Vulnerability Summary for the Week of August 7, 2023

Released
Aug 14, 2023
Document ID
SB23-226

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.2023-08-089.9CVE-2023-3572
MISC
qualcomm_inc. -- snapdragonMemory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.2023-08-089.8CVE-2022-40510
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Elevation of Privilege Vulnerability2023-08-089.8CVE-2023-21709
MISC
joomla -- joomlaImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.2023-08-079.8CVE-2023-23757
MISC
joomla -- joomlaImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.2023-08-079.8CVE-2023-23758
MISC
qualcomm_inc. -- snapdragonMemory corruption in QESL while processing payload from external ESL device to firmware.2023-08-089.8CVE-2023-28561
MISC
pyrocms -- pyrocmsPyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.2023-08-049.8CVE-2023-29689
MISC
MISC
pega -- pega_platformPega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials2023-08-079.8CVE-2023-32090
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the HL7 sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.2023-08-099.8CVE-2023-32781
MISC
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760. Due to command-line parameter injection and an undocumented debug feature flag, an attacker can utilize the DICOM sensor to write arbitrary data to the disk. This can be utilized to write a custom EXE(.bat) sensor, that will then run. This primitive gives remote code execution.2023-08-099.8CVE-2023-32782
MISC
MISC
assaabloy -- control_id_idsecureA SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.2023-08-059.8CVE-2023-33367
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.2023-08-049.8CVE-2023-33372
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.2023-08-049.8CVE-2023-33373
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.2023-08-049.8CVE-2023-33374
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices.2023-08-049.8CVE-2023-33375
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-049.8CVE-2023-33376
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-049.8CVE-2023-33377
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.2023-08-049.8CVE-2023-33378
MISC
MISC
connected_io -- connected_ioConnected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.2023-08-049.8CVE-2023-33379
MISC
MISC
ai-dev -- ai-tableai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.2023-08-049.8CVE-2023-33665
MISC
MISC
a2technology -- camera_trap_tracking_systemImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.2023-08-089.8CVE-2023-3386
MISC
joomla -- joomlaImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.2023-08-079.8CVE-2023-34476
MISC
joomla -- joomlaImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.2023-08-079.8CVE-2023-34477
MISC
wordpress -- wordpressThe Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.2023-08-129.8CVE-2023-3452
MISC
MISC
MISC
cszcms-- cszcmsA SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.2023-08-099.8CVE-2023-34545
MISC
MISC
a2technology -- license_portal_systemImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.2023-08-089.8CVE-2023-3522
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-08-089.8CVE-2023-35385
MISC
langchain -- langchainAn issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.2023-08-059.8CVE-2023-36095
MISC
MISC
MISC
phpjabbers -- class_scheduling_systemIn PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.2023-08-049.8CVE-2023-36134
MISC
MISC
phpjabbers -- document_creatorThere is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.2023-08-109.8CVE-2023-36311
MISC
MISC
aerospike -- aerospike_java_clientThe Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.2023-08-049.8CVE-2023-36480
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
digital_ant -- e-commerce_software
 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 11.2023-08-089.8CVE-2023-3651
MISC
zoom -- zoom_for_windowsPath traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.2023-08-089.8CVE-2023-36534
MISC
microsoft -- windows_server_2008Windows System Assessment Tool Elevation of Privilege Vulnerability2023-08-089.8CVE-2023-36903
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-08-089.8CVE-2023-36910
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Remote Code Execution Vulnerability2023-08-089.8CVE-2023-36911
MISC
oduyo -- online_collectionImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection. This issue affects Online Collection Software: before 1.0.1.2023-08-089.8CVE-2023-3716
MISC
farmakom -- remote_administration_consoleImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection. This issue affects Remote Administration Console: before 1.02.2023-08-089.8CVE-2023-3717
MISC
siemens -- ruggedcom_crossbowA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.2023-08-089.8CVE-2023-37372
MISC
metabase -- metabaseMetabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.2023-08-049.8CVE-2023-37470
MISC
sap -- powerdesignerSAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.2023-08-089.8CVE-2023-37483
MISC
MISC
sourcecodester -- judging_management_systemJudging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.2023-08-089.8CVE-2023-37682
MISC
MISC
hikashop -- hikashopImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.2023-08-079.8CVE-2023-38044
MISC
MISC
microsoft -- windows_server_2022Windows Mobile Device Management Elevation of Privilege Vulnerability2023-08-089.8CVE-2023-38186
MISC
minecraft -- minecraftLogistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. The issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.2023-08-049.8CVE-2023-38689
MISC
MISC
MISC
matrix -- matrix_irc_bridgematrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.2023-08-049.8CVE-2023-38690
MISC
MISC
MISC
fit2cloud -- cloudexplorer_liteCloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.2023-08-049.8CVE-2023-38692
MISC
MISC
MISC
datadoghq -- import-in-the-middleimport-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for remote code execution in cases where an application passes user-supplied input directly to the `import()` function. This vulnerability has been patched in import-in-the-middle version 1.4.2. Some workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using import-in-the-middle, directly or indirectly, and support for EcmaScript Modules is not needed, ensure that no options are set, either via command-line or the `NODE_OPTIONS` environment variable, that would enable loader hooks.2023-08-079.8CVE-2023-38704
MISC
MISC
netgear -- r7100lg_firmwareNetgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.2023-08-079.8CVE-2023-38928
MISC
MISC
tenda -- 4g300_firmwareTenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer.2023-08-079.8CVE-2023-38929
MISC
tenda -- ac7_firmwareTenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.2023-08-079.8CVE-2023-38930
MISC
tenda -- ac10_firmwareTenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.2023-08-079.8CVE-2023-38931
MISC
tenda -- f1202_firmwareTenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.2023-08-079.8CVE-2023-38932
MISC
MISC
tenda -- ac10_firmwareTenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.2023-08-079.8CVE-2023-38933
MISC
tenda -- fh1203_firmwareTenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.2023-08-079.8CVE-2023-38934
MISC
tenda -- ac1206_firmwareTenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.2023-08-079.8CVE-2023-38935
MISC
tenda -- ac10_firmwareTenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.2023-08-079.8CVE-2023-38936
MISC
tenda -- ac10_firmwareTenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.2023-08-079.8CVE-2023-38937
MISC
tenda -- f1202_firmwareTenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.2023-08-079.8CVE-2023-38938
MISC
tenda -- f1202_firmwareTenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.2023-08-079.8CVE-2023-38939
MISC
tenda -- fh1203_firmwareTenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.2023-08-079.8CVE-2023-38940
MISC
mayanets -- e-commerceImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.2023-08-089.8CVE-2023-3898
MISC
papercut -- papercut_mfPaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).2023-08-049.8CVE-2023-39143
MISC
MISC
zoom -- zoomImproper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.2023-08-089.8CVE-2023-39216
MISC
renjikai -- linuxasmcallgraphLinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.2023-08-049.8CVE-2023-39346
MISC
MISC
MISC
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.2023-08-079.8CVE-2023-39524
MISC
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.2023-08-079.8CVE-2023-39526
MISC
MISC
phpgurukul -- online_security_guards_hiring_systemPHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.2023-08-049.8CVE-2023-39551
MISC
phpjabbers -- ticket_support_scriptA File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.2023-08-109.8CVE-2023-39776
MISC
MISC
clusterlabs -- libqblog_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.2023-08-089.8CVE-2023-39976
MISC
MISC
MISC
totolink -- t10_v2_firmwareTOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.2023-08-089.8CVE-2023-40041
MISC
totolink -- t10_v2_firmwareTOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.2023-08-089.8CVE-2023-40042
MISC
MISC
MISC
tongda2000 -- tongda_oaA vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-059.8CVE-2023-4165
MISC
MISC
MISC
tongda2000 -- tongda_oaA vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-059.8CVE-2023-4166
MISC
MISC
MISC
sourcecodester  -- hospital_management_systemA vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211.2023-08-069.8CVE-2023-4176
MISC
MISC
MISC
sourcecodester -- free_hospital_management_system_for_small_practicesA vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.2023-08-069.8CVE-2023-4179
MISC
MISC
MISC
sourcecodester  -- free_hospital_management_system_for_small_practicesA vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.2023-08-069.8CVE-2023-4180
MISC
MISC
MISC
sourcecodester -- free_hospital_management_system_for_small_practicesA vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.2023-08-069.8CVE-2023-4181
MISC
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.2023-08-069.8CVE-2023-4182
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.2023-08-069.8CVE-2023-4183
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.2023-08-069.8CVE-2023-4184
MISC
MISC
sourcecodester -- online_hospital_management_systemA vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220.2023-08-069.8CVE-2023-4185
MISC
MISC
MISC
sourcecodester  -- pharmacy_management_systemA vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability.2023-08-069.8CVE-2023-4186
MISC
MISC
MISC
sourcecodester  -- resort_reservation_systemA vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.2023-08-069.8CVE-2023-4191
MISC
MISC
MISC
sourcecodester -- resort_reservation_systemA vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.2023-08-079.8CVE-2023-4192
MISC
MISC
MISC
sourcecodester  -- resort_reservation_systemA vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.2023-08-079.8CVE-2023-4193
MISC
MISC
MISC
sourcecodester  -- inventory_management_systemA vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.2023-08-079.8CVE-2023-4200
MISC
MISC
MISC
sourcecodester  -- inventory_management_systemA vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.2023-08-079.8CVE-2023-4201
MISC
MISC
MISC
phoenixcontact -- multiple_productsIn PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.2023-08-089.6CVE-2023-3526
MISC
MISC
opnsense -- opnsense/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.2023-08-099.6CVE-2023-39007
MISC
MISC
mitsubishi_electric -- gt21_firmwarePredictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.2023-08-049.1CVE-2023-3373
MISC
MISC
MISC
adobe -- commerce
 
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker. Exploitation of this issue does not require user interaction.2023-08-099.1CVE-2023-38208
MISC
nomachine -- nomachineAn arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.2023-08-049.1CVE-2023-39107
MISC
MISC
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.2023-08-079.1CVE-2023-39525
MISC
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.2023-08-079.1CVE-2023-39529
MISC
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.2023-08-079.1CVE-2023-39530
MISC
MISC
instantcms -- instantcmsSQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-059.1CVE-2023-4188
MISC
MISC
sifir_bes_education_and_informatics -- kunduz-homework_helper_app
 
