Vulnerability Summary for the Week of May 22, 2023

Released
May 30, 2023
Document ID
SB23-150

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
cbot -- chatbotGeneration of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-259.9CVE-2023-2882MISC
cbot -- chatbotChannel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-259.9CVE-2023-2885MISC
linux -- linux_kernelAn issue was discovered in netfilter in the Linux kernel before 5.10. There can be a use-after-free in the packet processing context, because the per-CPU sequence count is mishandled during concurrent iptables rules replacement. This could be exploited with the CAP_NET_ADMIN capability in an unprivileged namespace. NOTE: cc00bca was reverted in 5.12.2023-05-219.8CVE-2020-36694MISCMISCMISCMISC
huawei -- emuiLack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.2023-05-269.8CVE-2021-46887MISC
thingsforrestaurants -- quick_restaurant_reservationsCross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant Reservations plugin <= 1.5.4 versions.2023-05-229.8CVE-2022-44739MISC
schneider-electric -- powerlogic_ion9000_firmwareA CWE-319: Cleartext transmission of sensitive information vulnerability exists that could
cause disclosure of sensitive information, denial of service, or modification of data if an attacker
is able to intercept network traffic.
2023-05-229.8CVE-2022-46680MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 243163.2023-05-199.8CVE-2022-47984MISCMISC
huawei -- harmonyosThe facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.2023-05-269.8CVE-2022-48478MISC
huawei -- harmonyosThe facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.2023-05-269.8CVE-2022-48479MISC
adam_retail_automation_systems -- mobilmen_terminal_softwareImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection.This issue affects Mobilmen Terminal Software: before 3.2023-05-239.8CVE-2023-1508MISC
ipekyolu_software -- auto_damage_tracking_softwareImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection.This issue affects Auto Damage Tracking Software: before 4.2023-05-249.8CVE-2023-2045MISC
minova_technology -- etraceImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.This issue affects eTrace: before 23.05.20.2023-05-249.8CVE-2023-2064MISC
wclovers -- wcfm_membershipThe WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.2023-05-209.8CVE-2023-2276MISCMISCMISC
vibethemes -- bp_social_connectThe BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email.2023-05-199.8CVE-2023-2704MISCMISCMISCMISC
rental_module_project -- rental_moduleUnrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.2023-05-209.8CVE-2023-2712MISC
rental_module_project -- rental_moduleAuthorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.2023-05-209.8CVE-2023-2713MISC
cityboss -- e-municipalityImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.This issue affects E-municipality: before 6.05.2023-05-249.8CVE-2023-2750MISC
sourcecodester -- online_jewelry_storeA vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Affected by this vulnerability is an unknown functionality of the file supplier.php of the component POST Parameter Handler. The manipulation of the argument suppid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229429 was assigned to this vulnerability.2023-05-199.8CVE-2023-2815MISCMISCMISC
sourcecodester -- class_scheduling_systemA vulnerability was found in SourceCodester Class Scheduling System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_subject.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229597 was assigned to this vulnerability.2023-05-209.8CVE-2023-2823MISCMISCMISC
snapone -- orvc

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. The device only calculates the MD5 hash of the firmware and does not check using a private-public key mechanism. The lack of complete PKI system firmware signature could allow attackers to upload arbitrary firmware updates, resulting in code execution.

2023-05-229.8CVE-2023-28386MISCMISC
gpac -- gpacNULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.2023-05-229.8CVE-2023-2840CONFIRMMISCDEBIAN
sourcecodester -- theme_park_ticketing_systemA vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. It has been classified as critical. This affects an unknown part of the file print_ticket.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229821 was assigned to this vulnerability.2023-05-249.8CVE-2023-2865MISCMISCMISC
apache -- inlongImproper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed using Burp Suite by sending a login
request and following it with a subsequent HTTP request
using the returned cookie.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.

2023-05-229.8CVE-2023-31062MISC
wcms -- wcmsIn Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution.2023-05-229.8CVE-2023-31689MISC
sem-cms -- semcmsSEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.2023-05-199.8CVE-2023-31707MISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. IBM X-Force ID: 255285.2023-05-229.8CVE-2023-32336MISCMISC
linux -- linux_kernelThe Linux kernel 6.3 has a use-after-free in iopt_unmap_iova_range in drivers/iommu/iommufd/io_pagetable.c.2023-05-219.8CVE-2023-33250MISCMISC
old_age_home_management_system_project -- old_age_home_management_systemOld Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.2023-05-239.8CVE-2023-33338MISC
gpac -- gpacOut-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.2023-05-229.1CVE-2023-2838MISCCONFIRMDEBIAN
cbot -- chatbotAuthentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-259.1CVE-2023-2887MISC
apache -- inlongInsufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 

An old session can be used by an attacker even after the user has been deleted or the password has been changed.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 , https://github.com/apache/inlong/pull/7884 https://github.com/apache/inlong/pull/7884 to solve it.

