator approves the appeal of a user whose status update was marked as sensitive. | 2023-03-06 | 4.3 | CVE-2022-48364 MISC MISC MISC MISC |
| wordpress -- wordpress | The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication (such as update and delete the auth key). | 2023-03-06 | 4.3 | CVE-2023-0328 MISC |
| google -- chrome | Insufficient policy enforcement in Extensions API in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1221 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1223 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1224 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 111.0.5563.64 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1225 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1228 MISC MISC |
| google -- chrome | Inappropriate implementation in Permission prompts in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1229 MISC MISC |
| google -- chrome | Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious WebApp to spoof the contents of the PWA installer via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1230 MISC MISC |
| google -- chrome | Inappropriate implementation in Autofill in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to potentially spoof the contents of the omnibox via a crafted HTML page. (Chromium security severity: Medium) | 2023-03-07 | 4.3 | CVE-2023-1231 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to obtain potentially sensitive information from API via a crafted HTML page. (Chromium security severity: Low) | 2023-03-07 | 4.3 | CVE-2023-1232 MISC MISC |
| google -- chrome | Insufficient policy enforcement in Resource Timing in Google Chrome prior to 111.0.5563.64 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension. (Chromium security severity: Low) | 2023-03-07 | 4.3 | CVE-2023-1233 MISC MISC |
| google -- chrome | Inappropriate implementation in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | 2023-03-07 | 4.3 | CVE-2023-1234 MISC MISC |
| google -- chrome | Inappropriate implementation in Internals in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to spoof the origin of an iframe via a crafted HTML page. (Chromium security severity: Low) | 2023-03-07 | 4.3 | CVE-2023-1236 MISC MISC |
| cisco -- unified_contact_center_express | Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on an affected system. Cisco plans to release software updates that address these vulnerabilities. | 2023-03-03 | 4.3 | CVE-2023-20062 CISCO |
| google -- android | In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558. | 2023-03-07 | 4.1 | CVE-2023-20620 MISC |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
|
wordpress -- wordpress |
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The name of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | 2023-03-05 | not yet calculated | CVE-2006-10001 MISC MISC MISC MISC |
| email_registration -- email_registration | A vulnerability was found in Email Registration 5.x-2.1. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The name of the patch is 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2008-10004 MISC MISC MISC MISC |
| wordpress -- wordpress | A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. | 2023-03-10 | not yet calculated | CVE-2013-10020 MISC MISC MISC |
| wordpress -- wordpress | A vulnerability was found in dd32 Debug Bar Plugin up to 0.8. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The name of the patch is 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. | 2023-03-11 | not yet calculated | CVE-2013-10021 MISC MISC MISC MISC |
| wordpress -- wordpress | A vulnerability has been found in Ad Blocking Detector Plugin up to 1.2.1 and classified as problematic. This vulnerability affects unknown code of the file ad-blocking-detector.php. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 3312b9cd79e5710d1e282fc9216a4e5ab31b3d94. It is recommended to upgrade the affected component. VDB-222610 is the identifier assigned to this vulnerability. | 2023-03-10 | not yet calculated | CVE-2014-125093 MISC MISC MISC MISC |
|
ayttm -- ayttm |
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The name of the patch is 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267. | 2023-03-05 | not yet calculated | CVE-2015-10088 MISC MISC MISC MISC |
|
flame.js -- flame.js |
A vulnerability classified as problematic has been found in flame.js. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is e6c49b5f6179e31a534b7c3264e1d36aa99728ac. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222291. | 2023-03-05 | not yet calculated | CVE-2015-10089 MISC MISC MISC MISC |
|
bywater_solutions -- bywater-koha-xslt |
A vulnerability has been found in ByWater Solutions bywater-koha-xslt and classified as critical. This vulnerability affects the function StringSearch of the file admin/systempreferences.pl. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is 9513b93c828dfbc4413f9e0df63647401aaf4e58. It is recommended to apply a patch to fix this issue. VDB-222322 is the identifier assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2015-10091 MISC MISC MISC |
| wordpress -- wordpress | A vulnerability was found in Fastly Plugin up to 0.97. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The name of the patch is d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2015-10094 MISC MISC MISC MISC |
| wordpress -- wordpress | A vulnerability classified as problematic has been found in woo-popup Plugin up to 1.2.2. This affects an unknown part of the file admin/class-woo-popup-admin.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7c76ac78f3e16015991b612ff4fa616af4ce9292. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222327. | 2023-03-06 | not yet calculated | CVE-2015-10095 MISC MISC MISC MISC |
|
hgzojer -- vocable_trainer |
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328. | 2023-03-07 | not yet calculated | CVE-2017-20181 MISC MISC MISC MISC |
|
mobile_vikings -- django_ajax_utilities |
A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 329eb1dd1580ca1f9d4f95bc69939833226515c9. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222611. | 2023-03-10 | not yet calculated | CVE-2017-20182 MISC MISC MISC |
| wordpress -- wordpress | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability checking on the backup_guard_cloud_dropbox, backup_guard_cloud_gdrive, and backup_guard_cloud_oneDrive functions. This makes it possible for authenticated attackers, with minimal permissions, such as a subscriber to change to location of back-ups and potentially steal sensitive information from them. | 2023-03-07 | not yet calculated | CVE-2020-36667 MISC MISC |
| wordpress -- wordpress | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backup_guard_get_manual_modal function called via an AJAX action. This makes it possible for subscriber-level attackers, and above, to invoke the function and obtain database table information. | 2023-03-07 | not yet calculated | CVE-2020-36668 MISC MISC |
| wordpress -- wordpress | The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. | 2023-03-07 | not yet calculated | CVE-2020-36669 MISC MISC |
| wordpress -- wordpress | The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to invoke these functions which can be used to perform actions like modify form submission records, deleting files, sending test emails, modifying plugin settings, and more. | 2023-03-07 | not yet calculated | CVE-2020-36670 MISC MISC |
|
ibm -- financial_transactoin_manager |
IBM Financial Transaction Manager 3.2.0 through 3.2.10 could allow an authenticated user to perform unauthorized actions due to improper validation. IBM X-Force ID: 192954. | 2023-03-10 | not yet calculated | CVE-2020-5002 MISC MISC |
|
hclsoftware -- verse |
HCL Verse is susceptible to a Cross Site Scripting (XSS) vulnerability. By tricking a user into clicking a crafted URL, a remote unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information. | 2023-03-10 | not yet calculated | CVE-2021-27788 MISC |
|
wyomind -- help_desk_magento_2 |
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field. | 2023-03-08 | not yet calculated | CVE-2021-33351 MISC MISC |
|
wyomind -- help_desk_magento_2 |
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field. | 2023-03-08 | not yet calculated | CVE-2021-33352 MISC MISC |
|
wyomind -- help_desk_magento_2 |
Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting. | 2023-03-08 | not yet calculated | CVE-2021-33353 MISC MISC |
|
gnuplot -- gnuplot |
An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | 2023-03-10 | not yet calculated | CVE-2021-33360 MISC MISC |
| kernel -- kernel | REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | 2023-03-08 | not yet calculated | CVE-2021-33639 MISC |
| yuneec -- mantis_q/px4-autopilot | An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | 2023-03-09 | not yet calculated | CVE-2021-34125 MISC MISC MISC MISC MISC MISC MISC MISC |
|
vicidial -- vicidial |
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | 2023-03-06 | not yet calculated | CVE-2021-35377 MISC MISC |
|
moodle -- moodle |
In Moodle, an SQL injection risk was identified in the library fetching a user's enrolled courses. | 2023-03-06 | not yet calculated | CVE-2021-36392 MISC |
|
moodle -- moodle |
In Moodle, an SQL injection risk was identified in the library fetching a user's recent courses. | 2023-03-06 | not yet calculated | CVE-2021-36393 MISC |
|
moodle -- moodle |
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin. | 2023-03-06 | not yet calculated | CVE-2021-36394 MISC |
|
moodle -- moodle |
In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service. | 2023-03-06 | not yet calculated | CVE-2021-36395 MISC |
|
moodle -- moodle |
In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk. | 2023-03-06 | not yet calculated | CVE-2021-36396 MISC |
|
moodle -- moodle |
In Moodle, insufficient capability checks meant message deletions were not limited to the current user. | 2023-03-06 | not yet calculated | CVE-2021-36397 MISC |
|
moodle -- moodle |
In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk. | 2023-03-06 | not yet calculated | CVE-2021-36398 MISC |
|
moodle -- moodle |
In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk. | 2023-03-06 | not yet calculated | CVE-2021-36399 MISC |
|
moodle -- moodle |
In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 2023-03-06 | not yet calculated | CVE-2021-36400 MISC |
|
moodle -- moodle |
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk. | 2023-03-06 | not yet calculated | CVE-2021-36401 MISC |
|
moodle -- moodle |
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. | 2023-03-06 | not yet calculated | CVE-2021-36402 MISC |
|
moodle -- moodle |
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | 2023-03-06 | not yet calculated | CVE-2021-36403 MISC |
| jquery -- jquery | Cross Site Scripting (XSS) vulnerability in the DataTables plug-in 1.9.2 for jQuery allows attackers to run arbitrary code via the sBaseName parameter to function _fnCreateCookie. NOTE: 1.9.2 is a version from 2012. | 2023-03-06 | not yet calculated | CVE-2021-36713 MISC MISC |