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.2023-08-099CVE-2023-3632
MISC
sap -- businessobjects_business_intelligenceSAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system2023-08-089CVE-2023-37490
MISC
MISC
sciencelogic -- sl1A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.2023-08-098.8CVE-2022-48580
MISC
sciencelogic -- sl1A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.2023-08-098.8CVE-2022-48581
MISC
sciencelogic -- sl1A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.2023-08-098.8CVE-2022-48582
MISC
sciencelogic -- sl1A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.2023-08-098.8CVE-2022-48583
MISC
sciencelogic -- sl1A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command. This allows for the injection of arbitrary commands to the underlying operating system.2023-08-098.8CVE-2022-48584
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48585
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48586
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48587
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48588
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48589
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48590
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48591
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48592
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48593
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48594
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48595
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48596
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48597
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48598
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48599
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48600
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48601
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48602
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48603
MISC
sciencelogic -- sl1A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a SQL query. This allows for the injection of arbitrary SQL before being executed against the database.2023-08-098.8CVE-2022-48604
MISC
siemens -- ruggedcom_crossbowA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.2023-08-088.8CVE-2023-27411
MISC
wordpress -- wordpressThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.2023-08-078.8CVE-2023-2843
MISC
microsoft -- teamsMicrosoft Teams Remote Code Execution Vulnerability2023-08-088.8CVE-2023-29328
MISC
microsoft -- teamsMicrosoft Teams Remote Code Execution Vulnerability2023-08-088.8CVE-2023-29330
MISC
zohocorp -- manageengine_network_configuration_managerAn issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.2023-08-048.8CVE-2023-29505
MISC
MISC
CONFIRM
microsoft -- exchange_serverMicrosoft Exchange Remote Code Execution Vulnerability2023-08-088.8CVE-2023-35368
MISC
microsoft -- windows_server_2008Windows Fax Service Remote Code Execution Vulnerability2023-08-088.8CVE-2023-35381
MISC
microsoft -- windows_server_2012Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability2023-08-088.8CVE-2023-35387
MISC
phoenixcontact -- wp_6xxx_seriesIn PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.2023-08-088.8CVE-2023-3570
MISC
phoenixcontact -- wp_6xxx_seriesIn PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.2023-08-088.8CVE-2023-3571
MISC
phoenixcontact -- wp_6xxx_seriesIn PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.2023-08-088.8CVE-2023-3573
MISC
netgear -- xr300_firmwareNetgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.2023-08-078.8CVE-2023-36499
MISC
MISC
zoom -- zoomInsufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.2023-08-088.8CVE-2023-36541
MISC
microsoft -- windows_server_2008Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability2023-08-088.8CVE-2023-36882
MISC
microsoft -- .net_frameworkASP.NET Elevation of Privilege Vulnerability2023-08-088.8CVE-2023-36899
MISC
sap -- message_serverThe ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.2023-08-088.8CVE-2023-37491
MISC
MISC
esds.co -- emagic_data_center_managementThis vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.2023-08-088.8CVE-2023-37569
MISC
MISC
esds.co -- emagic_data_center_managementThis vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. By reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.2023-08-088.8CVE-2023-37570
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.2023-08-098.8CVE-2023-37861
MISC
microsoft -- sql_serverMicrosoft OLE DB Remote Code Execution Vulnerability2023-08-088.8CVE-2023-38169
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Spoofing Vulnerability2023-08-088.8CVE-2023-38181
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability2023-08-088.8CVE-2023-38185
MISC
lw-systems -- benno_mailarchivA CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.2023-08-098.8CVE-2023-38348
MISC
MISC
netgear -- r6900p_firmwareNetgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.2023-08-078.8CVE-2023-38412
MISC
MISC
netgear -- dg834gv5_firmwareNetgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.2023-08-078.8CVE-2023-38591
MISC
MISC
eng -- knowageKnowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.2023-08-048.8CVE-2023-38702
MISC
pimcore -- pimcorePimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite. The impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.2023-08-048.8CVE-2023-38708
MISC
MISC
wger -- workout_managerCross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.2023-08-088.8CVE-2023-38759
MISC
MISC
netgear -- wg302v2_firmwareNetgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.2023-08-078.8CVE-2023-38921
MISC
MISC
netgear -- jwnr2000v2_firmwareNetgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.2023-08-078.8CVE-2023-38922
MISC
MISC
netgear -- dc112a_firmwareNetgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.2023-08-078.8CVE-2023-38925
MISC
MISC
netgear -- ex6200_firmwareNetgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.2023-08-078.8CVE-2023-38926
MISC
MISC
shuize_0x727_project -- shuize_0x727ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini.2023-08-058.8CVE-2023-38943
MISC
MISC
fobybus -- social-media-skeletonsocial-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.2023-08-048.8CVE-2023-39344
MISC
MISC
apache -- airflowExecution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0 This issue affects Apache Airflow: before 2.6.0.2023-08-058.8CVE-2023-39508
MISC
MISC
MISC
scancode.io -- scancode.ioScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter. In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands. Version 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly.2023-08-078.8CVE-2023-39523
MISC
MISC
MISC
MISC
netgear -- jwnr2000v2_firmwareNetgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.2023-08-078.8CVE-2023-39550
MISC
MISC
wordpress -- wordpressThe WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.2023-08-048.8CVE-2023-4140
MISC
MISC
MISC
wordpress -- wordpressThe WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.2023-08-048.8CVE-2023-4141
MISC
MISC
MISC
wordpress -- wordpressThe WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.2023-08-048.8CVE-2023-4142
MISC
MISC
MISC
omeka -- omeka_sUnrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-048.8CVE-2023-4159
MISC
MISC
ruijie -- rg-ew1200g_firmwareA vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-058.8CVE-2023-4169
MISC
MISC
MISC
cockpit-hq -- cockpitPHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.2023-08-068.8CVE-2023-4195
MISC
MISC
wordpress -- wordpressThe Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.2023-08-098.8CVE-2023-4239
MISC
MISC
wordpress -- wordpress
 
The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to execute code by installing plugins from arbitrary remote locations including non-repository sources onto the site, granted they are packaged as a valid WordPress plugin.2023-08-098.8CVE-2023-4243
MISC
MISC
MISC
wordpress -- wordpress
 
The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-08-108.8CVE-2023-4276
MISC
MISC
wordpress -- wordpress
 
The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2023-08-108.8CVE-2023-4277
MISC
MISC
wordpress -- wordpress
 
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'profile[role]' parameter during a profile update.2023-08-128.8CVE-2023-4293
MISC
MISC
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.2023-08-098.6CVE-2023-37860
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.2023-08-078.6CVE-2023-39528
MISC
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service.2023-08-098.2CVE-2023-37862
MISC
hedgedoc -- hedgedocHedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one. When the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed. Depending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database. This issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.2023-08-048.2CVE-2023-38487
MISC
MISC
cisco -- sd-wan_vmanageA vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.2023-08-048.1CVE-2020-26064
MISC
wordpress -- wordpressThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment2023-08-078.1CVE-2023-3365
MISC
sentry -- sentrySentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.2023-08-078.1CVE-2023-39349
MISC
MISC
MISC
MISC
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability2023-08-088CVE-2023-35388
MISC
microsoft -- sharepoint_serverMicrosoft SharePoint Server Spoofing Vulnerability2023-08-088CVE-2023-36891
MISC
microsoft -- sharepoint_serverMicrosoft SharePoint Server Spoofing Vulnerability2023-08-088CVE-2023-36892
MISC
microsoft -- exchange_serverMicrosoft Exchange Server Remote Code Execution Vulnerability2023-08-088CVE-2023-38182
MISC
stormshield -- ssl_vpn_clientAn issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.2023-08-057.8CVE-2022-46782
MISC
qualcomm_inc. -- snapdragonMemory corruption in Trusted Execution Environment while calling service API with invalid address.2023-08-087.8CVE-2023-21627
MISC
qualcomm_inc. -- snapdragonMemory corruption due to untrusted pointer dereference in automotive during system call.2023-08-087.8CVE-2023-21643
MISC
qualcomm_inc. -- snapdragonMemory corruption in RIL while trying to send apdu packet.2023-08-087.8CVE-2023-21648
MISC
qualcomm_inc. -- snapdragonMemory corruption in WLAN while running doDriverCmd for an unspecific command.2023-08-087.8CVE-2023-21649
MISC
qualcomm_inc. -- snapdragonMemory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.2023-08-087.8CVE-2023-21650
MISC
qualcomm_inc. -- snapdragonMemory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.2023-08-087.8CVE-2023-21651
MISC
qualcomm_inc. -- snapdragonMemory Corruption in Audio while playing amrwbplus clips with modified content.2023-08-087.8CVE-2023-22666
MISC
qualcomm_inc. -- snapdragonMemory corruption while allocating memory in COmxApeDec module in Audio.2023-08-087.8CVE-2023-28537
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-29320
MISC
siemens -- parasolidA vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-30795
MISC
microsoft -- windows_server_2008Windows Kernel Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-35359
MISC
microsoft -- office_online_serverMicrosoft Office Remote Code Execution Vulnerability2023-08-087.8CVE-2023-35371
MISC
microsoft -- officeMicrosoft Office Visio Remote Code Execution Vulnerability2023-08-087.8CVE-2023-35372
MISC
microsoft -- windows_server_2008Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-35379
MISC
microsoft -- windows_server_2008Windows Kernel Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-35380
MISC
microsoft -- windows_server_2019Windows Kernel Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-35382
MISC
microsoft -- windows_server_2012Windows Kernel Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-35386
MISC
microsoft -- visual_studio_2022.NET and Visual Studio Remote Code Execution Vulnerability2023-08-087.8CVE-2023-35390
MISC
zoom -- zoomUntrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.2023-08-087.8CVE-2023-36540
MISC
winitor -- pestudioAn issue in PEStudio v.9.52 allows a remote attacker to execute arbitrary code via a crafted DLL file to the PESstudio exeutable.2023-08-087.8CVE-2023-36546
MISC
microsoft -- officeMicrosoft Office Visio Remote Code Execution Vulnerability2023-08-087.8CVE-2023-36865
MISC
microsoft -- officeMicrosoft Office Visio Remote Code Execution Vulnerability2023-08-087.8CVE-2023-36866
MISC
microsoft -- officeMicrosoft Outlook Remote Code Execution Vulnerability2023-08-087.8CVE-2023-36895
MISC
microsoft -- office_online_serverMicrosoft Excel Remote Code Execution Vulnerability2023-08-087.8CVE-2023-36896
MISC
microsoft -- windows_11_21h2Tablet Windows User Interface Application Core Remote Code Execution Vulnerability2023-08-087.8CVE-2023-36898
MISC
microsoft -- windows_server_2008Windows Common Log File System Driver Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-36900
MISC
microsoft -- windows_server_2019Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-36904
MISC
microsoft -- windows_server_2019Windows Kernel Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-38154
MISC
microsoft -- hevc_video_extensionsHEVC Video Extensions Remote Code Execution Vulnerability2023-08-087.8CVE-2023-38170
MISC
microsoft -- windows_defenderMicrosoft Windows Defender Elevation of Privilege Vulnerability2023-08-087.8CVE-2023-38175
MISC
adobe -- dimension
 
Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-097.8CVE-2023-38211
MISC
adobe -- dimension
 
Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-097.8CVE-2023-38212
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38222
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38223
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38224
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38225
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38226
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38227
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38228
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38229
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38231
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38233
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38234
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38235
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-107.8CVE-2023-38246
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38524
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38525
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38526
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38527
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38528
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38529
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38530
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-38531
MISC
vim -- vimDivide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-32023-08-077.8CVE-2023-3896
MISC
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39181
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39182
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39183
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39184
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39185
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39186
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39187
MISC
siemens -- solid_edgeA vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.2023-08-087.8CVE-2023-39188
MISC
cryptomator -- cryptomatorCryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.2023-08-077.8CVE-2023-39520
MISC
MISC
MISC
MISC
wordpress -- wordpressThe Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.2023-08-077.5CVE-2021-24916
MISC
rarlab -- unrarUnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.2023-08-077.5CVE-2022-48579
MISC
mitsubishic_electric -- gt_designer3Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.2023-08-047.5CVE-2023-0525
MISC
MISC
MISC
qualcomm_inc. -- snapdragonInformation disclosure in Network Services due to buffer over-read while the device receives DNS response.2023-08-087.5CVE-2023-21625
MISC
qualcomm_inc. -- snapdragonTransient DOS in Audio while remapping channel buffer in media codec decoding.2023-08-087.5CVE-2023-28555
MISC
assmann -- ht-ip211hdp_firmwareAssmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.2023-08-047.5CVE-2023-30146
MISC
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Information Disclosure Vulnerability2023-08-087.5CVE-2023-35383
MISC
microsoft -- asp.net_coreASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability2023-08-087.5CVE-2023-35391
MISC
phpjabbers -- class_scheduling_systemUser enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-047.5CVE-2023-36135
MISC
MISC
zoom -- zoomBuffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.2023-08-087.5CVE-2023-36532
MISC
zoom -- zoomUncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.2023-08-087.5CVE-2023-36533
MISC
microsoft -- windows_server_2016Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability2023-08-087.5CVE-2023-36905
MISC
microsoft -- windows_server_2008Windows Cryptographic Services Information Disclosure Vulnerability2023-08-087.5CVE-2023-36906
MISC
microsoft -- windows_server_2008Windows Cryptographic Services Information Disclosure Vulnerability2023-08-087.5CVE-2023-36907
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-087.5CVE-2023-36912
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Information Disclosure Vulnerability2023-08-087.5CVE-2023-36913
MISC
siemens -- ruggedcom_crossbowA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.2023-08-087.5CVE-2023-37373
MISC
projectdiscovery -- nucleiNuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. This issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.2023-08-047.5CVE-2023-37896
MISC
MISC
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-087.5CVE-2023-38172
MISC
microsoft -- .net.NET Core and Visual Studio Denial of Service Vulnerability2023-08-087.5CVE-2023-38178
MISC
microsoft -- asp.net_core.NET and Visual Studio Denial of Service Vulnerability2023-08-087.5CVE-2023-38180
MISC
microsoft -- windows_server_2008Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability2023-08-087.5CVE-2023-38184
MISC
metersphere -- metersphereMeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.2023-08-047.5CVE-2023-38494
MISC
MISC
xithrius -- twitchtwitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.2023-08-047.5CVE-2023-38688
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.2023-08-087.5CVE-2023-38760
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.2023-08-087.5CVE-2023-38762
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.2023-08-087.5CVE-2023-38764
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.2023-08-087.5CVE-2023-38765
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.2023-08-087.5CVE-2023-38767
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.2023-08-087.5CVE-2023-38768
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.2023-08-087.5CVE-2023-38769
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.2023-08-087.5CVE-2023-38770
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.2023-08-087.5CVE-2023-38771
MISC
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.2023-08-087.5CVE-2023-38773
MISC
MISC
MISC
MISC
phpjabbers -- yacht_listing_scriptAn information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.2023-08-107.5CVE-2023-38830
MISC
MISC
zoom -- zoomImproper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.2023-08-087.5CVE-2023-39217
MISC
fujitsu -- software_infrastructure_managerFujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.2023-08-047.5CVE-2023-39379
MISC
MISC
imagemagick -- imagemagickImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.2023-08-087.5CVE-2023-39978
MISC
MISC
MISC
wordpress -- wordpressThe WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.2023-08-047.5CVE-2023-4139
MISC
MISC
templatecookie -- adlistingA vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-057.5CVE-2023-4168
MISC
MISC
MISC
chengdu -- flash_flood_disaster_monitoring_and_warning_systemA vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \Service\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.2023-08-057.5CVE-2023-4172
MISC
MISC
MISC
sourcecodester -- inventory_management_systemA vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.2023-08-077.5CVE-2023-4199
MISC
MISC
MISC
rust-lang -- cargoCargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.2023-08-047.3CVE-2023-38497
MISC
MISC
MISC
MISC
MISC
MISC
MISC
semcms -- semcmsFile Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.2023-08-057.2CVE-2020-23564
MISC
MISC
google -- androidIn DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed2023-08-077.2CVE-2023-33913
MISC
textpattern_cms -- textpattern_cmsDirectory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.2023-08-077.2CVE-2023-36220
MISC
MISC
MISC
MISC
phpgurukul -- online_nurse_hiring_systemOnline Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.2023-08-087.2CVE-2023-37687
MISC
MISC
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.2023-08-097.2CVE-2023-37859
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.2023-08-097.2CVE-2023-37863
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.2023-08-097.2CVE-2023-37864
MISC
microsoft -- dynamics_365_business_centralMicrosoft Dynamics Business Central Elevation Of Privilege Vulnerability2023-08-087.2CVE-2023-38167
MISC
qualcomm_inc. -- snapdragonCryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.2023-08-087.1CVE-2023-21626
MISC
qualcomm_inc. -- snapdragonCryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.2023-08-087.1CVE-2023-21652
MISC
microsoft -- windows_server_2008Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability2023-08-087.1CVE-2023-36876
MISC
n-able_technologies -- n-centralAn issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.2023-08-047CVE-2023-30297
MISC
MISC
microsoft -- windows_server_2019Windows Projected File System Elevation of Privilege Vulnerability2023-08-087CVE-2023-35378
MISC
microsoft -- azure_arc-enabled_serversAzure Arc-Enabled Servers Elevation of Privilege Vulnerability2023-08-087CVE-2023-38176
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpressThe WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitization as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.2023-08-076.8CVE-2023-3492
MISC
google -- androidIn keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.2023-08-076.7CVE-2023-20783
MISC
google -- androidIn keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.2023-08-076.7CVE-2023-20784
MISC
google -- androidIn gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.2023-08-076.7CVE-2023-20786
MISC
google -- androidIn ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.2023-08-076.7CVE-2023-20795
MISC
google -- androidIn camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.2023-08-076.7CVE-2023-20797
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.2023-08-076.7CVE-2023-20804
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.2023-08-076.7CVE-2023-20805
MISC
google -- androidIn hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.2023-08-076.7CVE-2023-20806
MISC
google -- androidIn dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.2023-08-076.7CVE-2023-20807
MISC
google -- androidIn OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.2023-08-076.7CVE-2023-20808
MISC
google -- androidIn vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.2023-08-076.7CVE-2023-20809
MISC
google -- androidIn IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.2023-08-076.7CVE-2023-20811
MISC
google -- androidIn wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560.2023-08-076.7CVE-2023-20814
MISC
google -- androidIn wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453587; Issue ID: ALPS07453587.2023-08-076.7CVE-2023-20815
MISC
google -- androidIn wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453589; Issue ID: ALPS07453589.2023-08-076.7CVE-2023-20816
MISC
google -- androidIn wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600.2023-08-076.7CVE-2023-20817
MISC
solarwinds_ -- serv-u
 
A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 2023-08-116.6CVE-2023-35179
MISC
MISC
cisco -- sd-wan_vmanageA vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.2023-08-046.5CVE-2020-26065
MISC
gitea -- giteaIn Gitea through 1.17.1, repo cloning can occur in the migration function.2023-08-076.5CVE-2022-38795
MISC
MISC
MISC
openrefine -- openrefineOpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.2023-08-046.5CVE-2022-41401
MISC
MISC
MISC
google -- chromeInappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)2023-08-046.5CVE-2022-4955
MISC
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.2023-08-076.5CVE-2023-20800
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.2023-08-076.5CVE-2023-20802
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.2023-08-076.5CVE-2023-20803
MISC
qualcomm_inc. -- snapdragonInformation disclosure in Bluetooth when an GATT packet is received due to improper input validation.2023-08-086.5CVE-2023-21647
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. The NetApp Volume Sensor transmits cleartext credentials over the network when the HTTP protocol is selected. This can be triggered remotely via a CSRF by simply sending a controls/addsensor3.htm link to a logged-in victim.2023-08-096.5CVE-2023-31452
MISC
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-086.5CVE-2023-35376
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-086.5CVE-2023-35377
MISC
microsoft -- windows_server_2008Windows HTML Platforms Security Feature Bypass Vulnerability2023-08-086.5CVE-2023-35384
MISC
microsoft -- dynamics_365Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability2023-08-086.5CVE-2023-35389
MISC
phpjabbers -- class_scheduling_systemPHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.2023-08-086.5CVE-2023-36136
MISC
MISC
zoom -- zoomClient-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.2023-08-086.5CVE-2023-36535
MISC
microsoft -- sharepoint_serverMicrosoft SharePoint Server Information Disclosure Vulnerability2023-08-086.5CVE-2023-36890
MISC
microsoft -- outlookMicrosoft Outlook Spoofing Vulnerability2023-08-086.5CVE-2023-36893
MISC
microsoft -- sharepoint_serverMicrosoft SharePoint Server Information Disclosure Vulnerability2023-08-086.5CVE-2023-36894
MISC
microsoft -- 365_appsVisual Studio Tools for Office Runtime Spoofing Vulnerability2023-08-086.5CVE-2023-36897
MISC
microsoft -- windows_server_2008Windows Hyper-V Information Disclosure Vulnerability2023-08-086.5CVE-2023-36908
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-086.5CVE-2023-36909
MISC
sap -- netweaver_application_server_abapSAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.2023-08-086.5CVE-2023-37492
MISC
MISC
microsoft -- edge_chromiumMicrosoft Edge (Chromium-based) Security Feature Bypass Vulnerability2023-08-076.5CVE-2023-38157
MISC
adobe -- commerce
 
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass. A low-privileged attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.2023-08-096.5CVE-2023-38209
MISC
microsoft -- windows_server_2008Microsoft Message Queuing Denial of Service Vulnerability2023-08-086.5CVE-2023-38254
MISC
zohocorp -- manageengine_admanager_plusZoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.2023-08-046.5CVE-2023-38332
MISC
MISC
matrix -- matrix-appservice-bridgematrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.2023-08-046.5CVE-2023-38691
MISC
MISC
cypress_image_snapshot -- cypress_image_snapshotcypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.2023-08-046.5CVE-2023-38695
MISC
MISC
MISC
MISC
ensdomains -- ethereum_name_serviceEthereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22. If successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost. Version 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.2023-08-046.5CVE-2023-38698
MISC
MISC
MISC
mindsdb -- mindsdbMindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.2023-08-046.5CVE-2023-38699
MISC
MISC
MISC
churchcrm -- churchcrmSQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.2023-08-086.5CVE-2023-38763
MISC
MISC
MISC
MISC
netgear -- dgn3500_firmwareNetgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.2023-08-076.5CVE-2023-38924
MISC
MISC
shopex -- ecshopECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.2023-08-046.5CVE-2023-39112
MISC
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.2023-08-046.5CVE-2023-4002
MISC
qemu -- qemuA heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.2023-08-046.5CVE-2023-4135
MISC
MISC
MISC
admidio -- admidioInsufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.2023-08-066.5CVE-2023-4190
MISC
MISC
google -- androidIn audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524.2023-08-076.4CVE-2023-20785
MISC
google -- androidIn thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734.2023-08-076.4CVE-2023-20787
MISC
google -- androidIn thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735.2023-08-076.4CVE-2023-20788
MISC
mediatek_inc. -- multiple_productsIn imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.2023-08-076.4CVE-2023-20801
MISC
wordpress -- wordpress
 
