Category: alerts

Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.

alerts

CISA, FBI, and MS-ISAC Update Joint CSA on Progress Telerik Vulnerabilities

Post author By admin
Post date June 15, 2023

Today, CISA, the Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) released an update for joint Cybersecurity Advisory (CSA) Threat Actors Exploit Progress Telerik Vulnerability in U.S. Government IIS Server.

This iteration of the CSA—now renamed Threat Actors Exploit Progress Telerik Vulnerabilities in Multiple U.S. Government IIS Servers—is based on the forensic analysis and identified exploitation of CVE-2017-9248 at an additional FCEB agency. Activity identified at this agency is separate from the CVE-2019-18935 exploitation listed in the original publication; analysis is provided as context for existing vulnerabilities within Telerik UI for ASP.NET AJAX. Further, this update provides a timetable and context of unattributed APT actor activity that highlights events, including identified malicious files.

CISA, FBI, and MS-ISAC encourage network defenders to review this update and refer to the accompanying Malware Analysis Report, MAR-10443863-1.v1 CVE-2017-9248 Exploitation in U.S. Government IIS Server for analysis of the newly identified malicious files.

alerts

Understanding Ransomware Threat Actors: LockBit

Post author By admin
Post date June 14, 2023

SUMMARY

In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit ransomware operation functions as a Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure. Due to the large number of unconnected affiliates in the operation, LockBit ransomware attacks vary significantly in observed tactics, techniques, and procedures (TTPs). This variance in observed ransomware TTPs presents a notable challenge for organizations working to maintain network security and protect against a ransomware threat.

The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the following international partners, hereafter referred to as “authoring organizations,” are releasing this Cybersecurity Advisory (CSA) detailing observed activity in LockBit ransomware incidents and providing recommended mitigations to enable network defenders to proactively improve their organization’s defenses against this ransomware operation.

Australian Cyber Security Centre (ACSC)
Canadian Centre for Cyber Security (CCCS)
United Kingdom’s National Cyber Security Centre (NCSC-UK)
National Cybersecurity Agency of France (ANSSI)
Germany’s Federal Office for Information Security (BSI)
New Zealand’s Computer Emergency Response Team (CERT NZ) and National Cyber Security Centre (NCSC NZ)

The authoring organizations encourage the implementation of the recommendations found in this CSA to reduce the likelihood and impact of future ransomware incidents.

Understanding Ransomware Threat Actors: LockBit
(PDF, 1.24 MB
)

TECHNICAL DETAILS

Note: This advisory uses the MITRE ATT&CK for Enterprise framework, version 13.1. See the MITRE ATT&CK Tactics and Techniques section for tables of LockBit’s activity mapped to MITRE ATT&CK® tactics and techniques.

Introduction

The LockBit RaaS and its affiliates have negatively impacted organizations, both large and small, across the world. In 2022, LockBit was the most active global ransomware group and RaaS provider in terms of the number of victims claimed on their data leak site. [1] A RaaS cybercrime group maintains the functionality of a particular ransomware variant, sells access to that ransomware variant to individuals or groups of operators (often referred to as “affiliates”), and supports affiliates’ deployment of their ransomware in exchange for upfront payment, subscription fees, a cut of profits, or a combination of upfront payment, subscription fees, and a cut of profits. Some of the methods LockBit has used to successfully attract affiliates include, but are not limited to:

Assuring payment by allowing affiliates to receive ransom payments before sending a cut to the core group; this practice stands in stark contrast to other RaaS groups who pay themselves first and then disburse the affiliates’ cut.
Disparaging other RaaS groups in online forums.
Engaging in publicity-generating activities stunts, such as paying people to get LockBit tattoos and putting a $1 million bounty on information related to the real-world identity of LockBit’s lead who goes by the persona “LockBitSupp.”
Developing and maintaining a simplified, point-and-click interface for its ransomware, making it accessible to those with a lower degree of technical skill. [2, 3]

LockBit has been successful through innovation and ongoing development of the group’s administrative panel and the RaaS supporting functions. In parallel, affiliates that work with LockBit and other notable variants are constantly revising the TTPs used for deploying and executing ransomware.