| json-logic-js -- json-logic-js | A vulnerability, which was classified as critical, has been found in json-logic-js 2.0.0. Affected by this issue is some unknown functionality of the file logic.js. The manipulation leads to command injection. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is c1dd82f5b15d8a553bb7a0cfa841ab8a11a9c227. It is recommended to upgrade the affected component. VDB-222266 is the identifier assigned to this vulnerability. | 2023-03-05 | not yet calculated | CVE-2021-4329 MISC MISC MISC MISC |
| wordpress -- wordpress | The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download. | 2023-03-07 | not yet calculated | CVE-2021-4330 MISC MISC |
| wordpress -- wordpress | The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of the registration form, users can choose which role to set as the default for users upon registration. This field is not hidden for lower-level users so any user with access to the Elementor page builder, such as contributors, can set the default role to administrator. Since contributors can not publish posts, only author+ users can elevate privileges without interaction via a site administrator (to approve a post). | 2023-03-07 | not yet calculated | CVE-2021-4331 MISC MISC |
| wordpress -- wordpress | The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can include an SVG image for the box. Unfortunately, the plugin used file_get_contents with no verification that the file being supplied was an SVG file, so any user with access to the Elementor page builder, such as contributors, could read arbitrary files on the WordPress installation. | 2023-03-07 | not yet calculated | CVE-2021-4332 MISC MISC |
| wordpress -- wordpress | The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-07 | not yet calculated | CVE-2021-4333 MISC MISC |
| ubit_information_technologies -- student_information management_system | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | 2023-03-07 | not yet calculated | CVE-2021-44196 MISC |
| ubit_information_technologies -- student_information management_system | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126. | 2023-03-07 | not yet calculated | CVE-2021-44197 MISC |
| cisco -- cisco enterprise_nfv infrastructure_ software | A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. | 2023-03-10 | not yet calculated | CVE-2022-20929 MISC |
| qualcomm -- snapdragon | Information Disclosure in Graphics during GPU context switch. | 2023-03-10 | not yet calculated | CVE-2022-22075 MISC |
| fortinet -- multiple_products | An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | 2023-03-07 | not yet calculated | CVE-2022-22297 MISC |
| qualcomm -- snapdragon | Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload. | 2023-03-10 | not yet calculated | CVE-2022-25655 MISC |
| qualcomm -- snapdragon | Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | 2023-03-10 | not yet calculated | CVE-2022-25694 MISC |
| qualcomm -- snapdragon | Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | 2023-03-10 | not yet calculated | CVE-2022-25705 MISC |
| qualcomm -- snapdragon | Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | 2023-03-10 | not yet calculated | CVE-2022-25709 MISC |
| fortinet -- multiple_products | A exposure of sensitive information to an unauthorized actor in Fortinet FortiManager version 6.0.0 through 6.0.4, FortiAnalyzer version 6.0.0 through 6.0.4, FortiPortal version 6.0.0 through 6.0.9, 5.3.0 through 5.3.8, 5.2.x, 5.1.0, 5.0.x, 4.2.x, 4.1.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.x, 6.0.x allows an attacker which has obtained access to a restricted administrative account to obtain sensitive information via `diagnose debug` commands. | 2023-03-07 | not yet calculated | CVE-2022-27490 MISC |
| fortinet -- fortimail | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiMail version 6.4.0, version 6.2.0 through 6.2.4 and before 6.0.9 allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 2023-03-09 | not yet calculated | CVE-2022-29056 MISC |
| openstack-neutron -- openstack-neutron | An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service. | 2023-03-06 | not yet calculated | CVE-2022-3277 MISC MISC |
| qualcomm -- snapdragon | Memory corruption in modem due to buffer overflow while processing a PPP packet | 2023-03-10 | not yet calculated | CVE-2022-33213 MISC |
| qualcomm -- snapdragon | Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | 2023-03-10 | not yet calculated | CVE-2022-33242 MISC |
| qualcomm -- snapdragon | Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | 2023-03-10 | not yet calculated | CVE-2022-33244 MISC |
| qualcomm -- snapdragon | Memory corruption in WLAN due to use after free | 2023-03-10 | not yet calculated | CVE-2022-33245 MISC |
| qualcomm -- snapdragon | Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | 2023-03-10 | not yet calculated | CVE-2022-33250 MISC |
| qualcomm -- snapdragon | Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | 2023-03-10 | not yet calculated | CVE-2022-33254 MISC |
| qualcomm -- snapdragon | Memory corruption due to improper validation of array index in Multi-mode call processor. | 2023-03-10 | not yet calculated | CVE-2022-33256 MISC |
| qualcomm -- snapdragon | Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone. | 2023-03-10 | not yet calculated | CVE-2022-33257 MISC |
| qualcomm -- snapdragon | Memory corruption due to stack based buffer overflow in core while sending command from USB of large size. | 2023-03-10 | not yet calculated | CVE-2022-33260 MISC |
| qualcomm -- snapdragon | Transient DOS in modem due to reachable assertion. | 2023-03-10 | not yet calculated | CVE-2022-33272 MISC |
| qualcomm -- snapdragon | Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity. | 2023-03-10 | not yet calculated | CVE-2022-33278 MISC |
| qualcomm -- snapdragon | Transient DOS due to buffer over-read in WLAN Firmware while parsing secure FTMR frame with size lesser than 39 Bytes. | 2023-03-10 | not yet calculated | CVE-2022-33309 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to 15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites | 2023-03-09 | not yet calculated | CVE-2022-3381 CONFIRM MISC MISC |
| linux -- kernel | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2023-03-06 | not yet calculated | CVE-2022-3424 MISC MISC MISC MISC |
| gitlab -- gitlab | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | 2023-03-06 | not yet calculated | CVE-2022-3707 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper permissions checks an unauthorised user was able to read, add or edit a users private snippet. | 2023-03-09 | not yet calculated | CVE-2022-3758 MISC MISC CONFIRM |
| mia_technology -- mia-med | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58. | 2023-03-07 | not yet calculated | CVE-2022-3760 MISC |
| gitlab -- dast | Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. | 2023-03-09 | not yet calculated | CVE-2022-3767 CONFIRM MISC |
| hewlett_packard_enterprise -- hpe_flex/hpe_flex_280 | A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8. | 2023-03-10 | not yet calculated | CVE-2022-37939 MISC |
| ceph -- ceph | A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | 2023-03-06 | not yet calculated | CVE-2022-3854 MISC |
| libpng -- libpng | A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function. | 2023-03-06 | not yet calculated | CVE-2022-3857 MISC |
| fortinet -- fortiweb | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 2023-03-07 | not yet calculated | CVE-2022-39951 MISC |
| fortinet -- fortinac | A improper privilege management in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.6, FortiNAC version 9.1.0 through 9.1.8, FortiNAC all versions 8.8, FortiNAC all versions 8.7, FortiNAC all versions 8.6, FortiNAC all versions 8.5, FortiNAC version 8.3.7 allows attacker to escalation of privilege via specially crafted commands. | 2023-03-07 | not yet calculated | CVE-2022-39953 MISC |
| gitlab -- gitlab | A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side. | 2023-03-08 | not yet calculated | CVE-2022-4007 CONFIRM MISC MISC |
| qualcomm -- snapdragon | Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms. | 2023-03-10 | not yet calculated | CVE-2022-40515 MISC |
| qualcomm -- snapdragon | Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | 2023-03-10 | not yet calculated | CVE-2022-40527 MISC |
| qualcomm -- snapdragon | Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | 2023-03-10 | not yet calculated | CVE-2022-40530 MISC |
| qualcomm -- snapdragon |
Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 2023-03-10 | not yet calculated | CVE-2022-40531 MISC |
| qualcomm -- snapdragon | Transient DOS due to buffer over-read in WLAN while sending a packet to device. | 2023-03-10 | not yet calculated | CVE-2022-40535 MISC |
| qualcomm -- snapdragon | Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response. | 2023-03-10 | not yet calculated | CVE-2022-40537 MISC |
| qualcomm -- snapdragon | Memory corruption in Automotive Android OS due to improper validation of array index. | 2023-03-10 | not yet calculated | CVE-2022-40539 MISC |
| qualcomm -- snapdragon | Memory corruption due to buffer copy without checking the size of input while loading firmware in Linux Kernel. | 2023-03-10 | not yet calculated | CVE-2022-40540 MISC |
| fortinet -- fortinac | A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 allows attacker to execute unauthorized code or commands via specially crafted http requests. | 2023-03-07 | not yet calculated | CVE-2022-40676 MISC |
| fortinet -- fortios | A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on the underlying Linux system via crafted CLI commands. | 2023-03-07 | not yet calculated | CVE-2022-41328 MISC |
| fortinet -- multiple_products | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in Fortinet FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiOS version 7.2.0 through 7.2.3 and 7.0.0 through 7.0.9 allows an unauthenticated attackers to obtain sensitive logging informations on the device via crafted HTTP GET requests. | 2023-03-07 | not yet calculated | CVE-2022-41329 MISC |
| fortinet -- fortirecorder | An uncontrolled resource consumption vulnerability [CWE-400] in FortiRecorder version 6.4.3 and below, 6.0.11 and below login authentication mechanism may allow an unauthenticated attacker to make the device unavailable via crafted GET requests. | 2023-03-07 | not yet calculated | CVE-2022-41333 MISC |
|
openstack -- glance |
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. | 2023-03-06 | not yet calculated | CVE-2022-4134 MISC MISC MISC |
| qlik -- qlikview | QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. | 2023-03-06 | not yet calculated | CVE-2022-42248 MISC MISC |
| fortinet -- fortios | A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.2, 7.0.0 through 7.0.8 and before 6.4.11, FortiProxy version 7.2.0 through 7.2.2 and 7.0.0 through 7.0.8 allows privileged VDOM administrators to escalate their privileges to super admin of the box via crafted CLI requests. | 2023-03-07 | not yet calculated | CVE-2022-42476 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users. | 2023-03-09 | not yet calculated | CVE-2022-4289 MISC MISC CONFIRM |
| gitlab -- dast | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page. | 2023-03-08 | not yet calculated | CVE-2022-4315 CONFIRM MISC MISC |