2023-05-229.1CVE-2023-31065MISC
apache -- inlongFiles or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources! Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7775 https://github.com/apache/inlong/pull/7775 to solve it.2023-05-229.1CVE-2023-31066MISC
netbox_project -- netbox** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.2023-05-249.1CVE-2023-33796MISCMISC
asgaros -- asgaros_forumCross-Site Request Forgery (CSRF) vulnerability in Thomas Belser Asgaros Forum plugin <= 2.2.0 versions.2023-05-228.8CVE-2022-41608MISC
webmat -- flexible_elementor_panelCross-Site Request Forgery (CSRF) vulnerability in WebMat Flexible Elementor Panel plugin <= 2.3.8 versions.2023-05-228.8CVE-2022-45076MISC
loginizer -- loginizerCross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions.2023-05-228.8CVE-2022-45079MISC
xootix -- side_cart_woocommerceCross-Site Request Forgery (CSRF) vulnerability in XootiX Side Cart Woocommerce (Ajax) < 2.1 versions.2023-05-228.8CVE-2022-45376MISC
brainstormforce -- starter_templatesCross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Starter Templates plugin <= 3.1.20 versions.2023-05-238.8CVE-2022-46851MISC
radiustheme -- post_gridCross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 5.0.4 versions.2023-05-238.8CVE-2022-46853MISC
gallery_metabox_project -- gallery_metaboxCross-Site Request Forgery (CSRF) vulnerability in Bill Erickson Gallery Metabox plugin <= 1.5 versions.2023-05-208.8CVE-2022-47134MISC
mediamatic -- media_library_foldersCross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.2023-05-228.8CVE-2022-47142MISC
crayon_syntax_highlighter_project -- crayon_syntax_highlighterCross-Site Request Forgery (CSRF) vulnerability in Aram Kocharyan Crayon Syntax Highlighter plugin <= 2.8.4 versions.2023-05-228.8CVE-2022-47167MISC
stylist_project -- stylistCross-Site Request Forgery (CSRF) vulnerability in StylistWP Extra Block Design, Style, CSS for ANY Gutenberg Blocks plugin <= 0.2.6 versions.2023-05-228.8CVE-2022-47183MISC
nicearma -- dnui-delete-not-used-imageCross-Site Request Forgery (CSRF) vulnerability in Nicearma DNUI plugin <= 2.8.1 versions.2023-05-228.8CVE-2022-47609MISC
hover_image_project -- hover_imageCross-Site Request Forgery (CSRF) vulnerability in Julian Weinert // cs&m Hover Image plugin <= 1.4.1 versions.2023-05-228.8CVE-2022-47611MISC
armoli_technology -- cargo_tracking_systemAuthorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass.This issue affects Cargo Tracking System: before 3558f28 .2023-05-248.8CVE-2023-2065MISC
wp_tabs_slides_project -- wp_tabs_slidesCross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions.2023-05-228.8CVE-2023-22688MISC
autoaffiliatelinks -- auto_affiliate_linksCross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions.2023-05-208.8CVE-2023-22689MISC
name_directory_project -- name_directoryCross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions.2023-05-228.8CVE-2023-22692MISC
srs_simple_hits_counter_project -- srs_simple_hits_counterCross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions.2023-05-228.8CVE-2023-22709MISC
supsystic -- coming_soonCross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions.2023-05-228.8CVE-2023-22714MISC
wp_topbar_project -- wp_topbarCross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions.2023-05-228.8CVE-2023-23680MISC
hmplugin -- wordpress_books_galleryCross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions.2023-05-238.8CVE-2023-23705MISC
miniorange -- wordpress_social_login_and_register_\(discord\,_google\,_twitter\,_linkedin\)Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions.2023-05-238.8CVE-2023-23706MISC
user-meta -- user_meta_managerCross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions.2023-05-228.8CVE-2023-23712MISC
theme_tweaker_project -- theme_tweakerCross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions.2023-05-238.8CVE-2023-23713MISC
winwar -- wp_email_captureCross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions.2023-05-238.8CVE-2023-23724MISC
secondlinethemes -- auto_youtube_importerCross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions.2023-05-228.8CVE-2023-23797MISC
my_calendar_project -- my_calendarCross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions.2023-05-228.8CVE-2023-23813MISC
ljapps -- wp_airbnb_review_sliderCross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.2023-05-208.8CVE-2023-23890MISC
robosoft -- robogalleryCross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions.2023-05-208.8CVE-2023-24414MISC
slickremix -- feed_them_socialCross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions.2023-05-238.8CVE-2023-25056MISC
inkthemes -- colorwayCross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions.2023-05-228.8CVE-2023-25447MISC
archivist_project -- archivistCross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist – Custom Archive Templates plugin <= 1.7.4 versions.2023-05-228.8CVE-2023-25448MISC
podlove -- podlove_podcast_publisherCross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions.2023-05-238.8CVE-2023-25472MISC
podlove -- podlove_subscribe_buttonCross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions.2023-05-238.8CVE-2023-25481MISC
vikwp -- vikbooking_hotel_booking_engine_\&_pmsCross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.12 versions.2023-05-238.8CVE-2023-25707MISC
finex_media -- competition_management_systemAuthorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.This issue affects Competition Management System: before 23.07.2023-05-238.8CVE-2023-2702MISC
weaver -- e-cologyA vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Affected by this vulnerability is the function RequestInfoByXml of the component API. The manipulation leads to xml external entity reference. The associated identifier of this vulnerability is VDB-229411. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-198.8CVE-2023-2806MISCMISCMISC
cbot -- chatbotAuthorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-258.8CVE-2023-2883MISC
pingonline -- dyslexiefont_freeCross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.2023-05-208.8CVE-2023-32589MISC
mitsubishielectric -- melsec_ws0-geth00200_firmwareActive Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 all versions allows a remote unauthenticated attacker to bypass authentication and illegally log into the affected module by connecting to it via telnet which is hidden function and is enabled by default when shipped from the factory. As a result, a remote attacker with unauthorized login can reset the module, and if certain conditions are met, he/she can disclose or tamper with the module's configuration or rewrite the firmware.2023-05-198.6CVE-2023-1618MISCMISCMISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciously crafted JSON file with an HTML object to trigger the vulnerability. This could allow the attacker to execute scripts in the account context and obtain remote code execution on managed devices.2023-05-228.3CVE-2023-2587MISC
obsidian -- obsidianObsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page.2023-05-208.2CVE-2023-33244MISCMISC
cloudfoundry -- cf-deploymentCloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection.2023-05-198.1CVE-2023-20881MISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajax_edit_contact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and then modify the assigned user to the auto login link to elevate verified user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-05-208CVE-2023-2736MISCMISCMISCMISC
wireshark -- wiresharkBLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-267.8CVE-2023-2854MISCCONFIRMMISC
wireshark -- wiresharkCandump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-267.8CVE-2023-2855CONFIRMMISCMISC
wireshark -- wiresharkBLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-267.8CVE-2023-2857MISCMISCCONFIRM
wireshark -- wiresharkNetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-267.8CVE-2023-2858MISCMISCCONFIRM
allwaysync -- allwaysyncInsecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file.2023-05-227.8CVE-2023-29838MISCMISC
luatex_project -- luatexLuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.2023-05-207.8CVE-2023-32700MISCMISCMISCMISC
foxit -- pdf_editorFoxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.2023-05-197.8CVE-2023-33240MISC
finex_media -- competition_management_systemExposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.2023-05-237.6CVE-2023-2703MISC
cbot -- chatbotMissing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-257.6CVE-2023-2886MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46881MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46882MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46883MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46884MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46885MISC
huawei -- emuiThe video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2021-46886MISC
fastweb -- fastgate_vdsl2_dga4131fwb_firmwareA heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS.2023-05-197.5CVE-2022-30114MISCMISCMISC
huawei -- emuiInteger overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.2023-05-267.5CVE-2022-48480MISC
huawei -- emuiThe reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.2023-05-267.5CVE-2023-0116MISC
huawei -- harmonyosThe window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality.2023-05-207.5CVE-2023-1692MISCMISC
huawei -- emuiThe Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.2023-05-207.5CVE-2023-1693MISCMISC
huawei -- emuiThe Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.2023-05-207.5CVE-2023-1694MISCMISC
huawei -- harmonyosThe multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability.2023-05-207.5CVE-2023-1696MISCMISC
sitecore -- experience_platformDirectory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx2023-05-227.5CVE-2023-27067MISCMISC
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.2023-05-267.5CVE-2023-2825MISCMISCCONFIRM
gpac -- gpacDivide By Zero in GitHub repository gpac/gpac prior to 2.2.2.2023-05-227.5CVE-2023-2839CONFIRMMISCDEBIAN
apache -- tomcatThe fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.2023-05-227.5CVE-2023-28709MISCMISCMISC
wireshark -- wiresharkGDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file2023-05-267.5CVE-2023-2879MISCCONFIRMMISC
webbax -- customexporterPrestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php.2023-05-197.5CVE-2023-30199MISCMISC
apache -- inlongDeserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the
'autoDeserialize' option filtering by adding blanks. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick 

https://github.com/apache/inlong/pull/7674 https://github.com/apache/inlong/pull/7674 to solve it.

2023-05-227.5CVE-2023-31058MISC
apache -- inlongFiles or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7799 https://github.com/apache/inlong/pull/7799 to solve it.2023-05-227.5CVE-2023-31064MISC
apache -- inlongExposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. 
Attackers can change the immutable name and type of cluster of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 to solve it.
2023-05-227.5CVE-2023-31103MISC
apache -- inlongIncorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner
of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

[1]

https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

2023-05-227.5CVE-2023-31453MISC
apache -- inlongIncorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. 

The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1]

https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

2023-05-227.5CVE-2023-31454MISC
icecms_project -- icecmsIceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.2023-05-257.5CVE-2023-33355MISC
bumsys_project -- bumsysSQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0.2023-05-227.2CVE-2023-2832MISCMISC
craftcms -- craft_cmsCraft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an improperly configured STG or PROD environment, they can exploit this vulnerability to remote code execution. Code execution may grant the attacker access to the host operating system. This issue has been addressed in version 4.4.6. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-197.2CVE-2023-32679MISC
sourcecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.2023-05-267.2CVE-2023-33439MISC
sourcecodester -- faculty_evaluation_systemSourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.2023-05-267.2CVE-2023-33440MISC
dell -- cloudiq_collectorDell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. An attacker with low privileges could potentially exploit this vulnerability, leading to gain access to unauthorized data.2023-05-197.1CVE-2023-28045MISC

Back to top

 

Medium Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
tp-link -- archer_vr1600v_firmwareA command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. 0.9.1 v5006.0 Build 220518 Rel.32480n which allows remote attackers, authenticated to the administrative web portal as an administrator user to open an operating system level shell via the 'X_TP_IfName' parameter.2023-05-196.7CVE-2023-31756MISC
sitecore -- experience_platformDirectory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle.2023-05-226.5CVE-2023-27066MISCMISC
apache -- inlongInsecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7836 https://github.com/apache/inlong/pull/7836 to solve it.2023-05-226.5CVE-2023-31101MISC
quest -- kace_systems_deployment_applianceThere is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an attacker-controlled LDAP server, clicks the Test Settings button, and captures the cleartext credentials.2023-05-216.5CVE-2023-33254MISC
nissan -- sylphy_classic_2021_firmwareThe remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack.2023-05-226.5CVE-2023-33281MISCMISCMISC
cbot -- chatbotUse of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.2023-05-256.4CVE-2023-2884MISC
3ds -- 3dexperienceA reflected Cross-site Scripting (XSS) vulnerability in 3DEXPERIENCE R2018x through R2023x allows an attacker to execute arbitrary script code.2023-05-196.1CVE-2023-1996MISC
sourcecodester -- class_scheduling_systemA vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Affected is an unknown function of the file /admin/save_teacher.php of the component POST Parameter Handler. The manipulation of the argument Academic_Rank leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229428.2023-05-196.1CVE-2023-2814MISCMISCMISC
ellucian -- ethos_identityA vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596.2023-05-206.1CVE-2023-2822MISCMISCMISCMISC
sourcecodester -- dental_clinic_appointment_reservation_systemA vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/service.php of the component POST Parameter Handler. The manipulation of the argument service leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-229598 is the identifier assigned to this vulnerability.2023-05-206.1CVE-2023-2824MISCMISCMISC
mybb -- mybbIn MyBB before 1.8.34, there is XSS in the User CP module via the user email field.2023-05-226.1CVE-2023-28467MISCMISC
sourcecodester -- online_jewelry_storeA vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file customer.php of the component POST Parameter Handler. The manipulation of the argument Custid leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229820.2023-05-246.1CVE-2023-2864MISCMISCMISC
silicon_project -- siliconGitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field.2023-05-226.1CVE-2023-31584MISCMISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 244373.2023-05-195.5CVE-2023-22878MISCMISC
telegram -- telegramTelegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag.2023-05-195.5CVE-2023-26818MISCMISC
gpac -- gpacStack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.2023-05-225.5CVE-2023-2837MISCCONFIRMDEBIAN
ibm -- mqIBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. IBM X-Force ID: 250398.2023-05-195.5CVE-2023-28514MISCMISC
wireshark -- wiresharkVMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file2023-05-265.5CVE-2023-2856CONFIRMMISCMISC
ibm -- mqIBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. IBM X-Force ID: 251358.2023-05-195.5CVE-2023-28950MISCMISC
libtiff -- libtiffA vulnerability was found in the libtiff library. This flaw causes a heap buffer overflow issue via the TIFFTAG_INKNAMES and TIFFTAG_NUMBEROFINKS values.2023-05-195.5CVE-2023-30774MISCMISCMISC
libtiff -- libtiffA vulnerability was found in the libtiff library. This security flaw causes a heap buffer overflow in extractContigSamples32bits, tiffcrop.c.2023-05-195.5CVE-2023-30775MISCMISCMISC
hledger -- hledgerAn issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.2023-05-215.4CVE-2021-46888MISCMISCMISCMISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload a file to the contact, and then lists all the other uploaded files related to the contact.2023-05-205.4CVE-2023-2716MISCMISCMISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note this only works with legacy contact forms.2023-05-205.4CVE-2023-2735MISCMISCMISCMISC
sourcecodester -- class_scheduling_systemA vulnerability has been found in SourceCodester Class Scheduling System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_teacher_result.php of the component POST Parameter Handler. The manipulation of the argument teacher leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229612.2023-05-215.4CVE-2023-2826MISCMISCMISC
ibm -- infosphere_information_serverIBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251213.2023-05-195.4CVE-2023-28529MISCMISC
dedecms -- dedecmsDedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'2023-05-195.4CVE-2023-31757MISC
jizhicms -- jizhicmsjizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). The content of the article published in the front end is only filtered in the front end, without being filtered in the background, which allows attackers to publish an article containing malicious JavaScript scripts by modifying the request package.2023-05-195.4CVE-2023-31862MISC
icecms_project -- icecmsIceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS).2023-05-255.4CVE-2023-33356MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33785MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33786MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33787MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33788MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33789MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33790MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33791MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33792MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33793MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33794MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33795MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33797MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33798MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33799MISC
netbox_project -- netboxA stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.2023-05-245.4CVE-2023-33800MISC
huawei -- emuiThe online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.2023-05-265.3CVE-2023-0117MISC
vyper_project -- vyperVyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.2023-05-195.3CVE-2023-32675MISCMISC
linux -- linux_kernelAn issue was discovered in the Linux kernel before 6.2.9. A use-after-free was found in bq24190_remove in drivers/power/supply/bq24190_charger.c. It could allow a local attacker to crash the system due to a race condition.2023-05-224.7CVE-2023-33288MISCMISCMISCMISCMISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change the license key and support license key, but it can only be changed to a valid license key.2023-05-204.3CVE-2023-2714MISCMISCMISCMISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's data to the plugin developer, and it is also possible to create an admin access with an auto login link that is also sent to the plugin developer with the ticket. It only works if the plugin is activated with a valid license.2023-05-204.3CVE-2023-2715MISCMISCMISC
groundhogg -- groundhoggThe Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enable_safe_mode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other plugins, via a forged request if they can successfully trick an administrator into performing an action such as clicking on a link. A warning message about safe mode is displayed to the admin, which can be easily disabled.2023-05-204.3CVE-2023-2717MISCMISCMISC
eyoucms -- eyoucmsA Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.2023-05-234.3CVE-2023-31708MISC
hazelcast -- hazelcastIn Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. This allows Hazelcast Management Center users to view some of the secrets.2023-05-224.3CVE-2023-33264MISC