Table 1 shows LockBit RaaS’s innovation and development.

Table 1: Evolution of LockBit RaaS

Date	Event
September 2019	First observed activity of ABCD ransomware, the predecessor to LockBit. [4]
January 2020	LockBit-named ransomware first seen on Russian-language based cybercrime forums.
June 2021	Appearance of LockBit version 2 (LockBit 2.0), also known as LockBit Red including StealBit, a built-in information-stealing tool.
October 2021	Introduction of LockBit Linux-ESXi Locker version 1.0 expanding capabilities to target systems to Linux and VMware ESXi. [5]
March 2022	Emergence of LockBit 3.0, also known as LockBit Black, that shares similarities with BlackMatter and Alphv (also known as BlackCat) ransomware.
September 2022	Non-LockBit affiliates able to use LockBit 3.0 after its builder was leaked. [2, 6]
January 2023	Arrival of LockBit Green incorporating source code from Conti ransomware. [7]
April 2023	LockBit ransomware encryptors targeting macOS seen on VirusTotal [8, 9]

LockBit 2.0, LockBit 3.0, LockBit Green, and LockBit Linux-ESXi Locker are still available for affiliates’ use on LockBit’s panel.

LockBit Statistics

Percentage of ransomware incidents attributed to LockBit:

Australia: From April 1, 2022, to March 31, 2023, LockBit made up 18% of total reported Australian ransomware incidents. This figure includes all variants of LockBit ransomware, not solely LockBit 3.0.
Canada: In 2022, LockBit was responsible for 22% of attributed ransomware incidents in Canada.[10]
New Zealand: In 2022, CERT NZ received 15 reports of LockBit ransomware, representing 23% of 2022 ransomware reports.
United States: In 2022, 16% of the State, Local, Tribal, and Tribunal (SLTT) government ransomware incidents reported to the MS-ISAC were identified as LockBit attacks. This included ransomware incidents impacting municipal governments, county governments, public higher education and K-12 schools, and emergency services (e.g., law enforcement).

Number of LockBit ransomware attacks in the U.S. since 2020:

About 1,700 attacks according to the FBI.

Total of U.S. ransoms paid to LockBit:

Approximately $91M since LockBit activity was first observed in the U.S. on January 5, 2020.

Earliest observed LockBit activity:

Australia: The earliest documented occurrence of LockBit 3.0 was in early August 2022.
Canada: The first recorded instance of LockBit activity in Canada was in March 2020.
New Zealand: The first recorded incident involving LockBit ransomware was in March 2021.
United States: LockBit activity was first observed on January 5, 2020.

Most recently observed LockBit activity:

Australia: April 21, 2023.
New Zealand: February 2023.
United States: As recently as May 25, 2023.

Operational activity related to LockBit in France

Since the first case in July 2020 to present, ANSSI has handled 80 alerts linked to the LockBit ransomware, which accounts for 11% of all ransomware cases handled by ANSSI in that period. In about 13% of those cases, ANSSI was not able to confirm nor deny the breach of its constituents’ networks – as the alerts were related to the threat actor’s online claims. So far, 69 confirmed incidents have been handled by ANSSI. Table 2 shows the LockBit activity observed by ANSSI versus overall ransomware activity tracked by the Computer Emergency Response Team-France (CERT-FR).

Table 2: ANSSI-Observed LockBit vs. Overall Ransomware Activity

Year	Number of Incidents	Percentage of CERT-FR’s Ransomware-Related Activity
2020 (from July)	4	2%
2021	20	10%
2022	30	27%
2023	15	27%
Total (2020-2023)	69	11%

Table 3 shows the number of instances different LockBit strains were observed by ANSSI from July 2020 to present.