| gitlab -- dast | An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 1.47 before 3.0.51, which sends custom request headers in redirects. | 2023-03-09 | not yet calculated | CVE-2022-4317 CONFIRM MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM token to perform actions on the group. | 2023-03-09 | not yet calculated | CVE-2022-4331 MISC MISC CONFIRM |
| ibm -- mq | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS is vulnerable to a denial of service attack caused by specially crafted PCF or MQSC messages. IBM X-Force ID: 240832. | 2023-03-10 | not yet calculated | CVE-2022-43902 MISC MISC |
| ivanti -- avalanche | An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | 2023-03-10 | not yet calculated | CVE-2022-44574 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response. | 2023-03-09 | not yet calculated | CVE-2022-4462 MISC CONFIRM MISC |
| kioware -- kioware | KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code. | 2023-03-06 | not yet calculated | CVE-2022-44875 MISC MISC |
| samba -- active_directory | Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96). | 2023-03-06 | not yet calculated | CVE-2022-45141 MISC |
| heimdal -- heimdal | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | 2023-03-06 | not yet calculated | CVE-2022-45142 MISC |
| fortinet -- multiple_products | An access of uninitialized pointer vulnerability [CWE-824] in the SSL VPN portal of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.11 and FortiProxy version 7.2.0 through 7.2.1, version 7.0.0 through 7.0.7 and before 2.0.11 allows a remote authenticated attacker to crash the sslvpn daemon via an HTTP GET request. | 2023-03-07 | not yet calculated | CVE-2022-45861 MISC |
| github -- github_enterprise_server | An information disclosure vulnerability was identified in GitHub Enterprise Server that allowed private repositories to be added to a GitHub Actions runner group via the API by a user who did not have access to those repositories, resulting in the repository names being shown in the UI. To exploit this vulnerability, an attacker would need access to the GHES instance, permissions to modify GitHub Actions runner groups, and successfully guess the obfuscated ID of private repositories. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 and was fixed in versions 3.3.17, 3.4.12, 3.5.9, 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-03-07 | not yet calculated | CVE-2022-46257 MISC MISC MISC MISC |
| arm -- arm_mali | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r39p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | 2023-03-08 | not yet calculated | CVE-2022-46394 MISC MISC |
| arm -- arm_mali | An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r0p0 through r32p0, Bifrost r0p0 through r41p0 before r42p0, Valhall r19p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. | 2023-03-06 | not yet calculated | CVE-2022-46395 CONFIRM MISC |
| dell -- bios | Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | 2023-03-08 | not yet calculated | CVE-2022-46752 MISC |
| unisoc_technologies -- multiple_products | In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service. | 2023-03-10 | not yet calculated | CVE-2022-47453 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47454 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47455 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47456 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47457 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47458 MISC |
| unisoc_technologies -- multiple_products | In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services. | 2023-03-10 | not yet calculated | CVE-2022-47459 MISC |
| unisoc_technologies -- multiple_products | In gpu device, there is a memory corruption due to a use after free. This could lead to local denial of service in kernel. | 2023-03-10 | not yet calculated | CVE-2022-47460 MISC |
| unisoc_technologies -- multiple_products | In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47461 MISC |
| unisoc_technologies -- multiple_products | In telephone service, there is a missing permission check. This could lead to local escalation of privilege with system execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47462 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47471 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47472 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47473 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47474 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47475 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47476 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47477 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47478 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47479 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47480 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47481 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47482 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47483 MISC |
| unisoc_technologies -- multiple_products | In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed. | 2023-03-10 | not yet calculated | CVE-2022-47484 MISC |
| sipe -- yarix | A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. | 2023-03-10 | not yet calculated | CVE-2022-48111 MISC MISC MISC |
| c-ares -- c-ares | A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | 2023-03-06 | not yet calculated | CVE-2022-4904 MISC MISC FEDORA |
| ualbertalib -- neosdiscovery | A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The name of the patch is abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. | 2023-03-05 | not yet calculated | CVE-2022-4927 MISC MISC MISC MISC MISC |
| icplayer -- icplayer | A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.820 is able to address this issue. The name of the patch is 2223628e6db1df73f6d633d2c0422d995990f0a3. It is recommended to upgrade the affected component. The identifier VDB-222289 was assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2022-4928 MISC MISC MISC MISC MISC |
| icplayer -- icplayer | A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is able to address this issue. The name of the patch is fa785969f213c76384f1fe67d47b17d57fcc60c8. It is recommended to upgrade the affected component. VDB-222290 is the identifier assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2022-4929 MISC MISC MISC MISC MISC |
| syspass -- syspass | A vulnerability classified as problematic was found in nuxsmin sysPass up to 3.2.4. Affected by this vulnerability is an unknown functionality of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 3.2.5 is able to address this issue. The name of the patch is 4da4d031732ecca67519851fd0c34597dbb8ee55. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222319. | 2023-03-06 | not yet calculated | CVE-2022-4930 MISC MISC MISC MISC MISC |
| wordpress -- wordpress | The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | 2023-03-07 | not yet calculated | CVE-2022-4931 MISC MISC |
| wordpress -- wordpress | The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeat_received() function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with subscriber-level permissions and above to retrieve back-up paths that can subsequently be used to download the back-up. | 2023-03-07 | not yet calculated | CVE-2022-4932 MISC MISC |
| linux -- kernel | A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2023-03-08 | not yet calculated | CVE-2023-0030 MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims. | 2023-03-09 | not yet calculated | CVE-2023-0050 CONFIRM MISC MISC |
| wordpress -- wordpress | The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | not yet calculated | CVE-2023-0064 MISC |
| wordpress -- wordpress | The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | not yet calculated | CVE-2023-0068 MISC |
| openharmony -- openharmy | The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash. | 2023-03-10 | not yet calculated | CVE-2023-0083 MISC |
| proofpoint -- enterprise_protection | The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. This affects all versions 8.20.0 and below. | 2023-03-08 | not yet calculated | CVE-2023-0089 MISC |
| proofpoint -- enterprise_protection | The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below. | 2023-03-08 | not yet calculated | CVE-2023-0090 MISC |
| okta -- advanced_server_access_client | Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. | 2023-03-06 | not yet calculated | CVE-2023-0093 MISC |
| nvidia -- cuda_toolkit_sdk | NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of service and limited information disclosure. | 2023-03-10 | not yet calculated | CVE-2023-0193 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project members could retrieve release descriptions via the API, even if the release visibility is restricted to project members only in the project settings. | 2023-03-09 | not yet calculated | CVE-2023-0223 CONFIRM MISC MISC |
| qemu -- qemu | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | 2023-03-06 | not yet calculated | CVE-2023-0330 MISC |
| wordpress -- wordpress | The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-03-06 | not yet calculated | CVE-2023-0377 MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible for a project maintainer to extract a Datadog integration API key by modifying the site. | 2023-03-09 | not yet calculated | CVE-2023-0483 CONFIRM MISC MISC |
| gigamon -- gigavue-fm/gigavue-os | The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. An attacker could enforce a user into inserting malicious JavaScript code into the URI, that could lead to a Reflected Cross site Scripting. | 2023-03-10 | not yet calculated | CVE-2023-0746 CONFIRM |
| promis_process_company -- inscada | Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | 2023-03-06 | not yet calculated | CVE-2023-0839 MISC |
| hashicorp -- consul/consul_enterprise | Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5. | 2023-03-09 | not yet calculated | CVE-2023-0845 MISC |
| meddata_informatics -- meddatapacs | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData Informatics MedDataPACS.This issue affects MedDataPACS : before 2023-03-03. | 2023-03-06 | not yet calculated | CVE-2023-0979 MISC |
| typora -- typora | A vulnerability, which was classified as critical, was found in Typora up to 1.5.5. Affected is an unknown function of the component WSH JScript Handler. The manipulation leads to code injection. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.8 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221736. | 2023-03-07 | not yet calculated | CVE-2023-1003 MISC MISC MISC |
| gitlab -- gitlab | An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible to trigger a resource depletion attack due to improper filtering for number of requests to read commits details. | 2023-03-09 | not yet calculated | CVE-2023-1072 MISC CONFIRM |
| gitlab -- gitlab_ce/ee | An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request. | 2023-03-09 | not yet calculated | CVE-2023-1084 MISC MISC CONFIRM |