The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2023-08-106.4CVE-2023-4283
MISC
MISC
MISC
microsoft -- azure_devops_serverAzure DevOps Server Spoofing Vulnerability2023-08-086.3CVE-2023-36869
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.2023-08-086.1CVE-2023-24409
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.2023-08-086.1CVE-2023-24413
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.2023-08-086.1CVE-2023-27412
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions.2023-08-086.1CVE-2023-27421
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions.2023-08-086.1CVE-2023-27627
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.2023-08-056.1CVE-2023-30491
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions.2023-08-086.1CVE-2023-32503
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions.2023-08-056.1CVE-2023-34010
MISC
wordpress -- wordpressThe WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting2023-08-076.1CVE-2023-3524
MISC
phpjabbers -- class_scheduling_systemThere is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.2023-08-046.1CVE-2023-36137
MISC
MISC
sourcecodester  -- toll_tax_management_systemCross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.2023-08-046.1CVE-2023-36158
MISC
MISC
MISC
MISC
sourcecodester -- lost_and_found_information_systemCross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.2023-08-046.1CVE-2023-36159
MISC
MISC
MISC
phpjabbers -- document_creatorThere is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0.2023-08-106.1CVE-2023-36309
MISC
MISC
phpjabbers -- document_creatorThere is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.2023-08-106.1CVE-2023-36310
MISC
MISC
phpjabbers -- document_creatorPHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".2023-08-106.1CVE-2023-36313
MISC
MISC
phpjabbers -- callback_widgetThere is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.2023-08-106.1CVE-2023-36314
MISC
MISC
phpjabbers -- callback_widgetThere is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.2023-08-106.1CVE-2023-36315
MISC
MISC
digital_ant -- e-commerce_software
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.2023-08-086.1CVE-2023-3652
MISC
digital_ant -- e-commerce_software
 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.2023-08-086.1CVE-2023-3653
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.2023-08-056.1CVE-2023-36686
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.2023-08-056.1CVE-2023-36689
MISC
wordpress -- wordpressThe MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2023-08-076.1CVE-2023-3671
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.2023-08-056.1CVE-2023-37873
MISC
joomla -- joomlaImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.2023-08-076.1CVE-2023-38045
MISC
lw-systems -- benno_mailarchivAn issue was discovered in LWsystems Benno MailArchiv 2.10.1. Attackers can cause XSS via JavaScript content to a mailbox.2023-08-096.1CVE-2023-38347
MISC
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.2023-08-086.1CVE-2023-38384
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.2023-08-076.1CVE-2023-38392
MISC
churchcrm -- churchcrmCross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.2023-08-086.1CVE-2023-38761
MISC
MISC
MISC
MISC
creativeitem -- academy_learning_management_systemCreative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.2023-08-046.1CVE-2023-38964
MISC
prestashop -- prestashopPrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.2023-08-076.1CVE-2023-39527
MISC
MISC
phpgurukul -- online_security_guards_hiring_systemPHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).2023-08-046.1CVE-2023-39552
MISC
emby -- media_browser_emby_serverA vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183.2023-08-056.1CVE-2023-4167
MISC
MISC
MISC
moosocial -- moostoreA vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.2023-08-066.1CVE-2023-4173
MISC
MISC
MISC
moosocial -- moostoreA vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.2023-08-066.1CVE-2023-4174
MISC
MISC
MISC
moosocial -- mootravelA vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.2023-08-066.1CVE-2023-4175
MISC
MISC
microsoft -- .net_framework.NET Framework Spoofing Vulnerability2023-08-085.9CVE-2023-36873
MISC
vyperlang -- vyperVyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.2023-08-075.9CVE-2023-39363
MISC
MISC
MISC
MISC
MISC
sap -- supplier_relationship_managementSAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.2023-08-085.8CVE-2023-39436
MISC
MISC
empowerid -- empoweridA vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability.2023-08-065.7CVE-2023-4177
MISC
MISC
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-29303
MISC
google -- androidIn Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33906
MISC
google -- androidIn Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33907
MISC
google -- androidIn ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33908
MISC
google -- androidIn Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33909
MISC
google -- androidIn Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33910
MISC
google -- androidIn vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33911
MISC
google -- androidIn Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges2023-08-075.5CVE-2023-33912
MISC
microsoft -- windows_server_2008Windows Group Policy Security Feature Bypass Vulnerability2023-08-085.5CVE-2023-36889
MISC
microsoft -- windows_server_2022Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability2023-08-085.5CVE-2023-36914
MISC
adobe -- xmp_toolkit
 
Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38210
MISC
adobe -- dimension
 
Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-095.5CVE-2023-38213
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38230
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38232
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38236
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38237
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38238
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38239
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38240
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38241
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38242
MISC
adobe -- acrobat_readerAdobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38243
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38244
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a victim must open a maliciously crafted Microsoft Office file, or visit an attacker controlled web page.2023-08-105.5CVE-2023-38245
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38247
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-105.5CVE-2023-38248
MISC
siemens -- teamcenter_visualizationA vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.2023-08-085.5CVE-2023-38532
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.2023-08-085.4CVE-2022-45821
MISC
wordpress -- wordpressThe WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2023-08-075.4CVE-2023-0604
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.2023-08-085.4CVE-2023-23877
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.2023-08-085.4CVE-2023-23880
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.2023-08-085.4CVE-2023-29099
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.2023-08-085.4CVE-2023-30482
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a HL7 Sensor. When creating this sensor, the user can set the HL7 message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.2023-08-095.4CVE-2023-31448
MISC
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a WMI Custom Sensor. When creating this sensor, the user can set the WQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system.2023-08-095.4CVE-2023-31449
MISC
MISC
paessler -- prtg_network_monitorAn issue was discovered in Paessler PRTG Network Monitor 23.2.83.1760 x64. To exploit the vulnerability, a authenticated user can create a SQL Sensor. When creating this sensor, the user can set the SQL message that should be sent from the PRTG device. This input parameter contains a path traversal vulnerability that allows an attacker to choose arbitrary files from the system. They will be transmitted over the internet to the attacker's machine.2023-08-095.4CVE-2023-31450
MISC
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.2023-08-065.4CVE-2023-32600
MISC
wordpress -- wordpressThe Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks2023-08-075.4CVE-2023-3575
MISC
phpjabbers -- callback_widgetThere is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.2023-08-105.4CVE-2023-36312
MISC
MISC
apache -- rollerInsufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature. 2023-08-065.4CVE-2023-37581
MISC
MISC
wger -- workout_managerCross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.2023-08-085.4CVE-2023-38758
MISC
MISC
churchcrm -- churchcrmCross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.2023-08-085.4CVE-2023-38766
MISC
MISC
MISC
MISC
jeesite -- jeesiteAn issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.2023-08-045.4CVE-2023-38991
MISC
sap -- business_oneSAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.2023-08-085.4CVE-2023-39437
MISC
MISC
fobybus -- social-media-skeletonsocial-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.2023-08-085.4CVE-2023-39518
MISC
MISC
MISC
omeka -- omeka_sCross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-045.4CVE-2023-4158
MISC
MISC
cockpit -- cockpitCross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.2023-08-065.4CVE-2023-4196
MISC
MISC
advantech -- eki-1524_firmwareAdvantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.2023-08-085.4CVE-2023-4202
MISC
MISC
advantech -- eki-1524_firmwareAdvantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.2023-08-085.4CVE-2023-4203
MISC
MISC
wordpress -- wordpress
 
The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2. This makes it possible for authenticated attackers with subscriber privileges or above, to delete plugin settings.2023-08-105.4CVE-2023-4282
MISC
MISC
MISC
MISC
cisco -- asyncosA vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.2023-08-045.3CVE-2020-26082
MISC
vmware -- horizon_clientVMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.2023-08-045.3CVE-2023-34037
MISC
vmware -- horizon_clientVMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.2023-08-045.3CVE-2023-34038
MISC
phpjabbers -- cleaning_business_softwareUser enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.2023-08-045.3CVE-2023-36141
MISC
MISC
sap -- powerdesignerSAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.2023-08-085.3CVE-2023-37484
MISC
MISC
sap -- business_oneSAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application2023-08-085.3CVE-2023-37487
MISC
MISC
adobe -- commerce
 
Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.2023-08-095.3CVE-2023-38207
MISC
matrix -- sydentSydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.2023-08-045.3CVE-2023-38686
MISC
MISC
MISC
MISC
MISC
MISC
MISC
socketry -- protocol-http1protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.2023-08-045.3CVE-2023-38697
MISC
MISC
MISC
MISC
chengdu -- flash_flood_disaster_monitoring_and_warning_systemA vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \Service\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.2023-08-055.3CVE-2023-4171
MISC
MISC
MISC
fujitsu -- software_infrastructure_managerAn issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.2023-08-075CVE-2023-39903
MISC
MISC
phoenixcontact -- multiple_productsIn PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.2023-08-084.9CVE-2023-3569
MISC
MISC
zoom -- zoomClient-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.2023-08-084.9CVE-2023-39218
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Catalyst Connect Catalyst Connect Zoho CRM Client Portal plugin <= 2.0.0 versions.2023-08-104.8CVE-2022-44629
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions.2023-08-084.8CVE-2023-23829
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.2023-08-084.8CVE-2023-25063
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.2023-08-084.8CVE-2023-25459
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.2023-08-084.8CVE-2023-25984
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.2023-08-084.8CVE-2023-27415
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.2023-08-084.8CVE-2023-27416
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.2023-08-084.8CVE-2023-27422
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.2023-08-084.8CVE-2023-28931
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.2023-08-084.8CVE-2023-28934
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.2023-08-084.8CVE-2023-31221
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.2023-08-084.8CVE-2023-32292
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.2023-08-054.8CVE-2023-34377
MISC
wordpress -- wordpressThe Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).2023-08-074.8CVE-2023-3650
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.2023-08-054.8CVE-2023-36678
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions.2023-08-084.8CVE-2023-36692
MISC
phpgurukul-- online_nurse_hiring_systemOnline Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.2023-08-084.8CVE-2023-37683
MISC
MISC
MISC
phpgurukul -- online_nurse_hiring_systemOnline Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.2023-08-084.8CVE-2023-37684
MISC
MISC
MISC
MISC
phpgurukul -- online_nurse_hiring_systemOnline Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.2023-08-084.8CVE-2023-37685
MISC
MISC
MISC
MISC
phpgurukul -- online_nurse_hiring_systemOnline Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.2023-08-084.8CVE-2023-37686
MISC
MISC
MISC
MISC
phpgurukul-- maid_hiring_management_systemMaid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.2023-08-084.8CVE-2023-37688
MISC
MISC
MISC
MISC
phpgurukul -- maid_hiring_management_systemMaid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.2023-08-084.8CVE-2023-37689
MISC
MISC
MISC
MISC
phpgurukul-- maid_hiring_management_systemMaid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.2023-08-084.8CVE-2023-37690
MISC
MISC
MISC
MISC
wordpress -- wordpressAuth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.2023-08-054.8CVE-2023-37874
MISC
omeka -- omeka_sImproper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.2023-08-044.8CVE-2023-4157
MISC
MISC
dedebiz -- dedebizA vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2023-08-054.8CVE-2023-4170
MISC
MISC
MISC
instantcms -- instantcmsCross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-054.8CVE-2023-4187
MISC
MISC
instantcms -- instantcmsCross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.2023-08-054.8CVE-2023-4189
MISC
MISC
adobe -- acrobat_reader
 
Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. An attacker could leverage this vulnerability if the default PowerShell Set-ExecutionPolicy is set to Unrestricted, making the attack complexity high. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2023-08-104.7CVE-2023-29299
MISC
microsoft -- azure_hdinsightsAzure HDInsight Jupyter Notebook Spoofing Vulnerability2023-08-084.6CVE-2023-35394
MISC
microsoft -- azure_hdinsightsAzure Apache Hive Spoofing Vulnerability2023-08-084.5CVE-2023-35393
MISC
microsoft -- azure_hdinsightsAzure Apache Oozie Spoofing Vulnerability2023-08-084.5CVE-2023-36877
MISC
microsoft -- azure_hdinsightsAzure Apache Ambari Spoofing Vulnerability2023-08-084.5CVE-2023-36881
MISC
microsoft -- azure_hdinsightsAzure Apache Hadoop Spoofing Vulnerability2023-08-084.5CVE-2023-38188
MISC
google -- androidIn camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2023-08-074.4CVE-2022-47350
MISC
google -- androidIn camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2023-08-074.4CVE-2022-47351
MISC
google -- androidIn keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.2023-08-074.4CVE-2023-20780
MISC
google -- androidIn keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.2023-08-074.4CVE-2023-20781
MISC
google -- androidIn keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.2023-08-074.4CVE-2023-20782
MISC
google -- androidIn jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.2023-08-074.4CVE-2023-20789
MISC
mediatek_inc. -- multiple_productsIn nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.2023-08-074.4CVE-2023-20790
MISC
google -- androidIn apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.2023-08-074.4CVE-2023-20793
MISC
mediatek_inc. -- multiple_productsIn power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.2023-08-074.4CVE-2023-20796
MISC
google -- androidIn pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.2023-08-074.4CVE-2023-20798
MISC
google -- androidIn IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.2023-08-074.4CVE-2023-20810
MISC
mediatek_inc. -- multiple_productsIn wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.2023-08-074.4CVE-2023-20812
MISC
google -- androidIn wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549.2023-08-074.4CVE-2023-20813
MISC
google -- androidIn wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.2023-08-074.4CVE-2023-20818
MISC
sap -- businessobjects_business_intelligenceIn SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.2023-08-084.4CVE-2023-39440
MISC
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.2023-08-094.3CVE-2023-37855
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .2023-08-094.3CVE-2023-37856
MISC
sulu -- suluSulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10.2023-08-044.3CVE-2023-39343
MISC
MISC
MISC
wordpress -- wordpress
 