Table 3: ANSSI-Observed LockBit Strain and Number of Instances

Name of the Strain*	Number of Instances
LockBit 2.0 (LockBit Red)	26
LockBit 3.0 (LockBit Black)	23
LockBit	21
LockBit Green	1
LockBit (pre-encryption)	1
Total	72**

* Name either obtained from ANSSI’s or the victim’s investigations
** Includes incidents with multiple strains

Figure 1: ANSSI-Observed LockBit Strains by Year

From the incidents handled, ANSSI can infer that LockBit 3.0 widely took over from LockBit 2.0 and the original LockBit strain from 2022. In two cases, victims were infected with as many as three different strains of LockBit (LockBit 2.0/Red, LockBit 3.0/Black, and LockBit Green).

Leak Sites

The authoring agencies observe data leak sites, where attackers publish the names and captured data of victims if they do not pay ransom or hush money. Additionally, these sites can be used to record alleged victims who have been threatened with a data leak. The term ‘victims’ may include those who have been attacked, or those who have been threatened or blackmailed (with the attack having taken place).

The leak sites only show the portion of LockBit affiliates’ victims subjected to secondary extortion. Since 2021, LockBit affiliates have employed double extortion by first encrypting victim data and then exfiltrating that data while threatening to post that stolen data on leak sites. Because LockBit only reveals the names and leaked data of victims who refuse to pay the primary ransom to decrypt their data, some LockBit victims may never be named or have their exfiltrated data posted on leak sites. As a result, the leak sites reveal a portion of LockBit affiliates’ total victims. For these reasons, the leak sites are not a reliable indicator of when LockBit ransomware attacks occurred. The date of data publication on the leak sites may be months after LockBit affiliates actually executed ransomware attacks.

Up to the Q1 2023, a total of 1,653 alleged victims were observed on LockBit leak sites. With the introduction of LockBit 2.0 and LockBit 3.0, the leak sites have changed, with some sources choosing to differentiate leak sites by LockBit versions and others ignoring any differentiation. Over time, and through different evolutions of LockBit, the address and layout of LockBit leak sites have changed and are aggregated under the common denominator of the LockBit name. The introduction of LockBit 2.0 at the end of the Q2 2021 had an immediate impact on the cybercriminal market due to multiple RaaS operations shutting down in May and June 2021 (e.g., DarkSide and Avaddon). LockBit competed with other RaaS operations, like Hive RaaS, to fill the gap in the cybercriminal market leading to an influx of LockBit affiliates. Figure 2 shows the alleged number of victims worldwide on LockBit leak sites starting in Q3 2020. Figure 2 shows the alleged number of victims worldwide on LockBit leak sites starting in Q3 2020.

Figure 2: Alleged Number of Victims Worldwide on LockBit Leak Sites

Tools

During their intrusions, LockBit affiliates have been observed using various freeware and open-source tools that are intended for legal use.. When repurposed by LockBit, these tools are then used for a range of malicious cyber activity, such as network reconnaissance, remote access and tunneling, credential dumping, and file exfiltration. Use of PowerShell and batch scripts are observed across most intrusions, which focus on system discovery, reconnaissance, password/credential hunting, and privilege escalation. Artifacts of professional penetration-testing tools such as Metasploit and Cobalt Strike have also been observed.

Table 4 shows a list of legitimate freeware and open-source tools LockBit affiliates have repurposed for ransomware operations. The legitimate freeware and open-source tools mentioned in this product are all publicly available and legal. The use of these tools by a threat actor should not be attributed to the freeware and open-source tools, absent specific articulable facts tending to show they are used at the direction or under the control of a threat actor.