Back to top

 

Low Vulnerabilities

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
zulip -- zulipZulip is an open-source team collaboration tool with unique topic-based threading. In the event that 1: `ZulipLDAPAuthBackend` and an external authentication backend (any aside of `ZulipLDAPAuthBackend` and `EmailAuthBackend`) are the only ones enabled in `AUTHENTICATION_BACKENDS` in `/etc/zulip/settings.py` and 2: The organization permissions don't require invitations to join. An attacker can create a new account in the organization with an arbitrary email address in their control that's not in the organization's LDAP directory. The impact is limited to installations which have this specific combination of authentication backends as described above in addition to having `Invitations are required for joining this organization` organization permission disabled. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may enable the `Invitations are required for joining this organization` organization permission to prevent this issue.2023-05-193.7CVE-2023-28623MISCMISC
zulip -- zulipZulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip Server 6.1 and below, the UI which allows a user to invite a new user also allows them to set the streams that the new user is invited to -- even if the inviting user would not have permissions to add an existing user to streams. While such a configuration is likely rare in practice, the behavior does violate security-related controls. This does not let a user invite new users to streams they cannot see, or would not be able to add users to if they had that general permission. This issue has been addressed in version 6.2. Users are advised to upgrade. Users unable to upgrade may limit sending of invitations down to users who also have the permission to add users to streams.2023-05-193.1CVE-2023-32677MISCMISCMISCMISC

Back to top

 

Severity Not Yet Assigned

PrimaryVendor -- ProductDescriptionPublishedCVSS ScoreSource & Patch Info
ruby-saml  -- ruby-samlxml_security.rb in the ruby-saml gem before 1.0.0 for Ruby allows XPath injection and code execution because prepared statements are not used.2023-05-27not yet calculatedCVE-2015-20108MISCMISCMISCMISC
webplus_pro -- webplus_proWebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control.2023-05-23not yet calculatedCVE-2020-20012MISCMISC
ingress-nginx -- ingress-nginxA security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.2023-05-24not yet calculatedCVE-2021-25748MISCMISC
kubernetes -- kubernetesWindows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.2023-05-24not yet calculatedCVE-2021-25749MISC
abb -- multiple_productsInsertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools.

An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could have the potential to exploit this vulnerability to gain control of system nodes.

This issue affects QCS 800xA: from 1.0;0 through 6.1SP2; QCS AC450: from 1.0;0 through 5.1SP2; Platform Engineering Tools: from 1.0:0 through 2.3.0.

2023-05-22not yet calculatedCVE-2022-0010MISC
bitdefender -- multiple_productsUnquoted Search Path or Element vulnerability in the Vulnerability Scan component of Bitdefender Total Security, Bitdefender Internet Security, and Bitdefender Antivirus Plus allows an attacker to elevate privileges to SYSTEM.

This issue affects:

Bitdefender Total Security
versions prior to 26.0.10.45.
Bitdefender Internet Security
versions prior to 26.0.10.45.
Bitdefender Antivirus Plus
versions prior to 26.0.10.45.