The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. This allows authenticated attackers with subscriber-level permissions and above to obtain sensitive information about the site configuration as disclosed by the WordPress health check.2023-08-094.3CVE-2023-4242
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies. This issue cannot be exploited to bypass the web service authentication of the affected device(s).2023-08-093.8CVE-2023-37857
MISC
phoenixcontact -- wp_6xxx_series
 
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.2023-08-093.8CVE-2023-37858
MISC
matrix -- matrix_irc_bridgematrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.2023-08-043.7CVE-2023-38700
MISC
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
jbt_markdown_editor -- jbt_markdown_editor
 
Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.2023-08-11not yet calculatedCVE-2020-19952
MISC
CONFIRM
MISC
gila_cms -- gila_cms
 
Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.2023-08-11not yet calculatedCVE-2020-20523
MISC
yzmcms -- yzmcms
 
Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.2023-08-11not yet calculatedCVE-2020-23595
MISC
laborator -- kalium
 
Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.2023-08-11not yet calculatedCVE-2020-24075
MISC
jerryscript -- jerryscript
 
An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).2023-08-11not yet calculatedCVE-2020-24187
MISC
MISC
getbyte -- getbyte
 
An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).2023-08-11not yet calculatedCVE-2020-24221
MISC
ffjpeg - -   ffjpeg
 
Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.2023-08-11not yet calculatedCVE-2020-24222
MISC
cms -- cms_dev
 
Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.2023-08-11not yet calculatedCVE-2020-24804
MISC
lepton-cms -- lepton-cms
 
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.2023-08-11not yet calculatedCVE-2020-24872
MISC
gnome_gmail -- gnome_gmail
 
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.2023-08-11not yet calculatedCVE-2020-24904
MISC
xxl-job-admin -- xxl-job-admin
 
Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.2023-08-11not yet calculatedCVE-2020-24922
MISC
daylight_studio_fuel_cms -- daylight_studio_fuel_cms
 
SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.2023-08-11not yet calculatedCVE-2020-24950
MISC
thinkcmf -- thinkcmf
 
Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.2023-08-11not yet calculatedCVE-2020-25915
MISC
zoho -- manageengine_password_manager_pro
 
Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.2023-08-11not yet calculatedCVE-2020-27449
MISC
MISC
zrlog -- zrlog
 
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).2023-08-11not yet calculatedCVE-2020-27514
MISC
foldingathome_client -- foldingathome_client
 
An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.2023-08-11not yet calculatedCVE-2020-27544
MISC
kindsoft-- kindeditor
 
Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.2023-08-11not yet calculatedCVE-2020-28717
MISC
jhead -- jhead
 
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).2023-08-11not yet calculatedCVE-2020-28840
MISC
MISC
MISC
MISC
churchcrm -- churchcrm
 
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.2023-08-11not yet calculatedCVE-2020-28848
MISC
churchcrm -- churchcrm
 
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.2023-08-11not yet calculatedCVE-2020-28849
MISC
faucet -- sdn_ryu
 
An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).2023-08-11not yet calculatedCVE-2020-35139
MISC
faucet -- sdn_ryu
 
An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).2023-08-11not yet calculatedCVE-2020-35141
MISC
foxit -- pdf_reader
 
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.2023-08-11not yet calculatedCVE-2020-35990
MISC
MISC
freedesktop -- poppler
 
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.2023-08-11not yet calculatedCVE-2020-36023
MISC
freedesktop -- poppler
 
An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.2023-08-11not yet calculatedCVE-2020-36024
MISC
sourcecodester -- school_faculty_scheduling_system
 
SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.2023-08-11not yet calculatedCVE-2020-36034
MISC
MISC
MISC
wuzhicms -- wuzhicms
 
An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.2023-08-11not yet calculatedCVE-2020-36037
MISC
bloofoxcms -- bloofoxcms
 
File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.2023-08-11not yet calculatedCVE-2020-36082
MISC
cszcms -- cszcms
 
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.2023-08-11not yet calculatedCVE-2020-36136
MISC
ffmpeg -- ffmpeg
 
An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).2023-08-11not yet calculatedCVE-2020-36138
MISC
MISC
MISC
qdpf -- qdpf
 
An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.2023-08-11not yet calculatedCVE-2021-25786
MISC
supermicro -- cms
 
An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.2023-08-11not yet calculatedCVE-2021-25856
MISC
supermicro -- cms
 
An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.2023-08-11not yet calculatedCVE-2021-25857
MISC
huemagic -- huemagic
 
Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.2023-08-11not yet calculatedCVE-2021-26504
MISC
hello.js -- hello.js
 
Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.2023-08-11not yet calculatedCVE-2021-26505
MISC
open-falcon -- open-falcon
 
An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.2023-08-11not yet calculatedCVE-2021-27523
MISC
braft-editor -- braft-editor
 
Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.2023-08-11not yet calculatedCVE-2021-27524
MISC
qt -- qt
 
Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).2023-08-11not yet calculatedCVE-2021-28025
MISC
cookieremembermemanager -- ruoyi
 
An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.2023-08-11not yet calculatedCVE-2021-28411
MISC
xnview -- xnview
 
Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.2023-08-11not yet calculatedCVE-2021-28427
MISC
ffmpeg -- ffmpeg
 
Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.2023-08-11not yet calculatedCVE-2021-28429
MISC
xnview -- xnview
 
Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.2023-08-11not yet calculatedCVE-2021-28835
MISC
CONFIRM
staticpool -- staticpool
 
An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.2023-08-11not yet calculatedCVE-2021-29057
MISC
pear_admin_think -- pear_admin_think
 
SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.2023-08-11not yet calculatedCVE-2021-29378
MISC
vim -- vim
 
vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.2023-08-11not yet calculatedCVE-2021-3236
MISC
siemens -- siemens_software_center
 
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.2023-08-08not yet calculatedCVE-2021-41544
MISC
intel(r) -- onemkl
 
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-25864
MISC
intel(r) -- proset/wireless_wifi_and_killer(tm)_wifi
 
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-27635
MISC
wordpress -- wordpress
 
Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions.2023-08-10not yet calculatedCVE-2022-27861
MISC
intel(r) -- processors
 
Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2022-27879
MISC
intel(r) -- dtt
 
Improper access control in the Intel DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-29470
MISC
intel(r) -- csme
 
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-29871
MISC
intel(r) -- manageability_commander
 
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2023-08-11not yet calculatedCVE-2022-29887
MISC
intel(r) -- pcsd_bios
 
Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2022-34657
MISC
intel(r) -- proset/wireless_wifi_and_killer(tm)_wifi
 
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.2023-08-11not yet calculatedCVE-2022-36351
MISC
intel(r) -- nuc_bios
 
Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-36372
MISC
intel(r) -- amt_in_csme/standard_manageability_in_csme
 
Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.2023-08-11not yet calculatedCVE-2022-36392
MISC
intel(r) -- nuc
 
Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-37336
MISC
intel(r) -- processors
 
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-37343
MISC
intel(r) -- proset/wireless_wifi_and_killer(tm)_wifi_software
 
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-38076
MISC
intel(r) -- processors
 
Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2022-38083
MISC
intel(r) -- converged_security_and_management_engine
 
Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2022-38102
MISC
intel(r) -- arc(tm)_graphics_cards_a770_and_a750
 
Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.2023-08-11not yet calculatedCVE-2022-38973
MISC
siemens -- sicam_toolbox_ii
 
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation.2023-08-08not yet calculatedCVE-2022-39062
MISC
intel(r) -- proset/wireless_wifi_and_killer(tm)_wifi
 
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-40964
MISC
intel(r) -- processors
 
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2022-40982
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
intel(r) -- xeon(r)_processors
 
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-41804
MISC
MISC
intel(r) -- arc(tm)_graphics_cards_a770_and_a750
 
Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2022-41984
MISC
intel(r) -- rst
 
Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-43456
MISC
intel(r) -- processors
 
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2022-43505
MISC
intel(r) -- processors
 
Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.2023-08-11not yet calculatedCVE-2022-44611
MISC
intel(r) -- unison(tm)
 
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2022-44612
MISC
intel(r) -- vroc
 
Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-45112
MISC
intel(r) -- proset/wireless_wifi
 
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2022-46329
MISC
apache -- traffic_server
 
Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server. This issue affects Apache Traffic Server: through 9.2.1.2023-08-09not yet calculatedCVE-2022-47185
MISC
studio_11 -- outsystems_service
 
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.2023-08-10not yet calculatedCVE-2022-47636
MISC
MISC
abb -- freelance_controllers
 
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible.  Numeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects: Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.2023-08-07not yet calculatedCVE-2023-0425
MISC
abb -- freelance_controllers
 
ABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves the reported vulnerabilities in the product versions under maintenance. An attacker who successfully exploited one or more of these vulnerabilities could cause the product to stop or make the product inaccessible. Stack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:  Freelance controllers AC 700F:  from 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1;  Freelance controllers AC 900F:  through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.2023-08-07not yet calculatedCVE-2023-0426
MISC
the_opennms_group -- horizon
 
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization's private networks and should not be directly accessible from the Internet.2023-08-11not yet calculatedCVE-2023-0871
MISC
MISC
amd -- multiple_products
 
Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.2023-08-08not yet calculatedCVE-2023-20555
MISC
amd -- uprof
 
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.2023-08-08not yet calculatedCVE-2023-20556
MISC
amd -- uprof
 
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.2023-08-08not yet calculatedCVE-2023-20561
MISC
amd -- uprof
 
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.2023-08-08not yet calculatedCVE-2023-20562
MISC
amd -- ryzen_3000_series_desktop_processors
 
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure.2023-08-08not yet calculatedCVE-2023-20569
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
amd -- radeon_software_crimson_relive_edition
 
A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations2023-08-08not yet calculatedCVE-2023-20586
MISC
amd -- epyc_7001_processors
 
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 2023-08-08not yet calculatedCVE-2023-20588
MISC
amd -- ryzen_3000_series_desktop_processors
 
An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 2023-08-08not yet calculatedCVE-2023-20589
MISC
intel(r) -- ethernet_controllers_and_adapters_e810_series
 
Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-22276
MISC
intel(r) -- nuc_bios_firmware
 
Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-22330
MISC
intel(r) -- onevpl_gpu
 
Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-22338
MISC
intel(r) -- nuc_bios_firmwareImproper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-22356
MISC
nozomi_networks -- guardian/cmc
 
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.2023-08-09not yet calculatedCVE-2023-22378
MISC
intel(r) -- nuc
 
Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-22444
MISC
intel(r) -- nuc_bios
 
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-22449
MISC
intel(r) -- onevpl_gpu
 
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-22840
MISC
intel(r) -- 621a_chipset
 
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-22841
MISC
nozomi_networks -- guardian
 
An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users. JavaScript injection was possible in the content for Yara rules, while limited HTML injection has been proven for packet and STYX rules. The injected code will be executed in the context of the authenticated victim's session.2023-08-09not yet calculatedCVE-2023-22843
MISC
audiocodes -- voip_desk_phones
 