Table 4: Freeware and Open-Source Tools Used by LockBit Affiliates

Tool	Intended Use	Repurposed Use by LockBit Affiliates	MITRE ATT&CK ID
7-zip	Compresses files into an archive.	Compresses data to avoid detection before exfiltration.	T1562 Impair Defenses
AdFind	Searches Active Directory (AD) and gathers information.	Gathers AD information used to exploit a victim’s network, escalate privileges, and facilitate lateral movement.	S0552 AdFind
Advanced Internet Protocol (IP) Scanner	Performs network scans and shows network devices.	Maps a victim’s network to identify potential access vectors.	T1046 Network Service Discovery
Advanced Port Scanner	Performs network scans.	Finds open Transmission Control Protocol (TCP) and User Data Protocol (UDP) ports for exploitation.	T1046 Network Service Discovery
AdvancedRun	Allows software to be run with different settings.	Enables escalation of privileges by changing settings before running software.	TA0004 Privilege Escalation
AnyDesk	Enables remote connections to network devices.	Enables remote control of victim’s network devices.	T1219 Remote Access Software
Atera Remote Monitoring & Management (RMM)	Enables remote connections to network devices.	Enables remote control of victim’s network devices.	T1219 Remote Access Software
Backstab	Terminates antimalware-protected processes.	Terminates endpoint detection and response (EDR)- protected processes.	T1562.001 Impair Defenses: Disable or Modify Tools
Bat Armor	Generates .bat files using PowerShell scripts.	Bypasses PowerShell execution policy.	T1562.001 Impair Defenses: Disable or Modify Tools
Bloodhound	Performs reconnaissance of AD for attack path management.	Enables identification of AD relationships that can be exploited to gain access onto a victim’s network.	T1482 Domain Trust Discovery
Chocolatey	Handles command-line package management on Microsoft Windows.	Facilitates installation of LockBit affiliate actors’ tools.	T1072 Software Deployment Tools
Defender Control	Disables Microsoft Defender.	Enables LockBit affiliate actors to bypass Microsoft Defender.	T1562.001 Impair Defenses: Disable or Modify Tools
ExtPassword	Recovers passwords from Windows systems.	Obtains credentials for network access and exploitation.	T1003 Operating System (OS) Credential Dumping
FileZilla	Performs cross-platform File Transfer Protocol (FTP) to a site, server, or host.	Enables data exfiltration over FTP to the LockBit affiliate actors’ site, server, or host.	T1071.002 Application Layer Protocol: File Transfer Protocols
FreeFileSync	Facilitates cloud-based file synchronization.	Facilitates cloud-based file synchronization for data exfiltration.	T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage
GMER	Removes rootkits.	Terminates and removes EDR software.	T1562.001 Impair Defenses: Disable or Modify Tools
Impacket	Collection of Python classes for working with network protocols.	Enables lateral movement on a victim’s network.	S0357 Impacket
LaZagne	Recovers system passwords across multiple platforms.	Collect credentials for accessing a victim’s systems and network.	S0349 LaZagne
Ligolo	Establishes SOCKS5 or TCP tunnels from a reverse connection for pen testing.	Enables connections to systems within the victim’s network via reverse tunneling.	T1095 Non-Application Layer Protocol
LostMyPassword	Recovers passwords from Windows systems.	Obtains credentials for network access and exploitation.	T1003 OS Credential Dumping
MEGA Ltd MegaSync	Facilitates cloud-based file synchronization.	Facilitates cloud-based file synchronization for data exfiltration.	T1567.002 Exfiltration Over Web Service: Exfiltration to Cloud Storage
Microsoft Sysinternals ProcDump	Monitors applications for central processing unit (CPU) spikes and generates crash dumps during a spike.	Obtains credentials by dumping the contents of Local Security Authority Subsystem Service (LSASS).	T1003.001 OS Credential Dumping: LSASS Memory
Microsoft Sysinternals PsExec	Executes a command-line process on a remote machine.	Enables LockBit affiliate actors to control victim’s systems.	S0029 PsExec
Mimikatz	Extracts credentials from a system.	Extracts credentials from a system for gaining network access and exploiting systems.	S0002 Mimikatz
Ngrok	Enables remote access to a local web server by tunnelling over the internet.	Enables victim network protections to be bypassed by tunnelling to a system over the internet.	S0508 Ngrok
PasswordFox	Recovers passwords from Firefox Browser.	Obtains credentials for network access and exploitation.	T1555.003 Credentials from Web Browsers
PCHunter	Enables advanced task management including system processes and kernels.	Terminates and circumvents EDR processes and services.	T1562.001 Impair Defenses: Disable or Modify Tools
PowerTool	Removes rootkits, as well as detecting, analyzing, and fixing kernel structure modifications.	Terminates and removes EDR software.	T1562.001 Impair Defenses: Disable or Modify Tools
Process Hacker	Removes rootkits.	Terminates and removes EDR software.	T1562.001 Impair Defenses: Disable or Modify Tools
PuTTY Link (Plink)	Automates Secure Shell (SSH) actions on Windows.	Enables LockBit affiliate actors to avoid detection.	T1572 Protocol Tunneling
Rclone	Manages cloud storage files using a command-line program.	Facilitates data exfiltration over cloud storage.	S1040 Rclone
Seatbelt	Performs numerous security-oriented checks.	Performs numerous security-oriented checks to enumerate system information.	T1082 System Information Discovery
ScreenConnect (also known as ConnectWise)	Enables remote connections to network devices for management.	Enables LockBit affiliate actors to remotely connect to a victim’s systems.	T1219 Remote Access Software
SoftPerfect Network Scanner	Performs network scans for systems management.	Enables LockBit affiliate actors to obtain information about a victim’s systems and network.	T1046 Network Service Discovery
Splashtop	Enables remote connections to network devices for management.	Enables LockBit affiliate actors to remotely connect to systems over Remote Desktop Protocol (RDP).	T1021.001 Remote Services: Remote Desktop Protocol
TDSSKiller	Removes rootkits.	Terminates and removes EDR software.	T1562.001 Impair Defenses: Disable or Modify Tools
TeamViewer	Enables remote connections to network devices for management.	Enables LockBit affiliate actors to remotely connect to a victim’s systems.	T1219 Remote Access Software
ThunderShell	Facilitates remote access via Hypertext Transfer Protocol (HTTP) requests.	Enables LockBit affiliate actors to remotely access systems while encrypting network traffic.	T1071.001 Application Layer Protocol: Web Protocols
WinSCP	Facilitates file transfer using SSH File Transfer Protocol for Microsoft Windows.	Enables data exfiltration via the SSH File Transfer Protocol.	T1048 Exfiltration Over Alternative Protocol