2023-05-24not yet calculatedCVE-2022-0357MISC
credence_analytics -- ideal_wealth_and_fundsSQL injection in "/Framewrk/Home.jsp" file (POST method) in tCredence Analytics iDEAL Wealth and Funds - 1.0 iallows authenticated remote attackers to inject payload via "v" parameter.2023-05-24not yet calculatedCVE-2022-30025MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin <= 1.3.4 versions.2023-05-25not yet calculatedCVE-2022-38356MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing plugin <= 1.4.4 versions.2023-05-25not yet calculatedCVE-2022-38716MISC
matrix-org -- synapseSynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.2023-05-26not yet calculatedCVE-2022-39335MISCMISCMISC
matrix-org -- synapseSynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.02023-05-26not yet calculatedCVE-2022-39374MISCMISC
opentext -- archive_center_administrationThe client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it.2023-05-24not yet calculatedCVE-2022-41221MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Zorem Advanced Shipment Tracking for WooCommerce plugin <= 3.5.2 versions.2023-05-25not yet calculatedCVE-2022-41635MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in LearningTimes BadgeOS plugin <= 3.7.1.6 versions.2023-05-25not yet calculatedCVE-2022-41987MISC
jumpserver -- jumpserverJumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin's permission.2023-05-24not yet calculatedCVE-2022-42225MISCMISCMISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in XWP Stream plugin <= 3.9.2 versions.2023-05-25not yet calculatedCVE-2022-43490MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Glen Don L. Mongaya Drag and Drop Multiple File Upload – Contact Form 7 plugin <= 1.3.6.5 versions.2023-05-24not yet calculatedCVE-2022-45364MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.2023-05-25not yet calculatedCVE-2022-45366MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tyche Softwares Custom Order Numbers for WooCommerce plugin <= 1.4.0 versions.2023-05-25not yet calculatedCVE-2022-45367MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Wpmet ShopEngine plugin <= 4.1.1 versions.2023-05-25not yet calculatedCVE-2022-45371MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in StylemixThemes GDPR Compliance & Cookie Consent plugin <= 1.2 versions.2023-05-25not yet calculatedCVE-2022-45815MISC
dataprobe -- iboot-pdu_fwThe affected product is vulnerable to a stack-based buffer overflow which could lead to a denial of service or remote code execution.2023-05-22not yet calculatedCVE-2022-46658MISCMISC
dataprobe -- iboot-pdu_fwThe affected product exposes multiple sensitive data fields of the affected product. An attacker can use the SNMP command to get device mac address and login as admin.2023-05-22not yet calculatedCVE-2022-46738MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in weightbasedshipping.Com WooCommerce Weight Based Shipping plugin <= 5.4.1 versions.2023-05-24not yet calculatedCVE-2022-46794MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache plugin <= 5.3 versions.2023-05-25not yet calculatedCVE-2022-46800MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.2023-05-25not yet calculatedCVE-2022-46810MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in VillaTheme Thank You Page Customizer for WooCommerce – Increase Your Sales plugin <= 1.0.13 versions.2023-05-25not yet calculatedCVE-2022-46812MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner plugin <= 3.1.1 versions.2023-05-23not yet calculatedCVE-2022-46813MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Pierre Lebedel Kodex Posts likes plugin <= 2.4.3 versions.2023-05-25not yet calculatedCVE-2022-46814MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin <= 1.1.4 versions.2023-05-24not yet calculatedCVE-2022-46816MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WPJoli Joli Table Of Contents plugin <= 1.3.9 versions.2023-05-25not yet calculatedCVE-2022-46820MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions.2023-05-25not yet calculatedCVE-2022-46856MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Bulk Resize Media plugin <= 1.1 versions.2023-05-25not yet calculatedCVE-2022-46865MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Marty Thornley Import External Images plugin <= 1.4 versions.2023-05-25not yet calculatedCVE-2022-46866MISC
oracle -- apacheA carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later.2023-05-25not yet calculatedCVE-2022-46907MISCMISC
nagvis -- nagvisNagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.2023-05-26not yet calculatedCVE-2022-46945CONFIRMMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in chronoengine.Com Chronoforms plugin <= 7.0.9 versions.2023-05-25not yet calculatedCVE-2022-47135MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions.2023-05-25not yet calculatedCVE-2022-47136MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in German Krutov LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin <= 2.1 versions.2023-05-25not yet calculatedCVE-2022-47138MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Damir Calusic WP Basic Elements plugin <= 5.2.15 versions.2023-05-25not yet calculatedCVE-2022-47139MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.2023-05-25not yet calculatedCVE-2022-47144MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 1.4 versions.2023-05-25not yet calculatedCVE-2022-47149MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Etison, LLC ClickFunnels plugin <= 3.1.1 versions.2023-05-24not yet calculatedCVE-2022-47152MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Logaster Logaster Logo Generator plugin <= 1.3 versions.2023-05-25not yet calculatedCVE-2022-47159MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in The WordPress.Org community Health Check & Troubleshooting plugin <= 1.5.1 versions.2023-05-25not yet calculatedCVE-2022-47161MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions.2023-05-25not yet calculatedCVE-2022-47164MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions.2023-05-25not yet calculatedCVE-2022-47165MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions.2023-05-25not yet calculatedCVE-2022-47174MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay – Square for WordPress plugin <= 4.1 versions.2023-05-25not yet calculatedCVE-2022-47177MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions.2023-05-25not yet calculatedCVE-2022-47178MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Kopa Theme Kopa Framework plugin <= 1.3.5 versions.2023-05-24not yet calculatedCVE-2022-47180MISC
dataprobe -- iboot_devicesA proprietary protocol for iBoot devices is used for control and keepalive commands. The function compares the username and password; it also contains the configuration data for the user specified. If the user does not exist, then it sends a value for username and password, which allows successful authentication for a connection.2023-05-22not yet calculatedCVE-2022-47311MISCMISC
dataprobe -- iboot_devicesThe iBoot device’s basic discovery protocol assists in initial device configuration. The discovery protocol shows basic information about devices on the network and allows users to perform configuration changes.2023-05-22not yet calculatedCVE-2022-47320MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Viadat Creations Store Locator for WordPress with Google Maps – LotsOfLocales plugin <= 3.98.7 versions.2023-05-24not yet calculatedCVE-2022-47446MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WordPress WP-Advanced-Search plugin <= 3.3.8 versions.2023-05-24not yet calculatedCVE-2022-47447MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in dev.Xiligroup.Com - MS plugin <= 1.12.03 versions.2023-05-24not yet calculatedCVE-2022-47448MISC
hitachi_vantara -- pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. 2023-05-24not yet calculatedCVE-2022-4815MISC
dataprobe -- multiple_productsThe Dataprobe cloud usernames and passwords are stored in plain text in a specific file. Any user able to read this specific file from the device could compromise other devices connected to the user's cloud.2023-05-22not yet calculatedCVE-2022-4945MISCMISC
linux -- kernelCopy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f472023-05-25not yet calculatedCVE-2023-0459MISCMISC
the_document_foundation -- libreofficeImproper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index underflow when loaded. In the affected versions of LibreOffice certain malformed spreadsheet formulas, such as AGGREGATE, could be created with less parameters passed to the formula interpreter than it expected, leading to an array index underflow, in which case there is a risk that arbitrary code could be executed. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.6; 7.5 versions prior to 7.5.1.2023-05-25not yet calculatedCVE-2023-0950MISCDEBIAN
hitachi_vantara -- pentaho_business_analytics_serverHitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. 2023-05-24not yet calculatedCVE-2023-1158MISC
minikube_for_macos -- minikube_for_macosThis vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container.2023-05-24not yet calculatedCVE-2023-1174MISC
servicenow -- servicenowCross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.2023-05-23not yet calculatedCVE-2023-1209MISCMISC
mitsubishi_electric_corporation -- melsec_iq-fBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on a target product by sending specially crafted packets. A system reset of the product is required for recovery from a denial of service (DoS) condition and malicious code execution.2023-05-24not yet calculatedCVE-2023-1424MISCMISCMISCMISC
keycloak -- keycloakA flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of "Cannot validate client certificate trust: Truststore not available". This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use "Revalidate Client Certificate" this flaw is avoidable.2023-05-26not yet calculatedCVE-2023-1664MISC
libssh -- libsshA NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.2023-05-26not yet calculatedCVE-2023-1667MISCMISCMISCFEDORAMLIST
hypr_server -- hypr_serverMissing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 (with enabled Legacy APIs)2023-05-23not yet calculatedCVE-2023-1837MISC
minikube -- minikubeThis vulnerability enables ssh access to minikube container using a default password.2023-05-24not yet calculatedCVE-2023-1944MISC
avahi-- avahiA vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.2023-05-26not yet calculatedCVE-2023-1981MISCMISCMISC
linux -- kernelA vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.2023-05-26not yet calculatedCVE-2023-2002MISC
nsx-t -- nsx-tNSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.2023-05-26not yet calculatedCVE-2023-20868MISC
cloud_foundry_routing_release -- cloud_foundry_routing_releaseIn Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.2023-05-26not yet calculatedCVE-2023-20882MISC
spring_boot -- spring_bootIn Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache.2023-05-26not yet calculatedCVE-2023-20883MISC
samsung_mobile -- galaxy_storeImproper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.2023-05-26not yet calculatedCVE-2023-21514MISC
samsung_mobile -- galaxy_storeInstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.2023-05-26not yet calculatedCVE-2023-21515MISC
samsung_mobile -- galaxy_storeXSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.2023-05-26not yet calculatedCVE-2023-21516MISC
atlassian -- confluence_data_centerAffected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability in the attachments feature.

The affected versions are before version 7.19.9.

This vulnerability was discovered by Rojan Rijal of the Tinder Security Engineering Team.

2023-05-25not yet calculatedCVE-2023-22504MISC
the_document_foundation -- libreofficeImproper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. In the affected versions of LibreOffice documents that used "floating frames" linked to external files, would load the contents of those frames without prompting the user for permission to do so. This was inconsistent with the treatment of other linked content in LibreOffice. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.7; 7.5 versions prior to 7.5.3.2023-05-25not yet calculatedCVE-2023-2255MISCDEBIAN
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_productsClient-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may lead to an arbitrary script execution on a logged-in user's web browser. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).2023-05-23not yet calculatedCVE-2023-22654MISCMISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions.2023-05-26not yet calculatedCVE-2023-22693MISC
libssh -- libsshA vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.2023-05-26not yet calculatedCVE-2023-2283MISCMISCMISCFEDORA
bottles/yaml -- bottles/yamlBottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.2023-05-26not yet calculatedCVE-2023-22970MISCFEDORAFEDORA
garmin -- connect_iqThe `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the underlying bitmap buffer. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23298MISCMISCMISC
garmin -- connect_iqThe permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. A malicious application with specially crafted code and data sections could access restricted CIQ modules, call their functions and disclose sensitive data such as user profile information and GPS coordinates, among others.2023-05-23not yet calculatedCVE-2023-23299MISCMISC
garmin -- connect_iqThe `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23300MISCMISC
garmin -- connect_iqThe `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. A malicious CIQ application could craft a string that starts near the end of a section, and whose length extends past its end. Upon loading the string, the GarminOS TVM component may read out-of-bounds memory.2023-05-23not yet calculatedCVE-2023-23301MISC
garmin -- connect_iqThe `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23302MISCMISC
garmin -- connect_iqThe `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23303MISCMISC
garmin -- connect_iqThe GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. A malicious application could call any functions from the `Toybox.SensorHistory` module without the user's consent and disclose potentially private or sensitive information.2023-05-23not yet calculatedCVE-2023-23304MISCMISC
garmin -- connect_iqThe GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23305MISC
garmin -- connect_iqThe `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.2023-05-23not yet calculatedCVE-2023-23306MISCMISC
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_productsMissing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. data logger products, which may allow a remote unauthenticated attacker to alter the product settings without authentication. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).2023-05-23not yet calculatedCVE-2023-23545MISCMISCMISC
dell -- vxrailDell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. A local high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.2023-05-23not yet calculatedCVE-2023-23693MISC
dell -- vxrailDell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.2023-05-23not yet calculatedCVE-2023-23694MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.2023-05-26not yet calculatedCVE-2023-23714MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions.2023-05-26not yet calculatedCVE-2023-24007MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.2023-05-26not yet calculatedCVE-2023-24008MISC
m-files -- clientMissing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of privilege via UI extension applications2023-05-25not yet calculatedCVE-2023-2480MISC
wordpress -- wordpressThe Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_postdata' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to modify access to the plugin when it should only be the administrator's privilege.2023-05-24not yet calculatedCVE-2023-2494MISCMISC
wordpress -- wordpressThe Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability check on the 'validate_upload' function in versions up to, and including, 3.3.19. This makes it possible for authenticated attackers with a role that the administrator previously granted access to the plugin to upload arbitrary files on the affected site's server which may make remote code execution possible.2023-05-24not yet calculatedCVE-2023-2496MISCMISC
wordpress -- wordpressThe Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.19 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-05-24not yet calculatedCVE-2023-2498MISCMISC
wordpress -- wordpressThe Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.2023-05-25not yet calculatedCVE-2023-2500MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in chuyencode CC Custom Taxonomy plugin <= 1.0.1 versions.2023-05-24not yet calculatedCVE-2023-25028MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions.2023-05-26not yet calculatedCVE-2023-25029MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions.2023-05-26not yet calculatedCVE-2023-25034MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions.2023-05-26not yet calculatedCVE-2023-25038MISC
birddog -- multiple_products

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials.