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.2023-08-11not yet calculatedCVE-2023-22955
MISC
MISC
audiocodes -- voip_desk_phones
 
An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.2023-08-11not yet calculatedCVE-2023-22956
MISC
MISC
audiocodes -- voip_desk_phones
 
An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.2023-08-11not yet calculatedCVE-2023-22957
MISC
MISC
hcl_software -- hcl_nomad_for_web
 
If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 2023-08-10not yet calculatedCVE-2023-23342
MISC
hcl_software -- hcl_dryice_iautomate
 
HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.2023-08-09not yet calculatedCVE-2023-23346
MISC
hcl_software -- hcl_dryice_iautomate
 
HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm. An attacker can potentially compromise the confidentiality and integrity of sensitive information.2023-08-09not yet calculatedCVE-2023-23347
MISC
nozomi_networks -- guardian/cmc
 
A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.2023-08-09not yet calculatedCVE-2023-23574
MISC
intel(r) -- nuc
 
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-23577
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.2023-08-10not yet calculatedCVE-2023-23798
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arsham Mirshah Add Posts to Pages plugin <= 1.4.1 versions.2023-08-10not yet calculatedCVE-2023-23826
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Swashata WP Category Post List Widget plugin <= 2.0.3 versions.2023-08-10not yet calculatedCVE-2023-23828
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Webdzier Button plugin <= 1.1.23 versions.2023-08-10not yet calculatedCVE-2023-23871
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in YIKES, Inc. Easy Forms for Mailchimp plugin <= 6.8.8 versions.2023-08-10not yet calculatedCVE-2023-23900
MISC
nozomi_networks -- guardian
 
An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format. Every subsequent application request will return an error. The whole application in rendered unusable until a console intervention.2023-08-09not yet calculatedCVE-2023-23903
MISC
intel(r) -- xeon(r)_processors
 
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-23908
MISC
MISC
wordpress -- wordpress
 
Auth. (subscriber+) Reflected Cross-site Scripting (XSS) vulnerability in Wpazure Themes Upfrontwp theme <= 1.1 versions.2023-08-10not yet calculatedCVE-2023-24009
MISC
nozomi_networks -- guardian
 
A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.2023-08-09not yet calculatedCVE-2023-24015
MISC
intel(r) -- quartus(r)_prime_pro_and_standard_edition_software_for_linux
 
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-24016
MISC
rockwell_automation -- armor_powerflex
 
A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.2023-08-08not yet calculatedCVE-2023-2423
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3 versions.2023-08-10not yet calculatedCVE-2023-24389
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Spider Teams ApplyOnline plugin <= 2.5 versions.2023-08-10not yet calculatedCVE-2023-24391
MISC
wordpress -- wordpress
 
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Animated Number Counters plugin <= 1.6 versions.2023-08-10not yet calculatedCVE-2023-24393
MISC
nozomi_networks -- guardian
 
An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.2023-08-09not yet calculatedCVE-2023-24471
MISC
nozomi_networks -- guardian/cmc
 
In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session.2023-08-09not yet calculatedCVE-2023-24477
MISC
foswiki -- foswiki
 
Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.2023-08-08not yet calculatedCVE-2023-24698
MISC
siemens -- ruggedcom
 
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network. An attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.2023-08-08not yet calculatedCVE-2023-24845
MISC
intel(r) -- unite(r)_client_for_mac
 
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-25182
MISC
intel(r) -- unison(tm)
 
Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.2023-08-11not yet calculatedCVE-2023-25757
MISC
intel(r) -- unite(r)_hub_for_windows
 
Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-25773
MISC
intel(r) -- ethernet_controller_rdma_driver_for_linux
 
Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2023-08-11not yet calculatedCVE-2023-25775
MISC
intel(r) -- vcust_tool
 
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-25944
MISC
oppo -- oneplus_storeA remote code execution vulnerability in the webview component of OnePlus Store app.2023-08-10not yet calculatedCVE-2023-26309
MISC
oppo -- oppo_find_x3There is a command injection problem in the old version of the mobile phone backup app.2023-08-09not yet calculatedCVE-2023-26310
MISC
oppo -- oppo_storeA remote code execution vulnerability in the webview component of OPPO Store app.2023-08-10not yet calculatedCVE-2023-26311
MISC
intel(r) -- easy_streaming_wizard
 
Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-26587
MISC
alteryx -- server
 
Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file.2023-08-08not yet calculatedCVE-2023-26961
MISC
MISC
insyde -- h20
 
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.2023-08-07not yet calculatedCVE-2023-27373
MISC
intel(r) -- oneapi_toolkit
 
Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-27391
MISC
intel(r) -- support_android_application
 
Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-27392
MISC
intel(r) -- advanced_link_analyzer_standard_edition
 
Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-27505
MISC
intel(r) -- optimization_for_tensorflow
 
Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-27506
MISC
intel(r) -- ispc_software_installers
 
Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.2023-08-11not yet calculatedCVE-2023-27509
MISC
intel(r) -- dsa
 
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.2023-08-11not yet calculatedCVE-2023-27515
MISC
intel(r) -- nuc
 
Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-27887
MISC
ivanti -- desktop_&_server_management
 
Desktop & Server Management (DSM) may have a possible execution of arbitrary commands.2023-08-10not yet calculatedCVE-2023-28129
MISC
intel(r) -- ai_hackathon_software
 
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2023-08-11not yet calculatedCVE-2023-28380
MISC
intel(r) -- nuc_pro_software_suite_for_windows
 
Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.2023-08-11not yet calculatedCVE-2023-28385
MISC
intel(r) -- vdistribution_of_openvino(tm)_toolkit
 
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-28405
MISC
qualcomm_inc. -- snapdragon
 
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.2023-08-08not yet calculatedCVE-2023-28575
MISC
qualcomm_inc. -- snapdragon
 
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.2023-08-08not yet calculatedCVE-2023-28576
MISC
qualcomm_inc. -- snapdragon
 
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.2023-08-08not yet calculatedCVE-2023-28577
MISC
intel(r) -- onemkl
 
Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-28658
MISC
intel(r) -- hyperscan_library
 
Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-28711
MISC
intel(r) -- proset/wireless_wifi
 
Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-28714
MISC
intel(r) -- ssd_tools
 
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-28736
MISC
wordpress -- wordpressAuth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.2023-08-08not yet calculatedCVE-2023-28773
MISC
wordpress -- wordpressUnauth. Reflected Cross-Site Scripting (XSS) vulnerability in Vladimir Statsenko Terms descriptions plugin <= 3.4.4 versions.2023-08-10not yet calculatedCVE-2023-28779
MISC
intel(r) -- oneapi_toolkit
 
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-28823
MISC
siemens -- solid_edge
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.2023-08-08not yet calculatedCVE-2023-28830
MISC
intel(r) -- ssd_tools
 
Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-28938
MISC
cesanta -- mongoose
 
Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. Version 7.9 and prior does not appear to be vulnerable. This issue is resolved in version 7.11.2023-08-09not yet calculatedCVE-2023-2905
MISC
MISC
MISC
intel(r) -- psr_sdk
 
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-29151
MISC
intel(r) -- realsense(tm)_450_fa
 
Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-29243
MISC
intel(r) -- nuc
 
Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-29494
MISC
intel(r) -- nuc
 
Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-29500
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.2023-08-10not yet calculatedCVE-2023-30481
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.2023-08-10not yet calculatedCVE-2023-30654
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30679
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.2023-08-10not yet calculatedCVE-2023-30680
MISC
samsung_mobile -- samsung_mobile_devices
 
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.2023-08-10not yet calculatedCVE-2023-30681
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.2023-08-10not yet calculatedCVE-2023-30682
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.2023-08-10not yet calculatedCVE-2023-30683
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.2023-08-10not yet calculatedCVE-2023-30684
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.2023-08-10not yet calculatedCVE-2023-30685
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30686
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30687
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30688
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30689
MISC
samsung_mobile -- samsung_mobile_devices
 
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.2023-08-10not yet calculatedCVE-2023-30691
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30693
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30694
MISC
samsung_mobile -- galaxy_book
 
Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023 in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30695
MISC
samsung_mobile -- samsung_mobile_devices
 
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.2023-08-10not yet calculatedCVE-2023-30696
MISC
samsung_mobile -- samsung_mobile_devices
 
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.2023-08-10not yet calculatedCVE-2023-30697
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.2023-08-10not yet calculatedCVE-2023-30698
MISC
samsung_mobile -- samsung_mobile_devices
 
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.2023-08-10not yet calculatedCVE-2023-30699
MISC
samsung_mobile -- samsung_mobile_devicesPendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.2023-08-10not yet calculatedCVE-2023-30700
MISC
samsung_mobile -- samsung_mobile_devices
 
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.2023-08-10not yet calculatedCVE-2023-30701
MISC
samsung_mobile -- samsung_mobile_devices
 
Stack overflow vulnerability in SSHDCPAPP TA prior to SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023 in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code.2023-08-10not yet calculatedCVE-2023-30702
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.2023-08-10not yet calculatedCVE-2023-30703
MISC
samsung_mobile -- samsung_mobile_devices
 
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.2023-08-10not yet calculatedCVE-2023-30704
MISC
samsung_mobile -- galaxy_store
 
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6 allows local attackers to access privileged content providers as Galaxy Store permission.2023-08-10not yet calculatedCVE-2023-30705
MISC
intel(r) -- realsense(tm)_450_fa
 
Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-30760
MISC
siemens -- jt_open
 
A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.2023-08-08not yet calculatedCVE-2023-30796
MISC
checkmk -- checkmk
 
Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.2023-08-10not yet calculatedCVE-2023-31209
MISC
intel(r) -- sdp_tool
 
Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-31246
MISC
arcsight -- management_center
 
A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center. The vulnerability could be remotely exploited.2023-08-11not yet calculatedCVE-2023-32267
MISC
intel(r) -- nuc_bios
 
Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.2023-08-11not yet calculatedCVE-2023-32285
MISC
intel(r) -- its
 
Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-32543
MISC
intel(r) -- falcon_8+
 
Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-32547
MISC
ivanti -- avalanche
 
An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32560
MISC
ivanti -- avalanche
 
A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32561
MISC
ivanti -- avalanche
 
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32562
MISC
ivanti -- avalanche
 
An unauthenticated attacker could achieve the code execution through a RemoteControl server.2023-08-10not yet calculatedCVE-2023-32563
MISC
ivanti -- avalanche
 
An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.2023-08-10not yet calculatedCVE-2023-32564
MISC
ivanti -- avalanche
 
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32565
MISC
ivanti -- avalanche
 
An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32566
MISC
ivanti -- avalanche
 
Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.2023-08-10not yet calculatedCVE-2023-32567
MISC
intel(r) -- unite(r)_android_application
 
Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.2023-08-11not yet calculatedCVE-2023-32609
MISC
intel(r) -- multiple_products
 
Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-32617
MISC
intel(r) -- realsense(tm)_450_fa
 
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-32656
MISC
intel(r) -- realsense(tm)_sdks
 
Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-32663
MISC
zoho -- manageengine_adaudit_plus
 
The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.2023-08-07not yet calculatedCVE-2023-32783
MISC
gg_tss_implementations -- wallet
 
Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Depending on the Beta parameters chosen in the protocol implementation, the attack might require 16 signatures or more fully exfiltrate the other parties' private key shares.2023-08-09not yet calculatedCVE-2023-33241
MISC
MISC
MISC
MISC
MISC
lindell_tss_implementations -- wallet
 
Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.2023-08-09not yet calculatedCVE-2023-33242
MISC
MISC
MISC
MISC
kramer_electronics -- kramerav_via_connect/via_go
 
KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. This vulnerability involves extracting the connection confirmation code remotely, bypassing the need to obtain it directly from the physical screen.2023-08-09not yet calculatedCVE-2023-33468
MISC
MISC
kramer_electronics -- kramerav_via_connect/via_go
 