Common Vulnerabilities and Exposures (CVEs) Exploited

Based on secondary sources, it was noted that affiliates exploit older vulnerabilities like CVE-2021-22986, F5 iControl REST unauthenticated Remote Code Execution Vulnerability, as well as newer vulnerabilities such as:

CVE-2023-0669: Fortra GoAnyhwere Managed File Transfer (MFT) Remote Code Execution Vulnerability
CVE-2023-27350: PaperCut MF/NG Improper Access Control Vulnerability

LockBit affiliates have been documented exploiting numerous CVEs, including:

CVE-2021-44228: Apache Log4j2 Remote Code Execution Vulnerability,
CVE-2021-22986: F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability,
CVE-2020-1472: NetLogon Privilege Escalation Vulnerability,
CVE-2019-0708: Microsoft Remote Desktop Services Remote Code Execution Vulnerability, and
CVE-2018-13379: Fortinet FortiOS Secure Sockets Layer (SSL) Virtual Private Network (VPN) Path Traversal Vulnerability.

For further information on these CVEs , see CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

Post Detonation TTPs

When LockBit affiliates target an organization responsible for managing other organizations’ networks, CERT NZ has observed LockBit affiliates attempt secondary ransomware extortion after detonation of the LockBit variant on the primary target. Once the primary target is hit, LockBit affiliates then attempt to extort the companies that are customers of the primary target. This extortion is in the form of secondary ransomware that locks down services those customers consume. Additionally, the primary target’s customers may be extorted by LockBit affiliates threatening to release those customers’ sensitive information.

MITRE ATT&CK Tactics and Techniques

Tables 5-16 show the LockBit affiliate tactics and techniques referenced in this advisory.