| alpata -- licensed_warehousing_automation_system | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL Injection.This issue affects Licensed Warehousing Automation System: through 2023.1.01. | 2023-03-10 | not yet calculated | CVE-2023-1091 MISC |
| wireshark -- wireshark | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | 2023-03-06 | not yet calculated | CVE-2023-1161 CONFIRM MISC MISC |
| ecshop -- ecshop | A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Affected by this issue is some unknown functionality of the file admin/database.php of the component Backup Database Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222356. | 2023-03-06 | not yet calculated | CVE-2023-1184 MISC MISC MISC |
| ecshop -- ecshop | A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. This affects an unknown part of the component New Product Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222357 was assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2023-1185 MISC MISC MISC |
| wisecleaner -- wise_folder_hider | A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. It has been declared as problematic. Affected by this vulnerability is an unknown functionality in the library WiseFs64.sys of the component IoControlCode Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-222361 was assigned to this vulnerability. | 2023-03-06 | not yet calculated | CVE-2023-1189 MISC MISC MISC |
| saysis -- starcities | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.This issue affects Starcities: through 1.3. | 2023-03-10 | not yet calculated | CVE-2023-1198 MISC |
| devolutions -- server | Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. | 2023-03-10 | not yet calculated | CVE-2023-1201 MISC |
| devolutions -- remote_desktop_manager_powershell_module | Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule. | 2023-03-10 | not yet calculated | CVE-2023-1203 MISC |
| netgear -- nighthawk_wifi6_router | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. | 2023-03-10 | not yet calculated | CVE-2023-1205 MISC |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1237 CONFIRM MISC |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1238 CONFIRM MISC |
| answerdev -- answer | Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1239 MISC CONFIRM |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1240 CONFIRM MISC |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1241 CONFIRM MISC |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1242 MISC CONFIRM |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1243 MISC CONFIRM |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1244 MISC CONFIRM |
| answerdev -- answer | Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. | 2023-03-07 | not yet calculated | CVE-2023-1245 CONFIRM MISC |
| saysis -- starcities | Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.This issue affects Starcities: through 1.3. | 2023-03-10 | not yet calculated | CVE-2023-1246 MISC |
| pimcore -- pimcore | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0. | 2023-03-07 | not yet calculated | CVE-2023-1247 MISC CONFIRM |
| akinsoft -- wolvox | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03. | 2023-03-09 | not yet calculated | CVE-2023-1251 MISC |
| sourcecodester -- health_center_patient_record_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222483. | 2023-03-07 | not yet calculated | CVE-2023-1253 MISC MISC MISC |
| sourcecodester -- health_center_patient_record_management_system | A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file birthing_print.php. The manipulation of the argument birth_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222484. | 2023-03-07 | not yet calculated | CVE-2023-1254 MISC MISC MISC |
| moxa -- uc_series | An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Command line options can then be altered, allowing the attacker to access the terminal. From the terminal, the attacker can modify the device’s authentication files to create a new user and gain full access to the system. | 2023-03-07 | not yet calculated | CVE-2023-1257 MISC |
| wordpress -- wordpress | The CMP – Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. This can allow unauthenticated individuals to obtain the contents of any non-password-protected, published post or page even when maintenance mode is enabled. | 2023-03-07 | not yet calculated | CVE-2023-1263 MISC MISC |
| vim -- vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. | 2023-03-07 | not yet calculated | CVE-2023-1264 CONFIRM MISC |
| ulkem -- pttem_kart | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.This issue affects PtteM Kart: before 2.1. | 2023-03-08 | not yet calculated | CVE-2023-1267 MISC |
| easyappointment -- easyappointment | Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 2023-03-08 | not yet calculated | CVE-2023-1269 CONFIRM MISC |
| btcpayserver -- btcpayserver | Command Injection in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. | 2023-03-08 | not yet calculated | CVE-2023-1270 MISC CONFIRM |
| sourcecodester -- phone_shop_sales_managements_system | A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability. | 2023-03-08 | not yet calculated | CVE-2023-1275 MISC MISC MISC |
| sul1ss_shop -- sul1ss_shop | A vulnerability, which was classified as critical, has been found in SUL1SS_shop. This issue affects some unknown processing of the file application\merch\controller\Order.php. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-222599. | 2023-03-08 | not yet calculated | CVE-2023-1276 MISC MISC MISC |
| kylin -- kylin-system-updater | A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord. Affected is the function InstallSnap of the component Update Handler. The manipulation leads to command injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222600. | 2023-03-08 | not yet calculated | CVE-2023-1277 MISC MISC MISC |
| ibos -- ibos | A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Affected by this issue is some unknown functionality of the file mobil/index.php. The manipulation of the argument accesstoken leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-222608. | 2023-03-08 | not yet calculated | CVE-2023-1278 MISC MISC MISC |
| qwik -- qwik | Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | 2023-03-08 | not yet calculated | CVE-2023-1283 CONFIRM MISC |
| pimcore -- pimcore | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. | 2023-03-09 | not yet calculated | CVE-2023-1286 CONFIRM MISC |
| dassault_systèmes -- enovia_live_collaboration | An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | 2023-03-09 | not yet calculated | CVE-2023-1287 MISC |
| dassault_systèmes -- enovia_live_collaboration | An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote File inclusions. | 2023-03-09 | not yet calculated | CVE-2023-1288 MISC |
| sourcecodester -- sales_tracker_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Affected by this issue is some unknown functionality of the file admin/clients/view_client.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222644. | 2023-03-09 | not yet calculated | CVE-2023-1290 MISC MISC MISC |
| sourcecodester -- sales_tracker_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. This affects an unknown part of the file admin/clients/manage_client.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222645 was assigned to this vulnerability. | 2023-03-09 | not yet calculated | CVE-2023-1291 MISC MISC MISC |
| sourcecodester -- sales_tracker_management_system | A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. This vulnerability affects the function delete_client of the file classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222646 is the identifier assigned to this vulnerability. | 2023-03-09 | not yet calculated | CVE-2023-1292 MISC MISC MISC |
| sourcecodester -- online_graduate_tracer_system | A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. This issue affects the function mysqli_query of the file admin_cs.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222647. | 2023-03-09 | not yet calculated | CVE-2023-1293 MISC MISC MISC |
| dester -- file_tracker_manager_system | A vulnerability was found in SourceCodester File Tracker Manager System 1.0. It has been classified as critical. Affected is an unknown function of the file /file_manager/login.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222648. | 2023-03-09 | not yet calculated | CVE-2023-1294 MISC MISC MISC |
| sourcecodester -- covid_19_testing_management_system | A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file patient-report.php of the component POST Parameter Handler. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222661 was assigned to this vulnerability. | 2023-03-09 | not yet calculated | CVE-2023-1300 MISC MISC MISC |
| sourcecodester -- friendly_island_pizza_website_and_ordering_system | A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Affected by this issue is some unknown functionality of the file deleteorder.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222662 is the identifier assigned to this vulnerability. | 2023-03-09 | not yet calculated | CVE-2023-1301 MISC MISC MISC |
| sourcecodester -- file_tracker_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. This affects an unknown part of the file normal/borrow1.php. The manipulation of the argument id with the input 1"><script>alert(1111)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222663. | 2023-03-09 | not yet calculated | CVE-2023-1302 MISC MISC MISC |
| ucms -- ucms | A vulnerability was found in UCMS 1.6 and classified as critical. This issue affects some unknown processing of the file sadmin/fileedit.php of the component System File Management Module. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-222683. | 2023-03-09 | not yet calculated | CVE-2023-1303 MISC MISC MISC |
| froxlor -- froxlor | Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. | 2023-03-10 | not yet calculated | CVE-2023-1307 MISC CONFIRM |
| sourcecodester -- online_graduate_tracer_system | A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/adminlog.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222696. | 2023-03-10 | not yet calculated | CVE-2023-1308 MISC MISC MISC |
| sourcecodester -- online_graduate_tracer_system | A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/search_it.php. The manipulation of the argument input leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222697 was assigned to this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-1309 MISC MISC MISC |
| sourcecodester -- online_graduate_tracer_system | A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Affected by this issue is some unknown functionality of the file admin/prof.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222698 is the identifier assigned to this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-1310 MISC MISC MISC |
| sourcecodester -- friendly_island_pizza_website_and_ordering_system | A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. This affects an unknown part of the file large.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222699. | 2023-03-10 | not yet calculated | CVE-2023-1311 MISC MISC MISC |
| pimcore -- pimcore | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. | 2023-03-10 | not yet calculated | CVE-2023-1312 CONFIRM MISC |