In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.2023-08-09not yet calculatedCVE-2023-33469
MISC
MISC
foswiki -- foswiki
 
An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.2023-08-08not yet calculatedCVE-2023-33756
CONFIRM
intel(r) -- realsense(tm)_450_fa
 
Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-33867
MISC
intel(r) -- realsense(tm)_450_fa
 
Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-33877
MISC
apache -- traffic_server
 
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. This issue affects Apache Traffic Server: through 9.2.1.2023-08-09not yet calculatedCVE-2023-33934
MISC
google -- grpc
 
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so that the following sequence of frames could cause infinite buffering: HEADERS: containing a: 1 CONTINUATION: containing a: 2 CONTINUATION: containing a: 3 etc…2023-08-09not yet calculatedCVE-2023-33953
MISC
sap_se -- sap_business_one
 
B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.2023-08-08not yet calculatedCVE-2023-33993
MISC
MISC
intel(r) -- nuc_bios
 
Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-34086
MISC
intel(r) -- nuc_bios
 
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-34349
MISC
intel(r) -- server_board_m10jnp2sb_integrated_bmc_video_drivers
 
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-34355
MISC
wordpress -- wordpress
 
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Rahul Aryan AnsPress plugin <= 4.3.0 versions.2023-08-10not yet calculatedCVE-2023-34374
MISC
intel(r) -- realsense(tm)_450_fa
 
Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-34427
MISC
intel(r) -- nuc_bios
 
Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2023-08-11not yet calculatedCVE-2023-34438
MISC
ubiquiti_inc -- unifi_access_points/switches
 
An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.2023-08-10not yet calculatedCVE-2023-35085
MISC
hashicorp -- consul/consul_enterprise
 
HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Fixed in 1.16.1.2023-08-09not yet calculatedCVE-2023-3518
MISC
wireguard -- wireguard
 
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.2023-08-09not yet calculatedCVE-2023-35838
MISC
MISC
massachusetts_institute_of_technology -- kerberos_5
 
lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.2023-08-07not yet calculatedCVE-2023-36054
MISC
MISC
CONFIRM
MISC
adiscon -- aiscon_loganalyzer
 
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.2023-08-08not yet calculatedCVE-2023-36306
MISC
diebold_nixdorf -- vynamic_view_console
 
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.2023-08-08not yet calculatedCVE-2023-36344
MISC
MISC
samsung_mobile -- samsung_mobile_devices
 
An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.2023-08-08not yet calculatedCVE-2023-36482
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smartypants SP Project & Document Manager plugin <= 4.67 versions.2023-08-10not yet calculatedCVE-2023-36530
MISC
clario -- vpn
 
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack for only traffic to the real IP address of the VPN server" rather than to only Clario.2023-08-09not yet calculatedCVE-2023-36671
MISC
MISC
clario -- vpn
 
An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in leakage of traffic in plaintext" rather than to only Clario.2023-08-09not yet calculatedCVE-2023-36672
MISC
MISC
MISC
avira -- phantom_vpn
 
An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.2023-08-09not yet calculatedCVE-2023-36673
MISC
MISC
sap_se -- sap_powerdesigner
 
SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.2023-08-08not yet calculatedCVE-2023-36923
MISC
MISC
sap_se -- sap_host_agent
 
Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.2023-08-08not yet calculatedCVE-2023-36926
MISC
MISC
code-projects -- gym_management_system
 
Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password fields, enabling SQL Injection attacks.2023-08-09not yet calculatedCVE-2023-37068
MISC
code-projects -- online_hospital_management_system
 
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login process, enabling an attacker to inject malicious SQL code.2023-08-10not yet calculatedCVE-2023-37069
MISC
MISC
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sudipto Pratap Mahato Simple Light Weight Social Share plugin <= 2.0 versions.2023-08-10not yet calculatedCVE-2023-37388
MISC
sap_se -- sap_commerce
 
Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.2023-08-08not yet calculatedCVE-2023-37486
MISC
MISC
sap_se -- sap_netweaver_process_integration
 
In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.2023-08-08not yet calculatedCVE-2023-37488
MISC
MISC
hcl_software -- hcl_traveler_to_do
 
If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.2023-08-11not yet calculatedCVE-2023-37511
MISC
hcl_software -- hcl_traveler_companion
 
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.2023-08-11not yet calculatedCVE-2023-37512
MISC
hcl_software -- hcl_traveler_to_do
 
When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.2023-08-11not yet calculatedCVE-2023-37513
MISC
cacti -- cacti
 
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.2023-08-10not yet calculatedCVE-2023-37543
MISC
MISC
netbox -- netbox
 
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.2023-08-10not yet calculatedCVE-2023-37625
MISC
MISC
MISC
bitberry -- file_opener
 
An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.2023-08-08not yet calculatedCVE-2023-37646
MISC
MISC
ez_softmagic -- mp3_audio_converter
 
EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.2023-08-10not yet calculatedCVE-2023-37734
MISC
MISC
wordpress -- wordpress
 
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Noël Jackson Art Direction plugin <= 0.2.4 versions.2023-08-10not yet calculatedCVE-2023-37983
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions.2023-08-10not yet calculatedCVE-2023-37988
MISC
ubiquiti_inc -- unifi_access_points/switches
 
A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.2023-08-10not yet calculatedCVE-2023-38034
MISC
php_group -- php
 
In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. 2023-08-11not yet calculatedCVE-2023-3823
MISC
MISC
php_group -- php
 
In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 2023-08-11not yet calculatedCVE-2023-3824
MISC
MISC
zoho -- manageengine_applications_manager
 
Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.2023-08-10not yet calculatedCVE-2023-38333
CONFIRM
wordpress -- wordpress
 
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eggemplo Gestion-Pymes plugin <= 1.5.6 versions.2023-08-10not yet calculatedCVE-2023-38397
MISC
snow_software -- snow_license_managerBlind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.2023-08-11not yet calculatedCVE-2023-3864
MISC
siemens -- sicam_toolbox_ii
 
A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.2023-08-08not yet calculatedCVE-2023-38641
MISC
siemens -- tecnomatix_plant_simulation
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)2023-08-08not yet calculatedCVE-2023-38679
MISC
siemens -- tecnomatix_plant_simulation
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)2023-08-08not yet calculatedCVE-2023-38680
MISC
siemens -- tecnomatix_plant_simulation
 
A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)2023-08-08not yet calculatedCVE-2023-38681
MISC
siemens -- jt2go/teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.2023-08-08not yet calculatedCVE-2023-38682
MISC
siemens -- jt2go/teamcenter_visualization
 
A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.2023-08-08not yet calculatedCVE-2023-38683
MISC
japan_computer_emergency_response_team_coordination_center -- special_interest_group_network_for_analysis_and_liaisonImproper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.2023-08-09not yet calculatedCVE-2023-38751
MISC
MISC
japan_computer_emergency_response_team_coordination_center -- special_interest_group_network_for_analysis_and_liaisonImproper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.2023-08-09not yet calculatedCVE-2023-38752
MISC
MISC
fasterxml -- _jackson-dataformats-textThose using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.2023-08-08not yet calculatedCVE-2023-3894
MISC
MISC
MISC
opnsense -- opnsense
 
A directory traversal vulnerability in the Captive Portal templates of OPNsense before 23.7 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.2023-08-09not yet calculatedCVE-2023-38997
MISC
MISC
opnsense -- opnsense
 
An open redirect in the Login page of OPNsense before 23.7 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.2023-08-09not yet calculatedCVE-2023-38998
MISC
MISC
opnsense -- opnsense
 
A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense before 23.7 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.2023-08-09not yet calculatedCVE-2023-38999
MISC
MISC
opnsense -- opnsense
 
A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense before 23.7 allows attackers to inject arbitrary JavaScript via the URL path.2023-08-09not yet calculatedCVE-2023-39000
MISC
MISC
opnsense -- opnsense
 
A command injection vulnerability in the component diag_backup.php of OPNsense before 23.7 allows attackers to execute arbitrary commands via a crafted backup configuration file.2023-08-09not yet calculatedCVE-2023-39001
MISC
MISC
opnsense -- opnsense
 
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2023-08-09not yet calculatedCVE-2023-39002
MISC
MISC
opnsense -- opnsense
 
OPNsense before 23.7 was discovered to contain insecure permissions in the directory /tmp.2023-08-09not yet calculatedCVE-2023-39003
MISC
MISC
opnsense -- opnsense
 
Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.2023-08-09not yet calculatedCVE-2023-39004
MISC
MISC
opnsense -- opnsense
 
Insecure permissions exist for configd.socket in OPNsense before 23.7.2023-08-09not yet calculatedCVE-2023-39005
MISC
MISC
opnsense -- opnsense
 
The Crash Reporter (crash_reporter.php) component of OPNsense before 23.7 mishandles input sanitization.2023-08-09not yet calculatedCVE-2023-39006
MISC
MISC
opnsense -- opnsense
 
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.2023-08-09not yet calculatedCVE-2023-39008
MISC
MISC
asus -- rt-ac66u_b1
 
ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.2023-08-08not yet calculatedCVE-2023-39086
MISC
MISC
MISC
zoom -- zoom_for_windows
 
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.2023-08-08not yet calculatedCVE-2023-39209
MISC
zoom -- zoom_for_windows
 
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.2023-08-08not yet calculatedCVE-2023-39210
MISC
zoom -- zoom_for_windows
 
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.2023-08-08not yet calculatedCVE-2023-39211
MISC
zoom -- zoom_for_windows
 
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.2023-08-08not yet calculatedCVE-2023-39212
MISC
zoom -- zoom_for_windows
 
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.2023-08-08not yet calculatedCVE-2023-39213
MISC
zoom -- zoom
 
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.2023-08-08not yet calculatedCVE-2023-39214
MISC
siemens -- ruggedcom
 
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause total loss of availability of the web server, which might recover after the attack is over.2023-08-08not yet calculatedCVE-2023-39269
MISC
wordpress -- wordpress
 
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.30.2 versions.2023-08-10not yet calculatedCVE-2023-39314
MISC
ffri_security_inc. -- ffri_yarai
 
"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition. Affected products and versions are as follows: FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0, FFRI yarai Home and Business Edition version 1.4.0, InfoTrace Mark II Malware Protection (Mark II Zerona) versions 3.0.1 to 3.2.2, Zerona / Zerona PLUS versions 3.2.32 to 3.2.36, ActSecure versions 3.4.0 to 3.4.6 and 3.5.0, Dual Safe Powered by FFRI yarai version 1.4.1, EDR Plus Pack (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0), and EDR Plus Pack Cloud (Bundled FFRI yarai versions 3.4.0 to 3.4.6 and 3.5.0).2023-08-09not yet calculatedCVE-2023-39341
MISC
MISC
MISC
MISC
MISC
MISC
freedomofpress -- dangerzone
 
Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user's terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2.2023-08-08not yet calculatedCVE-2023-39342
MISC
MISC
MISC
snow_software -- snow_license_manager
 
Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser2023-08-11not yet calculatedCVE-2023-3937
MISC
postgresql -- postgresql
 
IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.2023-08-11not yet calculatedCVE-2023-39417
MISC
MISC
MISC
postgresql -- postgresql
 
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.2023-08-11not yet calculatedCVE-2023-39418
MISC
MISC
MISC
MISC
siemens -- solid_edge
 
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.2023-08-08not yet calculatedCVE-2023-39419
MISC
sap_se -- sap_commerce_cloud
 
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.2023-08-08not yet calculatedCVE-2023-39439
MISC
MISC
schneider_electric -- gp-pro_ex_wingp
 
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.2023-08-09not yet calculatedCVE-2023-3953
MISC
getsentry -- sentry
 