2023-05-22not yet calculatedCVE-2023-2504MISCMISC
birddog -- multiple_productsThe affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files.2023-05-22not yet calculatedCVE-2023-2505MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.2023-05-26not yet calculatedCVE-2023-25058MISC
snap_one -- ovrc_pro

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device.

2023-05-22not yet calculatedCVE-2023-25183MISCMISC
square_pig_llc -- fusioninvoiceStored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.2023-05-25not yet calculatedCVE-2023-25439MISC
civicrm -- civicrmStored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.2023-05-23not yet calculatedCVE-2023-25440MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.2023-05-26not yet calculatedCVE-2023-25467MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions.2023-05-26not yet calculatedCVE-2023-25470MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions.2023-05-23not yet calculatedCVE-2023-25474MISC
dell -- poweredge_14g_bios/precision_biosDell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. A local attacker with low privileges could potentially exploit this vulnerability leading to exposure of some SMRAM stack/data/code in System Management Mode, leading to arbitrary code execution or escalation of privilege.2023-05-22not yet calculatedCVE-2023-25537MISC
mitel -- mivoice_connectA vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the home.php page. A successful exploit could allow an attacker to execute arbitrary scripts.2023-05-24not yet calculatedCVE-2023-25598MISCMISC
mitel -- mivoice_connectA vulnerability in the conferencing component of Mitel MiVoice Connect through 19.3 SP2 and 20.x, 21.x, and 22.x through 22.24.1500.0 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the test_presenter.php page. A successful exploit could allow an attacker to execute arbitrary scripts.2023-05-24not yet calculatedCVE-2023-25599MISCMISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.2023-05-26not yet calculatedCVE-2023-25781MISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. If the user has not disabled the "RMS management feature" enabled by default, then an attacker could register that device to themselves. This could enable the attacker to perform different operations on the user's devices, including remote code execution with 'root' privileges (using the 'Task Manager' feature on RMS).2023-05-22not yet calculatedCVE-2023-2586MISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. A user can request a web proxy and obtain a URL in the Remote Management System cloud subdomain. This URL could be shared with others without Remote Management System authentication . An attacker could exploit this vulnerability to create a malicious webpage that uses a trusted and certified domain. An attacker could initiate a reverse shell when a victim connects to the malicious webpage, achieving remote code execution on the victim device.2023-05-22not yet calculatedCVE-2023-2588MISC
qrio,_inc. -- qrio_lock_(q-sl2)Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions.2023-05-23not yet calculatedCVE-2023-25946MISCMISC
works_mobile_japan_corp. -- drive_explorer_for_macosCode injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.2023-05-23not yet calculatedCVE-2023-25953MISCMISC
eclipse -- openj9In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the buffer.2023-05-22not yet calculatedCVE-2023-2597CONFIRM
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions.2023-05-26not yet calculatedCVE-2023-25971MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.2023-05-26not yet calculatedCVE-2023-25976MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions.2023-05-23not yet calculatedCVE-2023-26011MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability.2023-05-23not yet calculatedCVE-2023-26014MISC
n158 -- n158All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27not yet calculatedCVE-2023-26127MISCMISC
keep-module-latest -- keep-module-latestAll versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27not yet calculatedCVE-2023-26128MISCMISC
bmw-ng -- bmw-ngAll versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file.

**Note:**

To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.

2023-05-27not yet calculatedCVE-2023-26129MISC
tibco_software_inc. -- tibco_ebxThe server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.2023-05-25not yet calculatedCVE-2023-26215MISC
tibco_software_inc. -- tibco_ebxThe server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below.2023-05-25not yet calculatedCVE-2023-26216MISC
cybozu,_inc. -- cybozu_garoonDenial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition.2023-05-23not yet calculatedCVE-2023-26595MISCMISC
sitecore -- experience_platform/sitecore_xpDeserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx.2023-05-23not yet calculatedCVE-2023-27068MISCMISCMISC
cybozu,_inc. -- cybozu_garoonOperation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin.2023-05-23not yet calculatedCVE-2023-27304MISCMISC
netapp -- bluexp_connectorNetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue - obtaining the fix requires redeploying a fresh Connector.2023-05-26not yet calculatedCVE-2023-27311MISC
wordpress -- wordpressThe MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.2023-05-25not yet calculatedCVE-2023-2732MISCMISCMISC
wordpress -- wordpressThe MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.2023-05-25not yet calculatedCVE-2023-2733MISCMISCMISC
wordpress -- wordpressThe MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. This is due to insufficient verification on the user being supplied during the cart sync from mobile REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.2023-05-25not yet calculatedCVE-2023-2734MISCMISCMISC
cybozu,_inc. -- cybozu_garoonOperation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport.2023-05-23not yet calculatedCVE-2023-27384MISCMISC
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_productsCross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to conduct an arbitrary operation by having a logged-in user view a malicious page. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).2023-05-23not yet calculatedCVE-2023-27387MISCMISCMISC
t&d_corporation_and_espec_mic_corp. -- t&d_corporation_and_espec_mic_corp._data_logger_productsImproper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. data logger products allows a remote unauthenticated attacker to login to the product as a registered user. Affected products and versions are as follows: T&D Corporation data logger products (TR-71W/72W all firmware versions, RTR-5W all firmware versions, WDR-7 all firmware versions, WDR-3 all firmware versions, and WS-2 all firmware versions), and ESPEC MIC CORP. data logger products (RT-12N/RS-12N all firmware versions, RT-22BN all firmware versions, and TEU-12N all firmware versions).2023-05-23not yet calculatedCVE-2023-27388MISCMISCMISC
microengine -- mailformUnrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.2023-05-23not yet calculatedCVE-2023-27397MISCMISC
microengine -- mailformMicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the product's file upload function and server save option are enabled, a remote attacker may save an arbitrary file on the server and execute it.2023-05-23not yet calculatedCVE-2023-27507MISCMISC
contec_co_ltd. -- solarview_compact_sv-cpt-mc310Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.2023-05-23not yet calculatedCVE-2023-27512MISCMISCMISC
contec_co_ltd. -- solarview_compact_sv-cpt-mc310OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.2023-05-23not yet calculatedCVE-2023-27514MISCMISCMISC
contec_co_ltd. -- solarview_compact_sv-cpt-mc310Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.2023-05-23not yet calculatedCVE-2023-27518MISCMISCMISC
contec_co_ltd. -- solarview_compact_sv-cpt-mc310OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.2023-05-23not yet calculatedCVE-2023-27521MISCMISCMISC
wacom -- wacom_tablet_driver_installerWacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. When a user is tricked to execute a small malicious script before executing the affected version of the installer, arbitrary code may be executed with the root privilege.2023-05-25not yet calculatedCVE-2023-27529MISCMISC
contec_co_ltd. -- solarview_compact_sv-cpt-mc310Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.2023-05-23not yet calculatedCVE-2023-27920MISCMISCMISC
jins -- meme_coreJINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent attacker.2023-05-23not yet calculatedCVE-2023-27921MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script.2023-05-23not yet calculatedCVE-2023-27922MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.2023-05-23not yet calculatedCVE-2023-27923MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.2023-05-23not yet calculatedCVE-2023-27925MISCMISC
wordpress -- wordpressCross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.2023-05-23not yet calculatedCVE-2023-27926MISCMISC
htmlunit -- htmlunitThose using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). If HtmlUnit is running on user supplied web pages, an attacker may supply content that causes HtmlUnit to crash by a stack overflow. This effect may support a denial of service attack.This issue affects htmlunit before 2.70.0.2023-05-25not yet calculatedCVE-2023-2798MISCMISC
hclsoftware -- domino_appdeck_packThe HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability.   During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not.  The attacker could use this information to focus a brute force attack on valid users.2023-05-23not yet calculatedCVE-2023-28015MISC
libjpeg-turbo -- libjpeg-turboA heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could craft a 12-bit lossless JPEG image that contains out-of-range 12-bit samples. An application attempting to decompress such image using merged upsampling would lead to segmentation fault or buffer overflows, causing an application to crash.2023-05-25not yet calculatedCVE-2023-2804MISCMISCMISCMISCMISC
craft_cms -- craft_cmsA post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.2023-05-26not yet calculatedCVE-2023-2817MISCMISC
curl/curl -- libcurlA use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.2023-05-26not yet calculatedCVE-2023-28319MISC
curl/curl -- libcurlA denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.2023-05-26not yet calculatedCVE-2023-28320MISC
curl/curl -- libcurlAn improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.2023-05-26not yet calculatedCVE-2023-28321MISC
curl/curl -- libcurlAn information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.2023-05-26not yet calculatedCVE-2023-28322MISC
wordpress -- wordpressCross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script.2023-05-23not yet calculatedCVE-2023-28367MISCMISC
tornadoweb -- tornadoOpen redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user access a specially crafted URL.2023-05-25not yet calculatedCVE-2023-28370MISCMISC
encourage_technologies_co.,ltd. -- ess_rec_agent_server_edition_seriesDirectory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.12023-05-26not yet calculatedCVE-2023-28382MISCMISC
icom_inc. -- sr-7100vnPrivilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of the affected product to obtain an administrative privilege of the OS (Operating System). As a result, an arbitrary OS command may be executed.2023-05-23not yet calculatedCVE-2023-28390MISCMISC
inaba_denki_sangyo_co.,_ltd. -- wi-fi_ap_unitWi-Fi AP UNIT AC-WAPU-300 v1.00_B07 and earlier, AC-WAPU-300-P v1.00_B08P and earlier, AC-WAPUM-300 v1.00_B07 and earlier, and AC-WAPUM-300-P v1.00_B08P and earlier allow a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command.2023-05-23not yet calculatedCVE-2023-28392MISCMISC
beekeeper_studio,_inc. -- beekeeper_studioBeekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.2023-05-23not yet calculatedCVE-2023-28394MISCMISCMISC
wordpress -- wordpressDirectory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain sensitive information depending on settings.2023-05-23not yet calculatedCVE-2023-28408MISCMISC
wordpress -- wordpressUnrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file.2023-05-23not yet calculatedCVE-2023-28409MISCMISC
snap_one -- ovrc_pro