| cockpit-hq -- cockpit | Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. | 2023-03-10 | not yet calculated | CVE-2023-1313 CONFIRM MISC |
| lmxcms -- lmxcms | A vulnerability has been found in lmxcms 1.41 and classified as critical. Affected by this vulnerability is the function update of the file AcquisiAction.class.php. The manipulation of the argument id with the input -1 and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222727. | 2023-03-10 | not yet calculated | CVE-2023-1321 MISC MISC |
| lmxcms -- lmxcms | A vulnerability was found in lmxcms 1.41 and classified as critical. Affected by this issue is the function reply of the file BookAction.class.php. The manipulation of the argument id with the input 1) and updatexml(0,concat(0x7e,user()),1)# leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222728. | 2023-03-10 | not yet calculated | CVE-2023-1322 MISC MISC |
| guizhou -- 115cms | A vulnerability was found in Guizhou 115cms 4.2. It has been classified as problematic. Affected is an unknown function of the file /admin/content/index. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222738 is the identifier assigned to this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-1328 MISC MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache. | 2023-03-10 | not yet calculated | CVE-2023-1333 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify the plugin's cache. | 2023-03-10 | not yet calculated | CVE-2023-1334 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to connect a new license key to the site. | 2023-03-10 | not yet calculated | CVE-2023-1335 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to disable caching. | 2023-03-10 | not yet calculated | CVE-2023-1336 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete plugin log files. | 2023-03-10 | not yet calculated | CVE-2023-1337 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to modify cache rules. | 2023-03-10 | not yet calculated | CVE-2023-1338 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to update caching rules. | 2023-03-10 | not yet calculated | CVE-2023-1339 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_uucss_logs function. This makes it possible for unauthenticated attackers to clear plugin logs via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1340 MISC MISC |
| wordpress -- wordpress |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ajax_deactivate function. This makes it possible for unauthenticated attackers to turn off caching via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1341 MISC MISC |
| wordpress -- wordpress |
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the ucss_connect function. This makes it possible for unauthenticated attackers to connect the site to a new license key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1342 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1343 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1344 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1345 MISC MISC |
| wordpress -- wordpress | The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the clear_page_cache function. This makes it possible for unauthenticated attackers to clear the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-03-10 | not yet calculated | CVE-2023-1346 MISC MISC |
| hsycms -- hsycms | A vulnerability, which was classified as problematic, has been found in Hsycms 3.1. Affected by this issue is some unknown functionality of the file controller\cate.php of the component Add Category Module. The manipulation of the argument title leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-222842 is the identifier assigned to this vulnerability. | 2023-03-11 | not yet calculated | CVE-2023-1349 MISC MISC MISC |
|
liferea -- liferea |
A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function update_job_run of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date >/tmp/bad-item-link.txt leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 8d8b5b963fa64c7a2122d1bbfbb0bed46e813e59. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222848. | 2023-03-11 | not yet calculated | CVE-2023-1350 MISC MISC MISC |
|
sourcecodester -- computer_parts_sales_and_inventory_system |
A vulnerability classified as critical has been found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file cust_transac.php. The manipulation of the argument phonenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222849 was assigned to this vulnerability. | 2023-03-11 | not yet calculated | CVE-2023-1351 MISC MISC MISC |
|
sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system |
A vulnerability, which was classified as critical, has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. This issue affects some unknown processing of the file /admin/login.php. The manipulation of the argument txtusername/txtpassword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222851. | 2023-03-11 | not yet calculated | CVE-2023-1352 MISC MISC MISC |
|
sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0. Affected is an unknown function of the file verification.php. The manipulation of the argument txtvaccinationID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222852. | 2023-03-11 | not yet calculated | CVE-2023-1353 MISC MISC MISC |
|
sourcecodester -- design_and_implementation_of_covid_19_directory_on_vaccination_system |
A vulnerability has been found in SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file register.php. The manipulation of the argument txtfullname/txtage/txtaddress/txtphone leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222853 was assigned to this vulnerability. | 2023-03-11 | not yet calculated | CVE-2023-1354 MISC MISC MISC |
|
vim -- vim |
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1402. | 2023-03-11 | not yet calculated | CVE-2023-1355 MISC CONFIRM |
|
cisco -- ios_xr_software_for_asr9000_series_routers |
A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact High-Performance Routers, and ASR 9903 Compact High-Performance Routers could allow an unauthenticated, remote attacker to cause a line card to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of malformed BFD packets that are received on line cards where the BFD hardware offload feature is enabled. An attacker could exploit this vulnerability by sending a crafted IPv4 BFD packet to an affected device. A successful exploit could allow the attacker to cause line card exceptions or a hard reset, resulting in loss of traffic over that line card while the line card reloads. | 2023-03-09 | not yet calculated | CVE-2023-20049 CISCO |
|
cisco -- ios_xr_software |
A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console using the GRUB bootloader command line. This vulnerability is due to the inclusion of unnecessary commands within the GRUB environment that allow sensitive files to be viewed. An attacker could exploit this vulnerability by being connected to the console port of the Cisco IOS XR device when the device is power-cycled. A successful exploit could allow the attacker to view sensitive files that could be used to conduct additional attacks against the device. | 2023-03-09 | not yet calculated | CVE-2023-20064 CISCO |
|
openharmony -- openharmony |
The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | 2023-03-10 | not yet calculated | CVE-2023-22301 MISC |
|
dos_company_limited -- ss1/rakuraku_pc_cloud_agent |
Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | 2023-03-06 | not yet calculated | CVE-2023-22335 MISC MISC |
|
dos_company_limited -- ss1/rakuraku_pc_cloud_agent |
Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | 2023-03-06 | not yet calculated | CVE-2023-22336 MISC MISC |
|
dos_company_limited -- ss1/rakuraku_pc_cloud_agent |
Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and execute it. As a result of exploiting this vulnerability with CVE-2023-22335 and CVE-2023-22336 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | 2023-03-06 | not yet calculated | CVE-2023-22344 MISC MISC |
| jtekt_electronics_corporation -- kostac_plc_programming_software | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. When processing a comment block in stage information, the end of data cannot be verified and out-of-bounds read occurs. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 2023-03-06 | not yet calculated | CVE-2023-22419 MISC MISC MISC |
| jtekt_electronics_corporation -- kostac_plc_programming_software | Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. The insufficient buffer size for the PLC program instructions leads to out-of-bounds read. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 2023-03-06 | not yet calculated | CVE-2023-22421 MISC MISC MISC |
| jtekt_electronics_corporation -- kostac_plc_programming_software | Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. With the abnormal value given as the maximum number of columns for the PLC program, the process accesses the freed memory. As a result, opening a specially crafted project file may lead to information disclosure and/or arbitrary code execution. | 2023-03-06 | not yet calculated | CVE-2023-22424 MISC MISC MISC |
|
web2py -- web2py |
Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack. | 2023-03-06 | not yet calculated | CVE-2023-22432 MISC MISC MISC |
|
openharmony -- openharmony |
The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate the privilege to root. | 2023-03-10 | not yet calculated | CVE-2023-22436 MISC |
|
ec_cube -- 4_series |
Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5), and EC-CUBE 2 series (EC-CUBE 2.11.0 to 2.11.5, EC-CUBE 2.12.0 to 2.12.6, EC-CUBE 2.13.0 to 2.13.5, and EC-CUBE 2.17.0 to 2.17.2) allows a remote authenticated attacker to inject an arbitrary script. | 2023-03-06 | not yet calculated | CVE-2023-22438 MISC MISC MISC MISC |
|
freshrss -- freshrss |
FreshRSS is a self-hosted RSS feed aggregator. When using the greader API, the provided password is logged in clear in `users/_/log_api.txt` in the case where the authentication fails. The issues occurs in `authorizationToUser()` in `greader.php`. If there is an issue with the request or the credentials, `unauthorized()` or `badRequest()` is called. Both these functions are printing the return of `debugInfo()` in the logs. `debugInfo()` will return the content of the request. By default, this will be saved in `users/_/log_api.txt` and if the const `COPY_LOG_TO_SYSLOG` is true, in syslogs as well. Exploiting this issue requires having access to logs produced by FreshRSS. Using the information from the logs, a malicious individual could get users' API keys (would be displayed if the users fills in a bad username) or passwords. | 2023-03-06 | not yet calculated | CVE-2023-22481 MISC MISC |
|
ec_cube -- 4_series |
Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | 2023-03-06 | not yet calculated | CVE-2023-22838 MISC MISC |
|
pg_ivm -- pg_ivm |
Information disclosure vulnerability exists in pg_ivm versions prior to 1.5.1. An Incrementally Maintainable Materialized View (IMMV) created by pg_ivm may reflect rows with Row-Level Security that the owner of the IMMV should not have access to. As a result, information in tables protected by Row-Level Security may be retrieved by a user who is not authorized to access it. | 2023-03-07 | not yet calculated | CVE-2023-22847 MISC MISC MISC |