Sentry is an error tracking and performance monitoring platform. Starting in version 10.0.0 and prior to version 23.7.2, an attacker with sufficient client-side exploits could retrieve a valid access token for another user during the OAuth token exchange due to incorrect credential validation. The client ID must be known and the API application must have already been authorized on the targeted user account. Sentry SaaS customers do not need to take any action. Self-hosted installations should upgrade to version 23.7.2 or higher. There are no direct workarounds, but users should review applications authorized on their account and remove any that are no longer needed.2023-08-09not yet calculatedCVE-2023-39531
MISC
endojs -- endo
 
SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`. On the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin. Within an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker. Within Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution. Versions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.2023-08-08not yet calculatedCVE-2023-39532
MISC
MISC
go-libp2p -- go-libp2p
 
go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.2023-08-08not yet calculatedCVE-2023-39533
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
eprosima -- fast-dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0, 2.9.2, and 2.6.5, a malformed GAP submessage can trigger assertion failure, crashing FastDDS. Version 2.10.0, 2.9.2, and 2.6.5 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39534
MISC
MISC
MISC
MISC
siemens -- solid_edge
 
A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)2023-08-08not yet calculatedCVE-2023-39549
MISC
apache -- airflow
 
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.2023-08-11not yet calculatedCVE-2023-39553
MISC
MISC
MISC
icms -- icms
 
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.2023-08-10not yet calculatedCVE-2023-39805
MISC
MISC
MISC
icms -- icms
 
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.2023-08-10not yet calculatedCVE-2023-39806
MISC
MISC
MISC
libbitcoin -- libbitcoin_explorer
 
The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. The use of an mt19937 Mersenne Twister PRNG restricts the internal entropy to 32 bits regardless of settings. This allows remote attackers to recover any wallet private keys generated from "bx seed" entropy output and steal funds. (Affected users need to move funds to a secure new cryptocurrency wallet.) NOTE: the vendor's position is that there was sufficient documentation advising against "bx seed" but others disagree. NOTE: this was exploited in the wild in June and July 2023.2023-08-09not yet calculatedCVE-2023-39910
MISC
MISC
MISC
MISC
MISC
eprosima -- fast-dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5, a data submessage sent to PDP port raises unhandled `BadParamException` in fastcdr, which in turn crashes fastdds. Versions 2.11.0, 2.10.2, 2.9.2, and 2.6.5 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39945
MISC
MISC
MISC
eprosima -- fast-dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, heap can be overflowed by providing a PID_PROPERTY_LIST parameter that contains a CDR string with length larger than the size of actual content. In `eprosima::fastdds::dds::ParameterPropertyList_t::push_back_helper`, `memcpy` is called to first copy the octet'ized length and then to copy the data into `properties_.data`. At the second memcpy, both `data` and `size` can be controlled by anyone that sends the CDR string to the discovery multicast port. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39946
MISC
MISC
eprosima -- fast-dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6, even after the fix at commit 3492270, malformed `PID_PROPERTY_LIST` parameters cause heap overflow at a different program counter. This can remotely crash any Fast-DDS process. Versions 2.11.1, 2.10.2, 2.9.2, and 2.6.6 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39947
MISC
MISC
eprosima -- fast-dds
 
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.10.0 and 2.6.5, the `BadParamException` thrown by Fast CDR is not caught in Fast DDS. This can remotely crash any Fast DDS process. Versions 2.10.0 and 2.6.5 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39948
MISC
MISC
MISC
eprosima -- fast-ddseprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.9.1 and 2.6.5, improper validation of sequence numbers may lead to remotely reachable assertion failure. This can remotely crash any Fast-DDS process. Versions 2.9.1 and 2.6.5 contain a patch for this issue.2023-08-11not yet calculatedCVE-2023-39949
MISC
MISC
MISC
opentelemetry -- opentelemetry
 
OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.2023-08-08not yet calculatedCVE-2023-39951
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1, a user can access files inside a subfolder of a groupfolder accessible to them, even if advanced permissions would block access to the subfolder. Nextcloud Server versions 25.0.8, 26.0.3, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.4, 25.0.8, 26.0.3, and 27.0.1 contain a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39952
MISC
MISC
MISC
MISC
nextcloud -- oidc
 
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, missing verification of the issuer would have allowed an attacker to perform a man-in-the-middle attack returning corrupted or known token they also have access to. user_oidc 1.3.3 contains a patch. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39953
MISC
MISC
MISC
nextcloud -- oidc
 
user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Starting in version 1.0.0 and prior to version 1.3.3, an attacker that obtained at least read access to a snapshot of the database can impersonate the Nextcloud server towards linked servers. user_oidc 1.3.3 contains a patch. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39954
MISC
MISC
MISC
nextcloud -- notes
 
Notes is a note-taking app for Nextcloud, an open-source cloud platform. Starting in version 4.4.0 and prior to version 4.8.0, when creating a note file with HTML, the content is rendered in the preview instead of the file being offered to download. Nextcloud Notes app version 4.8.0 contains a patch for the issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39955
MISC
MISC
MISC
nextcloud -- talk_android
 
Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android. Prior to version 17.0.0, an unprotected intend allowed malicious third party apps to trick the Talk Android app into writing files outside of its intended cache directory. Nextcloud Talk Android version 17.0.0 has a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39957
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 22.0.0 and prior to versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 22.2.10.13, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39958
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.9, 26.0.4, and 27.0.1, unauthenticated users could send a DAV request which reveals whether a calendar or an address book with the given identifier exists for the victim. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39959
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 24.0.4 and prior to versions 25.0.9, 26.0.4, and 27.0.1, when a folder with images or an image was shared without download permissions, the user could add the image inline into a text file and download it. Nextcloud Server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39961
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 19.0.0 and prior to versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a malicious user could delete any personal or global external storage, making them inaccessible for everyone else as well. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 19.0.13.10, 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. As a workaround, disable app files_external. This also makes the external storage inaccessible but retains the configurations until a patched version has been deployed.2023-08-10not yet calculatedCVE-2023-39962
MISC
MISC
MISC
nextcloud -- server
 
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully stealing a session from a logged in user, to create app passwords for the victim. Nextcloud server versions 25.0.9, 26.0.4, and 27.0.1 and Nextcloud Enterprise Server versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1 contain a patch for this issue. No known workarounds are available.2023-08-10not yet calculatedCVE-2023-39963
MISC
MISC
MISC
1panel-dev -- 1panel
 
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.2023-08-10not yet calculatedCVE-2023-39964
MISC
MISC
1panel-dev -- 1panel
 
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.2023-08-10not yet calculatedCVE-2023-39965
MISC
MISC
1panel-dev -- 1panel
 
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.2023-08-10not yet calculatedCVE-2023-39966
MISC
MISC
trailofbits -- uthenticode
 
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Version 1.0.9 of uthenticode hashed the entire file rather than hashing sections by virtual address, in violation of the Authenticode specification. As a result, an attacker could modify code within a binary without changing its Authenticode hash, making it appear valid from uthenticode's perspective. Versions of uthenticode prior to 1.0.9 are not vulnerable to this attack, nor are versions in the 2.x series. By design, uthenticode does not perform full-chain validation. However, the malleability of signature verification introduced in 1.0.9 was an unintended oversight. The 2.x series addresses the vulnerability. Versions prior to 1.0.9 are also not vulnerable, but users are encouraged to upgrade rather than downgrade. There are no workarounds to this vulnerability.2023-08-09not yet calculatedCVE-2023-39969
MISC
MISC
MISC
trailofbits -- uthenticode
 
uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could produce a "signed" PE file that uthenticode would verify and consider valid using an X.509 certificate that isn't entitled to produce code signatures (e.g., a SSL certificate). By design, uthenticode does not perform full-chain validation. However, the absence of EKU validation was an unintended oversight. The 2.0.0 release series includes EKU checks. There are no workarounds to this vulnerability.2023-08-09not yet calculatedCVE-2023-40012
MISC
MISC
MISC
openzeppelin -- openzeppelin_contracts
 
OpenZeppelin Contracts is a library for secure smart contract development. Starting in version 4.0.0 and prior to version 4.9.3, contracts using `ERC2771Context` along with a custom trusted forwarder may see `_msgSender` return `address(0)` in calls that originate from the forwarder with calldata shorter than 20 bytes. This combination of circumstances does not appear to be common, in particular it is not the case for `MinimalForwarder` from OpenZeppelin Contracts, or any deployed forwarder the team is aware of, given that the signer address is appended to all calls that originate from these forwarders. The problem has been patched in v4.9.3.2023-08-10not yet calculatedCVE-2023-40014
MISC
MISC
MISC
MISC
MISC
MISC
mongodb_inc. -- mongodb_ops_manager
 
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.2023-08-08not yet calculatedCVE-2023-4009
MISC
MISC
ntpsec -- ntpsec
 
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).2023-08-07not yet calculatedCVE-2023-4012
MISC
MISC
MISC
MISC
openbsd -- openbsd
 
OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation. This could cause incorrect memory access and a kernel crash after receiving crafted DCS or CSI terminal escape sequences.2023-08-10not yet calculatedCVE-2023-40216
MISC
MISC
misp -- misp
 
MISP 2.4174 allows XSS in app/View/Events/index.ctp.2023-08-10not yet calculatedCVE-2023-40224
MISC
haproxy -- haproxy
 
HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.2023-08-10not yet calculatedCVE-2023-40225
MISC
MISC
MISC
MISC
MISC
MISC
archimate_archi -- archimate_archi
 
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share server that does not accept a guest account, the host will try to authenticate on the share by using the current user's session. NOTE: this issue occurs because Archi uses an unsafe configuration of the Eclipse Modeling Framework.2023-08-10not yet calculatedCVE-2023-40235
MISC
MISC
MISC
MISC
genians -- genian_nac_v4.0
 
Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Functionality Misuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.2023-08-11not yet calculatedCVE-2023-40253
MISC
genians -- genian_nac_v4.0
 
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.2023-08-11not yet calculatedCVE-2023-40254
MISC
veritas -- netbackup_snapshot_manager
 
A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.2023-08-11not yet calculatedCVE-2023-40256
MISC
empowerid -- empowerid
 
EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information.2023-08-11not yet calculatedCVE-2023-40260
MISC
gitpython -- gitpython
 
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.2023-08-11not yet calculatedCVE-2023-40267
MISC
MISC
mattermost -- mattermost
 
Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message2023-08-11not yet calculatedCVE-2023-4105
MISC
mattermost -- mattermost
 
Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.2023-08-11not yet calculatedCVE-2023-4106
MISC
mattermost -- mattermost
 
Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.2023-08-11not yet calculatedCVE-2023-4107
MISC
mattermost -- mattermost
 
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged2023-08-11not yet calculatedCVE-2023-4108
MISC
linux -- kernel
 
A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.2023-08-10not yet calculatedCVE-2023-4128
MISC
MISC
MISC
MISC
MISC
linux -- kernel
 
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.2023-08-07not yet calculatedCVE-2023-4147
MISC
MISC
MISC
MISC
linux -- kernel
 
A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.2023-08-07not yet calculatedCVE-2023-4194
MISC
MISC
MISC
MISC
MISC
MISC
MISC
sourcecodester -- doctors_appointment_system
 
A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.2023-08-08not yet calculatedCVE-2023-4219
MISC
MISC
MISC
zephyrproject-rtos -- zephyr
 
Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L8412023-08-12not yet calculatedCVE-2023-4265
MISC
linux -- kernel
 
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a single long file name. Since the file name characters are copied into a stack variable, a local privileged attacker could use this flaw to overflow the kernel stack.2023-08-09not yet calculatedCVE-2023-4273
MISC
MISC
MISC
froxlor -- froxlor
 
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.2023-08-11not yet calculatedCVE-2023-4304
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.