Table 5: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Initial Access

Technique Title	ID	Use
Drive-by Compromise	T1189	LockBit affiliates gain access to a system through a user visiting a website over the normal course of browsing.
Exploit Public-Facing Application	T1190	LockBit affiliates may exploit vulnerabilities (e.g., Log4Shell) in internet-facing systems to gain access to victims’ systems.
External Remote Services	T1133	LockBit affiliates exploit RDP to gain access to victims’ networks.
Phishing	T1566	LockBit affiliates use phishing and spearphishing to gain access to victims’ networks.
Valid Accounts	T1078	LockBit affiliates obtain and abuse credentials of existing accounts as a means of gaining initial access.

Table 6: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Execution

Technique Title	ID	Use
Execution	TA0002	LockBit 3.0 launches commands during its execution.
Command and Scripting Interpreter: Windows Command Shell	T1059.003	LockBit affiliates use batch scripts to execute malicious commands.
Software Deployment Tools	T1072	LockBit affiliates may use Chocolatey, a command-line package manager for Windows.

Technique Title	ID	Use
System Services: Service Execution	T1569.002	LockBit 3.0 uses PsExec to execute commands or payloads.

Table 7: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Persistence

Technique Title	ID	Use
Boot or Logon Autostart Execution	T1547	LockBit affiliates enables automatic logon for persistence.
Valid Accounts	T1078	LockBit affiliates may use a compromised user account to maintain persistence on the target network.

Table 8: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Privilege Escalation

Technique Title	ID	Use
Privilege Escalation	TA0004	LockBit affiliates will attempt to escalate to the required privileges if current account privileges are insufficient.
Abuse Elevation Control Mechanism	T1548	LockBit affiliates may use ucmDccwCOM Method in UACMe, a GitHub collection of User Account Control (UAC) bypass techniques.
Boot or Logon Autostart Execution	T1547	LockBit affiliates enable automatic logon for privilege escalation.
Domain Policy Modification: Group Policy Modification	T1484.001	LockBit affiliates may create Group Policy for lateral movement and can force group policy updates.
Valid Accounts	T1078	LockBit affiliates may use a compromised user account to escalate privileges on a victim’s network.

Table 9: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Defense Evasion

Technique Title	ID	Use
Execution Guardrails: Environmental Keying	T1480.001	LockBit 3.0 will only decrypt the main component or continue to decrypt and/or decompress data if the correct password is entered.
Impair Defenses: Disable or Modify Tools	T1562.001	LockBit 3.0 affiliates use Backstab, Defender Control, GMER, PCHunter, PowerTool, Process Hacker or TDSSKiller to disable EDR processes and services. LockBit 3.0 affiliates use Bat Armor to bypass the PowerShell execution Policy. LockBit affiliates may deploy a batch script, 123.bat, to disable and uninstall antivirus software. Lockbit 3.0 may modify and/or disable security tools including EDR and antivirus to avoid possible detection of malware, tools, and activities.
Indicator Removal: Clear Windows Event Logs	T1070.001	LockBit executable clears the Windows Event Logs files.
Indicator Removal: File Deletion	T1070.004	LockBit 3.0 will delete itself from the disk.
Obfuscated Files or Information	T1027	LockBit 3.0 will send encrypted host and bot information to its command and control (C2) servers.
Obfuscated Files or Information: Software Packing	T1027.002	LockBit affiliates may perform software packing or virtual machine software protection to conceal their code. Blister Loader has been used for such purpose.

Table 10: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Credential Access

Technique Title	ID	Use
Brute Force	T1110	LockBit affiliates may leverage VPN or RDP brute force credentials as an initial access.
Credentials from Password Stores: Credentials from Web Browsers	T1555.003	LockBit 3.0 actors use PasswordFox to recover passwords from Firefox Browser.
OS Credential Dumping	T1003	LockBit 3.0 actors use ExtPassword or LostMyPassword to recover passwords from Windows systems.
OS Credential Dumping: LSASS Memory	T1003.001	LockBit affiliates may use Microsoft Sysinternals ProDump to dump the contents of lsass.exe. LockBit affiliates have used Mimikatz to dump credentials.