|
blog_engine.net -- blog_engine.net |
An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. | 2023-03-06 | not yet calculated | CVE-2023-22858 MISC |
|
smartbear -- zephr_enterprise |
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | 2023-03-08 | not yet calculated | CVE-2023-22889 MISC |
|
smartbear -- zephr_enterprise |
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | 2023-03-08 | not yet calculated | CVE-2023-22890 MISC |
|
smartbear -- zephr_enterprise |
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | 2023-03-08 | not yet calculated | CVE-2023-22891 MISC |
|
smartbear -- zephr_enterprise |
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | 2023-03-08 | not yet calculated | CVE-2023-22892 MISC |
|
avantfax -- avantfax |
A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session. | 2023-03-10 | not yet calculated | CVE-2023-23326 MISC MISC |
|
avantfax -- avantfax |
An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls. | 2023-03-10 | not yet calculated | CVE-2023-23327 MISC MISC |
|
avantfax -- avantfax |
A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file. | 2023-03-10 | not yet calculated | CVE-2023-23328 MISC MISC |
|
pg_ivm -- pg_ivm |
Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. When refreshing an IMMV, pg_ivm executes functions without specifying schema names. Under certain conditions, pg_ivm may be tricked to execute unexpected functions from other schemas with the IMMV owner's privilege. If this vulnerability is exploited, an unexpected function provided by an attacker may be executed with the privilege of the materialized view owner. | 2023-03-07 | not yet calculated | CVE-2023-23554 MISC MISC MISC |
| apache -- dubbo | A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution. This issue affects Apache Dubbo 2.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior versions; Apache Dubbo 3.1.x version 3.1.5 and prior versions. | 2023-03-08 | not yet calculated | CVE-2023-23638 MISC |
| github -- enterprise_server | A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to versions 3.8 and was fixed in versions 3.7.7, 3.6.10, 3.5.14, and 3.4.17. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-03-08 | not yet calculated | CVE-2023-23760 MISC MISC MISC MISC |
| fortinet -- fortianalyzer | An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer | 2023-03-07 | not yet calculated | CVE-2023-23776 MISC |
| rocket.chat -- rocket.chat | An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. | 2023-03-10 | not yet calculated | CVE-2023-23911 MISC |
| azure -- setup-kubectl | Azure/setup-kubectl is a GitHub Action for installing Kubectl. This vulnerability only impacts versions before version 3. An insecure temporary creation of a file allows other actors on the Actions runner to replace the Kubectl binary created by this action because it is world writable. This Kubectl tool installer runs `fs.chmodSync(kubectlPath, 777)` to set permissions on the Kubectl binary, however, this allows any local user to replace the Kubectl binary. This allows privilege escalation to the user that can also run kubectl, most likely root. This attack is only possible if an attacker somehow breached the GitHub actions runner or if a user is utilizing an Action that maliciously executes this attack. This has been fixed and released in all versions `v3` and later. 775 permissions are used instead. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-03-06 | not yet calculated | CVE-2023-23939 MISC MISC |
| agilebio -- electronic_lab_notebook | AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. | 2023-03-06 | not yet calculated | CVE-2023-24217 MISC MISC |
| poly/hp -- trio | An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. | 2023-03-08 | not yet calculated | CVE-2023-24282 MISC MISC |
| openharmony -- openharmony | Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause the current application to crash. | 2023-03-10 | not yet calculated | CVE-2023-24465 MISC |
| go -- p256 | The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh. | 2023-03-08 | not yet calculated | CVE-2023-24532 MISC MISC MISC MISC |
| go -- p256 | Multiplication of certain unreduced P-256 scalars produce incorrect results. There are no protocols known at this time that can be attacked due to this. | 2023-03-08 | not yet calculated | CVE-2023-24533 MISC MISC MISC |
| phpipam -- phpipam | phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. | 2023-03-08 | not yet calculated | CVE-2023-24657 MISC |
| pmb -- pmb | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. | 2023-03-06 | not yet calculated | CVE-2023-24733 MISC |
| pmb -- pmb | An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. | 2023-03-06 | not yet calculated | CVE-2023-24734 MISC |
| pmb -- pmb | PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL. | 2023-03-06 | not yet calculated | CVE-2023-24735 MISC |
| pmb -- pmb | PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. | 2023-03-06 | not yet calculated | CVE-2023-24736 MISC |
| pmb -- pmb | PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. | 2023-03-06 | not yet calculated | CVE-2023-24737 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. | 2023-03-08 | not yet calculated | CVE-2023-24773 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. | 2023-03-10 | not yet calculated | CVE-2023-24774 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. | 2023-03-07 | not yet calculated | CVE-2023-24775 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. | 2023-03-06 | not yet calculated | CVE-2023-24776 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. | 2023-03-08 | not yet calculated | CVE-2023-24777 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. | 2023-03-08 | not yet calculated | CVE-2023-24780 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. | 2023-03-07 | not yet calculated | CVE-2023-24781 MISC |
| funadmin -- funadmin | Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. | 2023-03-08 | not yet calculated | CVE-2023-24782 MISC |
| ibm -- spectrum_symphony | IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 247030. | 2023-03-10 | not yet calculated | CVE-2023-24975 MISC MISC |
| hashicorp -- vault/vault_enterprise | HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. | 2023-03-11 | not yet calculated | CVE-2023-24999 MISC |
| ec-cube -- 4_series | Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an arbitrary script. | 2023-03-06 | not yet calculated | CVE-2023-25077 MISC MISC |
| trend_micro -- apex_one_server | An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. | 2023-03-10 | not yet calculated | CVE-2023-25143 MISC |
| trend_micro -- apex_one | An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | 2023-03-10 | not yet calculated | CVE-2023-25144 MISC MISC |
| trend_micro -- apex_one | A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-25145 MISC MISC |
| trend_micro -- apex_one | A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an arbitrary location, ultimately leading to an arbitrary file dropped to an arbitrary location. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-25146 MISC MISC |
| trend_micro -- apex_one | An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL during a specific update process. Please note: an attacker must first obtain administrative access on the target system via another method in order to exploit this. | 2023-03-10 | not yet calculated | CVE-2023-25147 MISC |
| trend_micro -- apex_one | A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2023-03-10 | not yet calculated | CVE-2023-25148 MISC MISC |
| discourse -- discourse-yearly-review | discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. In affected versions a user present in a yearly review topic that is then anonymised will still have some data linked to its original account. This issue has been patched in commit `b3ab33bbf7` which is included in the latest version of the Discourse Yearly Review plugin. Users are advised to upgrade. Users unable to upgrade may disable the `yearly_review_enabled` setting to fully mitigate the issue. Also, it's possible to edit the anonymised user's old data in the yearly review topics manually. | 2023-03-06 | not yet calculated | CVE-2023-25169 MISC MISC |
| crmeb -- crmeb | CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. | 2023-03-07 | not yet calculated | CVE-2023-25223 MISC |
| loonflow -- loonflow | loonflow r2.0.14 is vulnerable to server-side request forgery (SSRF). | 2023-03-07 | not yet calculated | CVE-2023-25230 MISC |
| prism_launcher -- prism_launcher | Prism Launcher <= 6.1 is vulnerable to Directory Traversal. | 2023-03-06 | not yet calculated | CVE-2023-25304 MISC |
| totolink -- a7100ru | TOTOlink A7100RU V7.4cu.2313_B20191024 router has a command injection vulnerability. | 2023-03-08 | not yet calculated | CVE-2023-25395 MISC |
| metersphere -- metersphere | metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-03-09 | not yet calculated | CVE-2023-25573 MISC |
| fortinet -- fortisoar | A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. | 2023-03-07 | not yet calculated | CVE-2023-25605 MISC |
| fortinet -- fortianalyzer | A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code or commands via inserting spreadsheet formulas in macro names. | 2023-03-07 | not yet calculated | CVE-2023-25611 MISC |
| apache -- http_server | Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution. For example, something like: RewriteEngine on RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1"; [P] ProxyPassReverse /here/ http://example.com:8080/ Request splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server. | 2023-03-07 | not yet calculated | CVE-2023-25690 MISC |
| metersphere -- metersphere | metersphere is an open source continuous testing platform. In versions prior to 2.7.1 a user who has permission to create a resource file through UI operations is able to append a path to their submission query which will be read by the system and displayed to the user. This allows a users of the system to read arbitrary files on the filesystem of the server so long as the server process itself has permission to read the requested files. This issue has been addressed in version 2.7.1. All users are advised to upgrade. There are no known workarounds for this issue. | 2023-03-09 | not yet calculated | CVE-2023-25814 MISC |
| openharmony -- openharmony | The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to the system when installing a malicious HAP package. | 2023-03-10 | not yet calculated | CVE-2023-25947 MISC |
| docker -- buildkit | BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`. | 2023-03-06 | not yet calculated | CVE-2023-26054 MISC MISC |
| samsung -- multiple_products | An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, Exynos Auto T5123, and Exynos W920. An intra-object overflow in the 5G MM message codec can occur due to insufficient parameter validation when decoding the Service Area List. | 2023-03-10 | not yet calculated | CVE-2023-26075 MISC MISC MISC |