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information.

2023-05-22not yet calculatedCVE-2023-28412MISCMISC
wordpress -- wordpressDirectory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a denial-of-service (DoS) condition.2023-05-23not yet calculatedCVE-2023-28413MISCMISC
cloudexplorer-dev -- cloudexplorer-dev/cloudexplorer-liteMissing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.2023-05-23not yet calculatedCVE-2023-2844CONFIRMMISC
cloudexplorer-dev -- cloudexplorer-dev/cloudexplorer-liteImproper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.2023-05-23not yet calculatedCVE-2023-2845CONFIRMMISC
nilsteampassnet -- nilsteampassnet/teampassCode Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9.2023-05-24not yet calculatedCVE-2023-2859CONFIRMMISC
siteserver -- cmsA vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Affected is an unknown function of the file /api/stl/actions/search. The manipulation of the argument ajaxDivId leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-229818 is the identifier assigned to this vulnerability.2023-05-24not yet calculatedCVE-2023-2862MISCMISCMISC
simple_design -- daily_journalA vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Affected by this vulnerability is an unknown functionality of the component SQLite Database. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229819.2023-05-24not yet calculatedCVE-2023-2863MISCMISCMISC
snap_one -- ovrc_proThe Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user.2023-05-22not yet calculatedCVE-2023-28649MISCMISC
barracuda_networks -- email_security_gatewayA remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file (tape archives). The vulnerability stems from incomplete input validation of a user-supplied .tar file as it pertains to the names of the files contained within the archive. As a consequence, a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl's qx operator with the privileges of the Email Security Gateway product. This issue was fixed as part of BNSF-36456 patch. This patch was automatically applied to all customer appliances.2023-05-24not yet calculatedCVE-2023-2868MISCMISC
entech -- monitor_asset_managerA vulnerability was found in EnTech Monitor Asset Manager 2.9. It has been declared as problematic. Affected by this vulnerability is the function 0x80002014 of the component IoControlCode Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier VDB-229849 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2870MISCMISCMISCMISC
fabulatech -- usb_for_remote_desktopA vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. It has been rated as problematic. Affected by this issue is the function 0x220448/0x220420/0x22040c/0x220408 of the component IoControlCode Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. VDB-229850 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2871MISCMISCMISCMISC
flexihub -- flexihubA vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. This affects the function 0x220088 in the library fusbhub.sys of the component IoControlCode Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229851. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2872MISCMISCMISCMISC
twister -- antivirusA vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229852. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2873MISCMISCMISCMISC
twister -- antivirusA vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The identifier VDB-229853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2874MISCMISCMISCMISC
escan -- antivirusA vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Affected is the function 0x22E008u in the library PROCOBSRVESX.SYS of the component IoControlCode Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-229854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-24not yet calculatedCVE-2023-2875MISCMISCMISCMISC
pimcore -- pimcore/customer-data-frameworkStoring Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10.2023-05-25not yet calculatedCVE-2023-2881CONFIRMMISC
phpok -- phpokA vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. This affects an unknown part of the file /admin.php?c=upload&f=zip&_noCache=0.1683794968. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-229953 was assigned to this vulnerability.2023-05-25not yet calculatedCVE-2023-2888MISCMISCMISC
linux -- kernelThere is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.2023-05-26not yet calculatedCVE-2023-2898MISC
nfine -- rapid_development_platformA vulnerability was found in NFine Rapid Development Platform 20230511. It has been classified as problematic. Affected is an unknown function of the file /Login/CheckLogin. The manipulation leads to use of weak hash. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-229974 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-25not yet calculatedCVE-2023-2900MISCMISCMISC
nfine -- rapid_development_platformA vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-25not yet calculatedCVE-2023-2901MISCMISCMISC
nfine -- rapid_development_platformA vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-25not yet calculatedCVE-2023-2902MISCMISCMISC
nfine -- rapid_development_platformA vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-25not yet calculatedCVE-2023-2903MISCMISCMISC
artistscope -- copysafe_pdf_readerUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions.2023-05-26not yet calculatedCVE-2023-29098MISC
sourcecodester -- comment_systemA vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.2023-05-27not yet calculatedCVE-2023-2922MISCMISCMISC
tenda -- ac6A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-27not yet calculatedCVE-2023-2923MISCMISCMISC
supcon -- simfieldA vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-27not yet calculatedCVE-2023-2924MISCMISCMISC
webkul -- krayin_crmA vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-05-27not yet calculatedCVE-2023-2925MISCMISCMISC
seacms -- seacmsA vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability.2023-05-27not yet calculatedCVE-2023-2926MISCMISCMISC
jizhicms -- jizhicmsA vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.2023-05-27not yet calculatedCVE-2023-2927MISCMISCMISC
dedecms -- dedecmsA vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.2023-05-27not yet calculatedCVE-2023-2928MISCMISCMISC
openemr -- openemr/openemrImproper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2942MISCCONFIRM
openemr -- openemr/openemrCode Injection in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2943MISCCONFIRM
openemr -- openemr/openemrImproper Access Control in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2944MISCCONFIRM
openemr -- openemr/openemrMissing Authorization in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2945CONFIRMMISC
openemr -- openemr/openemrImproper Access Control in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2946CONFIRMMISC
openemr -- openemr/openemrCross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.2023-05-27not yet calculatedCVE-2023-2947MISCCONFIRM
sofawiki_cms -- sofawiki_cmsSofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution.2023-05-24not yet calculatedCVE-2023-29721MISCMISC
contec_co_ltd. -- solarview_compactSolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted.2023-05-23not yet calculatedCVE-2023-29919MISCMISC
camaleon_cms -- camaleon_cmsCamaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.2023-05-26not yet calculatedCVE-2023-30145MISCMISCMISCMISCMISC
valve -- half-lifeA buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.2023-05-23not yet calculatedCVE-2023-30382MISC
ibm -- powervm_hypervisorIBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker with control a partition that has been assigned SRIOV virtual function (VF) to cause a denial of service to a peer partition or arbitrary data corruption. IBM X-Force ID: 253175.2023-05-23not yet calculatedCVE-2023-30440MISCMISC
hitachi -- ops_center_analyzierCross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.This issue affects Hitachi Ops Center Analyzer: from 10.9.1-00 before 10.9.2-00.2023-05-23not yet calculatedCVE-2023-30469MISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions.2023-05-25not yet calculatedCVE-2023-30484MISC
iris_software_inc. -- irisIris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations . The vulnerability in allows an attacker to inject malicious scripts into the application, which are then executed when a user visits the affected locations. This can lead to unauthorized access, data theft, or other malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue was patched in version 2.2.1 of iris-web.2023-05-25not yet calculatedCVE-2023-30615MISCMISC
cilium -- ciliumCilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2.2023-05-25not yet calculatedCVE-2023-30851MISCMISCMISCMISC
oracle -- apache_inlongWeak Password Requirements vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.6.0. 

When users change their password to a simple password (with any character or
symbol), attackers can easily guess the user's password and access the account.

Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick https://github.com/apache/inlong/pull/7805 https://github.com/apache/inlong/pull/7805 to solve it.