Table 11: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Discovery

Technique Title	ID	Use
Network Service Discovery	T1046	LockBit affiliates use SoftPerfect Network Scanner, Advanced IP Scanner, or Advanced Port Scanner to scan target networks. LockBit affiliates may use SoftPerfect Network Scanner, Advanced Port Scanner, and AdFind to enumerate connected machines in the network.
System Information Discovery	T1082	LockBit affiliates will enumerate system information to include hostname, host configuration, domain information, local drive configuration, remote shares, and mounted external storage devices.
System Location Discovery: System Language Discovery	T1614.001	LockBit 3.0 will not infect machines with language settings that match a defined exclusion list.

Table 12: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Lateral Movement

Technique Title	ID	Use
Lateral Movement	TA0008	LockBit affiliates will laterally move across networks and access domain controllers.
Remote Services: Remote Desktop Protocol	T1021.001	LockBit affiliates use Splashtop remote-desktop software to facilitate lateral movement.
Remote Services: Server Message Block (SMB)/Admin Windows Shares	T1021.002	LockBit affiliates may use Cobalt Strike and target SMB shares for lateral movement.

Table 13: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Collection

Technique Title	ID	Use
Archive Collected Data: Archive via Utility	T1560.001	LockBit affiliates may use 7-zip to compress and/or encrypt collected data prior to exfiltration.

Table 14: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Command and Control

Technique Title	ID	Use
Application Layer Protocol: File Transfer Protocols	T1071.002	LockBit affiliates may use FileZilla for C2.
Application Layer Protocol: Web Protocols	T1071.001	LockBit affiliates use ThunderShell as a remote access tool that communicates via HTTP requests.
Non-Application Layer Protocol	T1095	LockBit affiliates use Ligolo to establish SOCKS5 or TCP tunnels from a reverse connection.
Protocol Tunneling	T1572	LockBit affiliates use Plink to automate SSH actions on Windows.
Remote Access Software	T1219	LockBit 3.0 actors use AnyDesk, Atera RMM, ScreenConnect or TeamViewer for C2.

Table 15: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Exfiltration

Technique Title	ID	Use
Exfiltration	TA0010	LockBit affiliates use StealBit, a custom exfiltration tool first used with LockBit 2.0, to steal data from a target network.
Exfiltration Over Web Service	T1567	LockBit affiliates use publicly available file sharing services to exfiltrate a target’s data.
Exfiltration Over Web Service: Exfiltration to Cloud Storage	T1567.002	LockBit affiliates use (1) Rclone, an open-source command line cloud storage manager or FreeFileSync to exfiltrate and (2) MEGA, a publicly available file sharing service for data exfiltration.

Table 16: LockBit Affiliates’ ATT&CK Techniques for Enterprise – Impact

Technique Title	ID	Use
Data Destruction	T1485	LockBit 3.0 deletes log files and empties the recycle bin.
Data Encrypted for Impact	T1486	LockBit 3.0 encrypts data on target systems to interrupt availability to system and network resources. LockBit affiliates can encrypt Windows and Linux devices, as well as VMware instances.
Defacement: Internal Defacement	T1491.001	LockBit 3.0 changes the host system’s wallpaper and icons to the LockBit 3.0 wallpaper and icons, respectively.
Inhibit System Recovery	T1490	LockBit 3.0 deletes volume shadow copies residing on disk.
Service Stop	T1489	LockBit 3.0 terminates processes and services.

Mitigations

The authoring organizations recommend implementing the mitigations listed below to improve their cybersecurity posture to better defend against LockBit’s activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats, tactics, techniques, and procedures. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections.

The listed mitigations are ordered by MITRE ATT&CK tactic. Mitigations that apply to multiple MITRE ATT&CK tactics are listed under the tactic that occurs earliest in an incident’s lifecycle. For example, account use polices are mitigations for initial access, persistence, privilege escalation, and credential access but would be listed under initial access mitigations.