| snyk -- snyk | All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | 2023-03-09 | not yet calculated | CVE-2023-26109 MISC |
| snyk -- snyk | All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. | 2023-03-09 | not yet calculated | CVE-2023-26110 MISC |
| fortinet -- multiple_products | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 2023-03-09 | not yet calculated | CVE-2023-26208 MISC |
| fortinet -- multiple_products | A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and memory via sending numerous HTTP requests to the login form. | 2023-03-09 | not yet calculated | CVE-2023-26209 MISC |
| ubika -- waap gateway/cloud | In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. The fixed versions are WAAP Gateway & Cloud 6.11.0 and 6.5.6-patch15. | 2023-03-08 | not yet calculated | CVE-2023-26261 MISC MISC |
| go -- gosaml2 |
gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library enables attackers to craft a `deflate`-compressed request which will consume significantly more memory during processing than the size of the original request. This may eventually lead to memory exhaustion and the process being killed. The maximum compression ratio achievable with `deflate` is 1032:1, so by limiting the size of bodies passed to gosaml2, limiting the rate and concurrency of calls, and ensuring that lots of memory is available to the process it _may_ be possible to help Go's garbage collector "keep up". Implementors are encouraged not to rely on this. This issue is fixed in version 0.9.0. | 2023-03-03 | not yet calculated | CVE-2023-26483 MISC MISC MISC MISC |
| wasmtime -- wasmtime | wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8 + 0x7ffffffc = 36507222004 = ~34G` bytes away from the base of linear memory are possible from guest code. This means that the virtual memory 6G away from the base of linear memory up to ~34G away can be read/written by a malicious module. A guest module can, without the knowledge of the embedder, read/write memory in this region. The memory may belong to other WebAssembly instances when using the pooling allocator, for example. Affected embedders are recommended to analyze preexisting wasm modules to see if they're affected by the incorrect codegen rules and possibly correlate that with an anomalous number of traps during historical execution to locate possibly suspicious modules. The specific bug in Cranelift's x86_64 backend is that a WebAssembly address which is left-shifted by a constant amount from 1 to 3 will get folded into x86_64's addressing modes which perform shifts. For example `(i32.load (i32.shl (local.get 0) (i32.const 3)))` loads from the WebAssembly address `$local0 << 3`. When translated to Cranelift the `$local0 << 3` computation, a 32-bit value, is zero-extended to a 64-bit value and then added to the base address of linear memory. Cranelift would generate an instruction of the form `movl (%base, %local0, 8), %dst` which calculates `%base + %local0 << 3`. The bug here, however, is that the address computation happens with 64-bit values, where the `$local0 << 3` computation was supposed to be truncated to a a 32-bit value. This means that `%local0`, which can use up to 32-bits for an address, gets 3 extra bits of address space to be accessible via this `movl` instruction. The fix in Cranelift is to remove the erroneous lowering rules in the backend which handle these zero-extended expression. The above example is then translated to `movl %local0, %temp; shl $3, %temp; movl (%base, %temp), %dst` which correctly truncates the intermediate computation of `%local0 << 3` to 32-bits inside the `%temp` register which is then added to the `%base` value. Wasmtime version 4.0.1, 5.0.1, and 6.0.1 have been released and have all been patched to no longer contain the erroneous lowering rules. While updating Wasmtime is recommended, there are a number of possible workarounds that embedders can employ to mitigate this issue if updating is not possible. Note that none of these workarounds are on-by-default and require explicit configuration: 1. The `Config::static_memory_maximum_size(0)` option can be used to force all accesses to linear memory to be explicitly bounds-checked. This will perform a bounds check separately from the address-mode computation which correctly calculates the effective address of a load/store. Note that this can have a large impact on the execution performance of WebAssembly modules. 2. The `Config::static_memory_guard_size(1 << 36)` option can be used to greatly increase the guard pages placed after linear memory. This will guarantee that memory accesses up-to-34G away are guaranteed to be semantically correct by reserving unmapped memory for the instance. Note that this reserves a very large amount of virtual memory per-instances and can greatly reduce the maximum number of concurrent instances being run. 3. If using a non-x86_64 host is possible, then that will also work around this bug. This bug does not affect Wasmtime's or Cranelift's AArch64 backend, for example. | 2023-03-08 | not yet calculated | CVE-2023-26489 MISC MISC MISC MISC MISC |
| rsshub -- rsshub | RSSHub is an open source and extensible RSS feed generator. When the URL parameters contain certain special characters, it returns an error page that does not properly handle XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version c910c4d28717fb860fbe064736641f379fab2c91. Please upgrade to this or a later version, there are no known workarounds. | 2023-03-03 | not yet calculated | CVE-2023-26491 MISC MISC |
| zoho -- multiple_products | ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | 2023-03-06 | not yet calculated | CVE-2023-26600 MISC MISC |
| zoho -- multiple_products | Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). | 2023-03-06 | not yet calculated | CVE-2023-26601 MISC MISC |
| shopex -- ecshop | An arbitrary file upload vulnerability in the /admin/template.php component of shopEx EcShop v4.1.5 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-03-07 | not yet calculated | CVE-2023-26823 MISC |
| variscite -- matrix_gui | SQL injection vulnerability found in Variscite matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. | 2023-03-08 | not yet calculated | CVE-2023-26922 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. | 2023-03-09 | not yet calculated | CVE-2023-26948 MISC |
| onekeyadmin -- onekeyadmin | An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-03-06 | not yet calculated | CVE-2023-26949 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. | 2023-03-07 | not yet calculated | CVE-2023-26953 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. | 2023-03-07 | not yet calculated | CVE-2023-26954 MISC |
| onekeyadmin -- onekeyadmin |
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. | 2023-03-07 | not yet calculated | CVE-2023-26955 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. | 2023-03-08 | not yet calculated | CVE-2023-26956 MISC |
| onekeyadmin -- onekeyadmin | onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. | 2023-03-09 | not yet calculated | CVE-2023-26957 MISC |
| indexcontroller.java -- indexcontroller.java | feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. demo users with low permission can perform operations within the permission of the admin super administrator and can use this vulnerability to change the blacklist IP address in the system at will. | 2023-03-08 | not yet calculated | CVE-2023-27088 MISC |
| radare -- radare2 | radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. | 2023-03-10 | not yet calculated | CVE-2023-27114 MISC MISC |
| webassembly -- webassembly | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. | 2023-03-10 | not yet calculated | CVE-2023-27115 MISC MISC |
| webassembly -- webassembly | WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. | 2023-03-10 | not yet calculated | CVE-2023-27116 MISC |
| webassembly -- webassembly | WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. | 2023-03-10 | not yet calculated | CVE-2023-27117 MISC |
| webassembly -- webassembly | WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. | 2023-03-10 | not yet calculated | CVE-2023-27119 MISC |
| jellyfin -- multiple_products | Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request. | 2023-03-10 | not yet calculated | CVE-2023-27161 MISC MISC MISC |
| halo -- multiple_products | An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. | 2023-03-10 | not yet calculated | CVE-2023-27164 MISC MISC MISC |
| ibm -- instana | Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. | 2023-03-03 | not yet calculated | CVE-2023-27290 MISC MISC |
| directus -- directus | Directus is a real-time API and App dashboard for managing SQL database content. Instances relying on an allow-listed reset URL are vulnerable to an HTML injection attack through the use of query parameters in the reset URL. An attacker could exploit this to email users urls to the servers domain but which may contain malicious code. The problem has been resolved and released under version 9.23.0. People relying on a custom password reset URL should upgrade to 9.23.0 or later, or remove the custom reset url from the configured allow list. Users are advised to upgrade. Users unable to upgrade may disable the custom reset URL allow list as a workaround. | 2023-03-06 | not yet calculated | CVE-2023-27474 MISC MISC MISC |
| go -- goutil | Goutil is a collection of miscellaneous functionality for the go language. In versions prior to 0.6.0 when users use fsutil.Unzip to unzip zip files from a malicious attacker, they may be vulnerable to path traversal. This vulnerability is known as a ZipSlip. This issue has been fixed in version 0.6.0, users are advised to upgrade. There are no known workarounds for this issue. | 2023-03-07 | not yet calculated | CVE-2023-27475 MISC MISC |
| owslib -- owslib | OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. OWSLib's XML parser (which supports both `lxml` and `xml.etree`) does not disable entity resolution, and could lead to arbitrary file reads from an attacker-controlled XML payload. This affects all XML parsing in the codebase. This issue has been addressed in version 0.28.1. All users are advised to upgrade. The only known workaround is to patch the library manually. See `GHSA-8h9c-r582-mggc` for details. | 2023-03-08 | not yet calculated | CVE-2023-27476 MISC MISC MISC |
| wasmtime -- wasmtime | wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1, 5.0.1, and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time, you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected. | 2023-03-08 | not yet calculated | CVE-2023-27477 MISC MISC MISC MISC MISC |
| libmemcached -- libmemcached | libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. `libmemcached` could return data for a previously requested key, if that previous request timed out due to a low `POLL_TIMEOUT`. This issue has been addressed in version 1.1.4. Users are advised to upgrade. There are several ways to workaround or lower the probability of this bug affecting a given deployment. 1: use a reasonably high `POLL_TIMEOUT` setting, like the default. 2: use separate libmemcached connections for unrelated data. 3: do not re-use libmemcached connections in an unknown state. | 2023-03-07 | not yet calculated | CVE-2023-27478 MISC MISC MISC MISC |