2023-05-22not yet calculatedCVE-2023-31098MISC
c-ares -- c-aresc-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.2023-05-25not yet calculatedCVE-2023-31124MISCMISCMISCMISC
nextcloud -- cookbookNextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch, the `pull-checks.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. This issue is fixed in commit a46d9855 on the `master` branch and commit 489bb744 on the `main-0.9.x` branch. There is no risk for the user of the app within the NextCloud server. This only affects the main repository and possible forks of it. Those who have forked the NextCloud Cookbook repository should make sure their forks are on the latest version to prevent code injection attacks and similar.2023-05-26not yet calculatedCVE-2023-31128MISCMISCMISCMISCMISC
c-ares -- c-aresc-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.2023-05-25not yet calculatedCVE-2023-31130MISCMISCMISCMISC
c-ares -- c-aresc-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.2023-05-25not yet calculatedCVE-2023-31147MISCMISCMISCMISC
snap_one -- ovrc_pro

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Because they do not use HTTPS, OvrC Pro devices are susceptible to exploitation.

2023-05-22not yet calculatedCVE-2023-31193MISCMISC
oracle -- apache_inlongExposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.

[1] https://cveprocess.apache.org/cve5/[1]%C2%A0https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891 https://github.com/apache/inlong/pull/7891

2023-05-22not yet calculatedCVE-2023-31206MISC
huawei -- harmonyosThe Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.2023-05-26not yet calculatedCVE-2023-31225MISC
huawei -- harmonyosThe SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affect confidentiality.2023-05-26not yet calculatedCVE-2023-31226MISC
huawei -- harmonyosThe hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality.2023-05-26not yet calculatedCVE-2023-31227MISC
snap_one -- ovrc_pro

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. OvrC cloud contains a hidden superuser account accessible through hard-coded credentials.

2023-05-22not yet calculatedCVE-2023-31240MISCMISC
snap_one -- ovrc_pro

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright.

2023-05-22not yet calculatedCVE-2023-31241MISC
snap_one -- ovrc_pro

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Attackers could impersonate a device and supply malicious information about the device’s web server interface. By supplying malicious parameters, an attacker could redirect the user to arbitrary and dangerous locations on the web.

2023-05-22not yet calculatedCVE-2023-31245MISCMISC
mitel -- mivoice_connectA vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to execute arbitrary scripts due to improper access control.2023-05-24not yet calculatedCVE-2023-31457MISCMISC
mitel -- mivoice_connectA vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.2023-05-24not yet calculatedCVE-2023-31458MISCMISC
mitel -- mivoice_connectA vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to authenticate with administrative privileges, because the initial installation does not enforce a password change. A successful exploit could allow an attacker to make arbitrary configuration changes and execute arbitrary commands.2023-05-24not yet calculatedCVE-2023-31459MISCMISC
mitel -- mivoice_connectA vulnerability in the Connect Mobility Router component of MiVoice Connect versions 9.6.2208.101 and earlier could allow an authenticated attacker with internal network access to conduct a command injection attack due to insufficient restriction on URL parameters.2023-05-24not yet calculatedCVE-2023-31460MISCMISC
teeworlds -- teeworldsTeeworlds v0.7.5 was discovered to contain memory leaks.2023-05-23not yet calculatedCVE-2023-31517MISCMISC
teeworlds -- teeworldsA heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file.2023-05-23not yet calculatedCVE-2023-31518MISCMISCMISC
ic_realtime -- icip-p2012tIC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network.2023-05-25not yet calculatedCVE-2023-31594MISCMISC
ic_realtime -- icip-p2012tIC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access.2023-05-24not yet calculatedCVE-2023-31595MISCMISC
wso2 -- api_managerA reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.2023-05-23not yet calculatedCVE-2023-31664CONFIRMCONFIRMMISC
webassembly -- wat2wasmWebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").2023-05-23not yet calculatedCVE-2023-31669MISC
webassembly -- webassemblyAn issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.2023-05-23not yet calculatedCVE-2023-31670MISC
alist_3.15.1 -- alist_3.15.1AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information.2023-05-23not yet calculatedCVE-2023-31726MISCMISC
linksys -- e2000There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters WL_atten_bb, WL_atten_radio, and WL_atten_ctl in the apply.cgi interface, thereby gaining shell privileges.2023-05-23not yet calculatedCVE-2023-31740MISCMISC
linksys -- e2000There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.2023-05-23not yet calculatedCVE-2023-31741MISCMISC
linksys -- wrt54glThere is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.2023-05-22not yet calculatedCVE-2023-31742MISCMISC
wondershare -- filmora_12Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. This vulnerability allows attackers to launch processes with elevated privileges.2023-05-23not yet calculatedCVE-2023-31747MISCMISCMISC
wondershare -- mobiletransInsecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.2023-05-24not yet calculatedCVE-2023-31748MISCMISC
sourcecodester -- employee_and_visitor_gate_pass_logging_systemSourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php.2023-05-23not yet calculatedCVE-2023-31752MISC
kerui -- w18_alarm_systemWeak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack.2023-05-24not yet calculatedCVE-2023-31759MISC
blitzwolf -- bw-is22_smart_home_security_alarmWeak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.2023-05-24not yet calculatedCVE-2023-31761MISC
digoo -- dg-hamb_smart_home_security_systemWeak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack.2023-05-24not yet calculatedCVE-2023-31762MISC
agshome -- smart_alarmWeak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack.2023-05-24not yet calculatedCVE-2023-31763MISC
wekan -- wekanWekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.2023-05-22not yet calculatedCVE-2023-31779MISCMISC
d-link -- dir-300D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php.2023-05-23not yet calculatedCVE-2023-31814MISCMISC
it_sourcecode -- content_management_system IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php.2023-05-22not yet calculatedCVE-2023-31816MISC
skyscreamer/nevado -- skyscreamer/nevadoSkyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. This allows attackers to execute arbitrary commands via supplying crafted data.2023-05-23not yet calculatedCVE-2023-31826MISCMISCMISCMISC
wuzhi_cms -- wuzhi_cmsWuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system.2023-05-23not yet calculatedCVE-2023-31860MISC
zlmediakit -- zlmediakitZLMediaKit 4.0 is vulnerable to Directory Traversal.2023-05-25not yet calculatedCVE-2023-31861MISCMISC
suprema_inc. -- biostar_2Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be exploited to gain full administrator privileges on the system.2023-05-22not yet calculatedCVE-2023-31923MISC
hanwha -- multiple_productsCertain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02.2023-05-23not yet calculatedCVE-2023-31994MISCMISC
hanwha -- ip_camera_ane-l7012rHanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS).2023-05-23not yet calculatedCVE-2023-31995MISC
hanwha -- ip_camera_ane-l7012rHanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function.2023-05-23not yet calculatedCVE-2023-31996MISCMISC
c-ares -- c-aresc-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.2023-05-25not yet calculatedCVE-2023-32067MISCMISCMISCMISC
nextcloud -- user_oidc_appuser_oidc app is an OpenID Connect user backend for Nextcloud. Authentication can be broken/bypassed in user_oidc app. It is recommended that the Nextcloud user_oidc app is upgraded to 1.3.22023-05-25not yet calculatedCVE-2023-32074MISCMISCMISC
sofia-sip -- sofia-sipSofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification.
Referring to [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54](https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.
2023-05-26not yet calculatedCVE-2023-32307MISC
cloudexplorer_lite -- cloudexplorer_liteCloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.2023-05-26not yet calculatedCVE-2023-32311MISC
openfire -- openfireOpenfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.2023-05-26not yet calculatedCVE-2023-32315MISC
cloudexplorer_lite -- cloudexplorer_liteCloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.2023-05-26not yet calculatedCVE-2023-32316MISC
autolab_project -- autolab_projectAutolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both "Base File Tar" and "Additional file archive" can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.2023-05-26not yet calculatedCVE-2023-32317MISCMISC
nextcloud -- nextcloud_serverNextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.2023-05-26not yet calculatedCVE-2023-32318MISCMISC
nextcloud -- nextcloud_serverNextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-26not yet calculatedCVE-2023-32319MISCMISC
ckan -- ckanCKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues.2023-05-26not yet calculatedCVE-2023-32321MISC
matrix-org -- synapseSynapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.2023-05-26not yet calculatedCVE-2023-32323MISCMISCMISC
posthog-js -- posthog-jsPostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.2023-05-27not yet calculatedCVE-2023-32325MISCMISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System.2023-05-22not yet calculatedCVE-2023-32346MISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device perspective for authentication. If an attacker obtained the serial number and MAC address of a device, they could authenticate as that device and steal communication credentials of the device. This could allow an attacker to enable arbitrary command execution as root by utilizing management options within the newly registered devices.2023-05-22not yet calculatedCVE-2023-32347MISC
teltonika -- remote_management_systemTeltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. It connects new devices in a manner that allows the new device to communicate with all Teltonika devices connected to the VPN. The OpenVPN server also allows users to route through it. An attacker could route a connection to a remote server through the OpenVPN server, enabling them to scan and access data from other Teltonika devices connected to the VPN.2023-05-22not yet calculatedCVE-2023-32348MISC
teltonika -- rutVersions 00.07.00 through 00.07.03.4 of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. However, variables for validation checks are stored in an external configuration file. An authenticated attacker could use an exposed UCI configuration utility to change these variables and enable malicious parameters in the dump utility, which could result in arbitrary code execution.2023-05-22not yet calculatedCVE-2023-32349MISC
teltonika -- rutVersions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. An attacker could exploit a parameter in the vulnerable function that calls a user-provided package name by instead providing a package with a malicious name that contains an OS command injection payload.2023-05-22not yet calculatedCVE-2023-32350MISC
autolab_project -- autolab_projectAutolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Using the install assessment functionality an attacker can feed a Tar file that contain files with paths pointing outside of the target directory (e.g., `../../../../tmp/tarslipped1.sh`). When the Install assessment form is submitted the files inside of the archives are expanded to the attacker-chosen locations. This issue has been addressed in version 2.11.0. Users are advised to upgrade.2023-05-26not yet calculatedCVE-2023-32676MISCMISC
psf/requests -- psf/requestsRequests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.2023-05-26not yet calculatedCVE-2023-32681MISCMISCMISCMISC
kiwi_tcms -- kiwi_tcmsKiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3.2023-05-27not yet calculatedCVE-2023-32686MISCMISC
parse-server-push-adapter -- parse-server-push-adapterparse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.2023-05-27not yet calculatedCVE-2023-32688MISCMISCMISC
saleor -- coreSaleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16.2023-05-25not yet calculatedCVE-2023-32694MISCMISC
socket.io -- socket.iosocket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.2023-05-27not yet calculatedCVE-2023-32695MISCMISCMISCMISC
sqlite -- jdbcSQLite JDBC is a library for accessing and creating SQLite database files in Java. Sqlite-jdbc addresses a remote code execution vulnerability via JDBC URL. This issue impacting versions 3.6.14.1 through 3.41.2.1 and has been fixed in version 3.41.2.2.2023-05-23not yet calculatedCVE-2023-32697MISCMISC
wordpress -- wordpressCross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.2023-05-26not yet calculatedCVE-2023-32964MISC
zyxel -- atp_seriesA buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.2023-05-24not yet calculatedCVE-2023-33009CONFIRM
zyxel -- atp_seriesA buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.2023-05-24not yet calculatedCVE-2023-33010CONFIRM
nextcloud -- nextcloud_mailNextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.2023-05-27not yet calculatedCVE-2023-33184MISCMISCMISC
django -- django-sesDjango-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.2023-05-26not yet calculatedCVE-2023-33185MISCMISCMISC
highlight.io -- highlight.ioHighlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `type="password"` inputs. A customer may assume that switching to `type="text"` would also not record this input; hence, they would not add additional `highlight-mask` css-class obfuscation to this part of the DOM, resulting in unintentional recording of a password value when a `Show Password` button is used. This issue was patched in version 6.0.0.
This patch tracks changes to the `type` attribute of an input to ensure an input that used to be a `type="password"` continues to be obfuscated.
2023-05-26not yet calculatedCVE-2023-33187MISCMISC
omni-notes -- omni-notesOmni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.2023-05-27not yet calculatedCVE-2023-33188MISC
rust -- ntpd-rsntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3.2023-05-27not yet calculatedCVE-2023-33192MISCMISC
craft_cms -- craft_cmsCraft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.2023-05-26not yet calculatedCVE-2023-33194MISCMISCMISC
craft_cms -- craft_cmsCraft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.2023-05-27not yet calculatedCVE-2023-33195MISCMISC
craft_cms -- craft_cmsCraft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.2023-05-26not yet calculatedCVE-2023-33196MISCMISCMISC
craft_cms -- craft_cmsCraft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.2023-05-26not yet calculatedCVE-2023-33197MISCMISCMISC
rekor -- rekorRekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability.2023-05-26not yet calculatedCVE-2023-33199MISCMISC
moxa -- mxsecurityMXsecurity version 1.0 is vulnearble to command injection vulnerability. This vulnerability has been reported in the SSH CLI program, which can be exploited by attackers who have gained authorization privileges. The attackers can break out of the restricted shell and subsequently execute arbitrary code.2023-05-22not yet calculatedCVE-2023-33235MISC
moxa -- mxsecurityMXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. This vulnerability has been reported that can be exploited to craft arbitrary JWT tokens and subsequently bypass authentication for web-based APIs.2023-05-22not yet calculatedCVE-2023-33236MISC
oracle -- apache_rocketmqFor RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. 

Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. 

To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .

2023-05-24not yet calculatedCVE-2023-33246MISC
talend -- data_catalogTalend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)2023-05-26not yet calculatedCVE-2023-33247MISC
amazon -- alexaAmazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful.2023-05-24not yet calculatedCVE-2023-33248MISCMISCMISCMISCMISCMISC
akka_http -- akka_httpWhen Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946.2023-05-21not yet calculatedCVE-2023-33251CONFIRM
iden3_snarkjs -- iden3_snarkjsiden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.2023-05-21not yet calculatedCVE-2023-33252MISCMISC
papaya_viewer -- papaya_viewerAn issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application2023-05-26not yet calculatedCVE-2023-33255MISCMISC
softonic -- wftpd_serverIn WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. NOTE: this is a product from 2006.2023-05-25not yet calculatedCVE-2023-33263MISC
prestashop -- prestashopIn the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.2023-05-25not yet calculatedCVE-2023-33278MISCMISC
prestashop -- prestashopIn the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.2023-05-25not yet calculatedCVE-2023-33279MISC
prestashop -- prestashopIn the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.2023-05-25not yet calculatedCVE-2023-33280MISCMISC
qt-project -- qtAn issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server.2023-05-22not yet calculatedCVE-2023-33285MISC
kaios -- kaiosAn issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on *.localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read the manifest.webmanifest contents, including the app version.2023-05-22not yet calculatedCVE-2023-33293MISC
kaios -- kaiosAn issue was discovered in KaiOS 3.0 before 3.1. The /system/bin/tctweb_server binary exposes a local web server that responds to GET and POST requests on port 2929. The server accepts arbitrary Bash commands and executes them as root. Because it is not permission or context restricted and returns proper CORS headers, it's accessible to all websites via the browser. At a bare minimum, this allows an attacker to retrieve a list of the user's installed apps, notifications, and downloads. It also allows an attacker to delete local files and modify system properties including the boolean persist.moz.killswitch property (which would render the device inoperable). This vulnerability is partially mitigated by SELinux which prevents reads, writes, or modifications to files or permissions within protected partitions.2023-05-22not yet calculatedCVE-2023-33294MISC
bitcoin_core -- bitcoin_coreBitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023.2023-05-22not yet calculatedCVE-2023-33297MISCMISCMISCMISCMISC
piwigo -- piwigoPiwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.2023-05-23not yet calculatedCVE-2023-33359MISC
piwigo -- piwigoPiwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php.2023-05-23not yet calculatedCVE-2023-33361MISC
piwigo -- piwigoPiwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function.2023-05-23not yet calculatedCVE-2023-33362MISC
skycaiji -- skycaijiskycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.2023-05-26not yet calculatedCVE-2023-33394MISC
easyimages2.0 -- easyimages2.0EasyImages2.0 ? 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php.2023-05-23not yet calculatedCVE-2023-33599MISC
parks -- fiberlinks_210An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter.2023-05-23not yet calculatedCVE-2023-33617MISC
mp4v2 -- mp4v2mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.2023-05-26not yet calculatedCVE-2023-33720MISC
mipjz -- mipjzA stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at /index.php?s=/article/ApiAdminArticle/itemAdd.2023-05-25not yet calculatedCVE-2023-33750MISC
mipjz -- mipjzA stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at /app/tag/controller/ApiAdminTagCategory.php.2023-05-25not yet calculatedCVE-2023-33751MISC
xxl-job -- xxl-jobA lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.2023-05-26not yet calculatedCVE-2023-33779MISCMISCMISC
tfdi_design -- smartcarsA stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.2023-05-26not yet calculatedCVE-2023-33780MISC
cloudogu_gmbh_scm_manager -- cloudogu_gmbh_scm_managerA stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field.2023-05-24not yet calculatedCVE-2023-33829MISCMISCMISC
liferay -- portal/dxpStored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.2023-05-24not yet calculatedCVE-2023-33937MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.2023-05-24not yet calculatedCVE-2023-33938MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.2023-05-24not yet calculatedCVE-2023-33939MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.2023-05-24not yet calculatedCVE-2023-33940MISC
liferay -- portal/dxpMultiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.2023-05-24not yet calculatedCVE-2023-33941MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.2023-05-24not yet calculatedCVE-2023-33942MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.2023-05-24not yet calculatedCVE-2023-33943MISC
liferay -- portal/dxpCross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.2023-05-24not yet calculatedCVE-2023-33944MISC
liferay -- portal/dxpSQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is only exploitable when chained with other attacks. To exploit this vulnerability, the attacker must modify the database and wait for the application to be upgraded.2023-05-24not yet calculatedCVE-2023-33945MISC
liferay -- portal/dxpThe Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual instance via OAuth 2 scope administration page.2023-05-24not yet calculatedCVE-2023-33946MISC
liferay -- portal/dxpThe Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.2023-05-24not yet calculatedCVE-2023-33947MISC
liferay -- portal/dxpThe Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL.2023-05-24not yet calculatedCVE-2023-33948MISC
liferay -- portal/dxpIn Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true.2023-05-24not yet calculatedCVE-2023-33949MISC
liferay -- portal/dxpPattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.2023-05-24not yet calculatedCVE-2023-33950MISC
briar_project -- briarBramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact.2023-05-24not yet calculatedCVE-2023-33980MISCMISC
briar_project -- briarBriar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one.2023-05-24not yet calculatedCVE-2023-33981MISCMISC
briar_project -- briarBramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol.2023-05-24not yet calculatedCVE-2023-33982MISCMISC
briar_project -- briarThe Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties.2023-05-24not yet calculatedCVE-2023-33983MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.