| xwiki_platform -- xwiki_platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`. | 2023-03-07 | not yet calculated | CVE-2023-27479 MISC MISC MISC |
| xwiki_platform -- xwiki_platform | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually. | 2023-03-07 | not yet calculated | CVE-2023-27480 MISC MISC MISC |
| directus -- directus | Directus is a real-time API and App dashboard for managing SQL database content. In versions prior to 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_with` filter. This allows the user to enumerate the password hashes. Accounts cannot be taken over unless the hashes can be reversed which is unlikely with current hardware. This problem has been patched by preventing any hashed/concealed field to be filtered against with the `_starts_with` or other string operator in version 9.16.0. Users are advised to upgrade. Users unable to upgrade may mitigate this issue by ensuring that no user has `read` access to the `password` field in `directus_users`. | 2023-03-07 | not yet calculated | CVE-2023-27481 MISC MISC MISC |
| homeassistant -- homeassistant | homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected. The issue has been mitigated and closed in Supervisor version 2023.03.1, which has been rolled out to all affected installations via the auto-update feature of the Supervisor. This rollout has been completed at the time of publication of this advisory. Home Assistant Core 2023.3.0 included mitigation for this vulnerability. Upgrading to at least that version is thus advised. In case one is not able to upgrade the Home Assistant Supervisor or the Home Assistant Core application at this time, it is advised to not expose your Home Assistant instance to the internet. | 2023-03-08 | not yet calculated | CVE-2023-27482 MISC MISC |
| crossplane -- crossplane | crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. An out of memory panic vulnerability has been discovered in affected versions. Applications that use the `Paved` type's `SetValue` method with user provided input without proper validation might use excessive amounts of memory and cause an out of memory panic. In the fieldpath package, the Paved.SetValue method sets a value on the Paved object according to the provided path, without any validation. This allows setting values in slices at any provided index, which grows the target array up to the requested index, the index is currently capped at max uint32 (4294967295) given how indexes are parsed, but that is still an unnecessarily large value. If callers are not validating paths' indexes on their own, which most probably are not going to do, given that the input is parsed directly in the SetValue method, this could allow users to consume arbitrary amounts of memory. Applications that do not use the `Paved` type's `SetValue` method are not affected. This issue has been addressed in versions 0.16.1 and 0.19.2. Users are advised to upgrade. Users unable to upgrade can parse and validate the path before passing it to the `SetValue` method of the `Paved` type, constraining the index size as deemed appropriate. | 2023-03-09 | not yet calculated | CVE-2023-27483 MISC MISC |
| crossplane -- crossplane | crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. In affected versions an already highly privileged user able to create or update Compositions can specify an arbitrarily high index in a patch's `ToFieldPath`, which could lead to excessive memory usage once such Composition is selected for a Composite resource. Compositions allow users to specify patches inserting elements into arrays at an arbitrary index. When a Composition is selected for a Composite Resource, patches are evaluated and if a specified index is greater than the current size of the target slice, Crossplane will grow that slice up to the specified index, which could lead to an excessive amount of memory usage and therefore the Pod being OOM-Killed. The index is already capped to the maximum value for a uint32 (4294967295) when parsed, but that is still an unnecessarily large value. This issue has been addressed in versions 1.11.2, 1.10.3, and 1.9.2. Users are advised to upgrade. Users unable to upgrade can restrict write privileges on Compositions to only admin users as a workaround. | 2023-03-09 | not yet calculated | CVE-2023-27484 MISC |
| fbs-core -- fbs-core | thmmniii/fbs-core is an open source feedback system for students. In versions prior to 1.5.3 when querying `subresults`, it is possible to query `subresults` from other users due to insufficient authorisation. This is only possible for logged-in users and it is not possible to associate the subresults with a specific user. This bug was fixed in commit `f1ae67d8bb2`and released with version 1.5.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-03-07 | not yet calculated | CVE-2023-27485 MISC MISC MISC MISC |
| xcat -- xcat | xCAT is a toolkit for deployment and administration of computer clusters. In versions prior to 2.16.5 if zones are configured as a mechanism to secure clusters in XCAT, it is possible for a local root user from one node to obtain credentials to SSH to any node in any zone, except the management node of the default zone. XCAT zones are not enabled by default. Only users that use the optional zone feature are impacted. All versions of xCAT prior to xCAT 2.16.5 are vulnerable. This problem has been fixed in xCAT 2.16.5. Users making use of zones should upgrade to 2.16.5. Users unable to upgrade may mitigate the issue by disabling zones or patching the management node with the fix contained in commit `85149c37f49`. | 2023-03-08 | not yet calculated | CVE-2023-27486 MISC MISC MISC MISC |
| next.js -- next.js | NextAuth.js is an open source authentication solution for Next.js applications. `next-auth` applications using OAuth provider versions before `v4.20.1` have been found to be subject to an authentication vulnerability. A bad actor who can read traffic on the victim's network or who is able to social engineer the victim to click a manipulated login link could intercept and tamper with the authorization URL to **log in as the victim**, bypassing the CSRF protection. This is due to a partial failure during a compromised OAuth session where a session code is erroneously generated. This issue has been addressed in version 4.20.1. Users are advised to upgrade. Users unable to upgrade may using Advanced Initialization, manually check the callback request for state, pkce, and nonce against the provider configuration to prevent this issue. See the linked GHSA for details. | 2023-03-09 | not yet calculated | CVE-2023-27490 MISC MISC MISC MISC MISC MISC |
| apache_software_foundation -- http_server | HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client. | 2023-03-07 | not yet calculated | CVE-2023-27522 MISC |
| rack -- rack | A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected. | 2023-03-10 | not yet calculated | CVE-2023-27530 MISC |
| veeam -- backup_&_replication | Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts. | 2023-03-10 | not yet calculated | CVE-2023-27532 MISC |
| shadowocks -- x-ng | ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. | 2023-03-03 | not yet calculated | CVE-2023-27574 MISC MISC |
| flarum -- flarum | flarum is a forum software package for building communities. In versions prior to 1.7.0 an admin account which has already been compromised by an attacker may use a vulnerability in the `LESS` parser which can be exploited to read sensitive files on the server through the use of path traversal techniques. An attacker can achieve this by providing an absolute path to a sensitive file in the custom `LESS` setting, which the `LESS` parser will then read. For example, an attacker could use the following code to read the contents of the `/etc/passwd` file on a linux machine. The scope of what files are vulnerable will depend on the permissions given to the running flarum process. The vulnerability has been addressed in version `1.7`. Users should upgrade to this version to mitigate the vulnerability. Users unable to upgrade may mitigate the vulnerability by ensuring that their admin accounts are secured with strong passwords and follow other best practices for account security. Additionally, users can limit the exposure of sensitive files on the server by implementing appropriate file permissions and access controls at the operating system level. | 2023-03-10 | not yet calculated | CVE-2023-27577 MISC MISC |
| debian-goodies -- debian-goodies | debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. (The path is shown to the user before execution.) | 2023-03-05 | not yet calculated | CVE-2023-27635 MISC |
| l-soft -- listserv | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | 2023-03-05 | not yet calculated | CVE-2023-27641 MISC |
| netgear -- nighthawk_wifi6 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. | 2023-03-10 | not yet calculated | CVE-2023-27850 MISC |
| netgear -- nighthawk_wifi6 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. | 2023-03-10 | not yet calculated | CVE-2023-27851 MISC |
| netgear -- nighthawk_wifi6 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. | 2023-03-10 | not yet calculated | CVE-2023-27852 MISC |
| netgear -- nighthawk_wifi6 | NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. | 2023-03-10 | not yet calculated | CVE-2023-27853 MISC |
| pretix -- pretix | rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1. | 2023-03-06 | not yet calculated | CVE-2023-27891 MISC |
| jenkins_project -- jenkins | Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances. | 2023-03-10 | not yet calculated | CVE-2023-27898 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution. | 2023-03-10 | not yet calculated | CVE-2023-27899 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in hudson.util.MultipartFormDataParser, allowing attackers to trigger a denial of service. | 2023-03-10 | not yet calculated | CVE-2023-27900 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service. | 2023-03-10 | not yet calculated | CVE-2023-27901 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. | 2023-03-10 | not yet calculated | CVE-2023-27902 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used. | 2023-03-10 | not yet calculated | CVE-2023-27903 MISC |
| jenkins_project -- jenkins | Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | 2023-03-10 | not yet calculated | CVE-2023-27904 MISC |
| jenkins_project -- jenkins | Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting. | 2023-03-10 | not yet calculated | CVE-2023-27905 MISC |
| emacs -- emacsclient-mail.desktop | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. This is related to lack of compliance with the Desktop Entry Specification. | 2023-03-09 | not yet calculated | CVE-2023-27985 MISC MISC MISC MLIST |
| emacs -- emacsclient-mail.desktop | emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. | 2023-03-09 | not yet calculated | CVE-2023-27986 MISC MISC MLIST |
Please share your thoughts. We recently updated our anonymous Product Feedback Survey and we'd welcome your feedback.
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.