Initial Access

Consider implementing sandboxed browsers to protect systems from malware originating from web browsing. Sandboxed browsers isolate the host machine from malicious code.
Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to comply with NIST standards for developing and managing password policies [CPG 2.L].
- Enforce use of longer passwords consisting of at least 15 characters in length [CPG 2.B, 2.C].
- Store passwords in a salted and hashed format using industry-recognized password hashing algorithms.
- Prevent use of commonly used or known-compromised passwords [CPG 2.C].
- Implement multiple failed login attempt account lockouts [CPG 2.G].
- Disable password “hints.”
- Refrain from requiring password changes more frequently than once per year.
  Note: NIST guidance suggests favoring longer passwords instead of requiring regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher.
- Require administrator credentials to install software [CPG 2.Q].
Implement filters at the email gateway to filter out emails with known malicious indicators, such as known malicious subject lines, and block suspicious IP addresses at the firewall [CPG 2.M].
Install a web application firewall and configure with appropriate rules to protect enterprise assets.
Segment networks to prevent the spread of ransomware. Network segmentation can help prevent the spread of ransomware by controlling traffic flows between—and access to—various subnetworks and by restricting adversary lateral movement. Isolate web-facing applications to further minimize the spread of ransomware across a network [CPG 2.F].
Follow the least-privilege best practice by requiring administrators to use administrative accounts for managing systems and use simple user accounts for non-administrative tasks [CPG 2.E].
Enforce the management of and audit user accounts with administrative privileges. Configure access controls according to the principle of least privilege [CPG 2.E].
Implement time-based access for accounts set at the admin level and higher. For example, the Just-in-Time (JIT) access method provisions privileged access when needed and can support enforcement of the principle of least privilege (as well as the Zero Trust model). This is a process where a network-wide policy is set in place to automatically disable admin accounts at the Active Directory level when the account is not in direct need. Individual users may submit their requests through an automated process that grants them access to a specified system for a set timeframe when they need to support the completion of a certain task.
Keep all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Public-facing applications must be patched in a timely manner as vulnerabilities can often be exploited directly by the threat actor. By closely monitoring the threat landscape, threat actors often take advantage of vulnerabilities before systems are patched. Organizations should patch vulnerable software and hardware systems within 24 to 48 hours from when a vulnerability is disclosed. Prioritize patching known exploited vulnerabilities in internet-facing systems [CPG 1.E].
Restrict service accounts from remotely accessing other systems. Configure group policy to Deny log on locally, Deny log on through Terminal Services, and Deny access to this computer from the network for all service accounts to limit the ability for compromised service accounts to be used for lateral movement.
Block direct internet access for administration interfaces (e.g., application protocol interface (API)) and for remote access.
Require phishing-resistant multifactor authentication (MFA) for all services to the extent possible, particularly for webmail, virtual private networks, and privileged accounts that access critical systems [CPG 2.H].
Consolidate, monitor, and defend internet gateways.
Install, regularly update, and enable real-time detection for antivirus software on all hosts.
Raise awareness for phishing threats in your organization. Phishing is one of the primary infection vectors in ransomware campaigns, and all employees should receive practical training on the risks associated with the regular use of email. With the rise of sophisticated phishing methods, such as using stolen email communication or artificial intelligence (AI) systems such as ChatGPT, the distinction between legitimate and malicious emails becomes more complex. This particularly applies to employees from corporate divisions that have to deal with a high volume of external email communication (e.g., staff recruitment) [CPG 2.I, 2.J].
Consider adding an external email warning banner for emails sent to or received from outside of your organization [CPG 2.M].
Review internet-facing services and disable any services that are no longer a business requirement to be exposed or restrict access to only those users with an explicit requirement to access services, such as SSL, VPN, or RDP. If internet-facing services must be used, control access by only allowing access from an admin IP range [CPG 2.X].
Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts.
Regularly verify the security level of the Active Directory domain by checking for misconfigurations.

Execution

Develop and regularly update comprehensive network diagram(s) that describes systems and data flows within your organization’s network(s) [CPG 2.P].
Control and restrict network connections accordingly with a network flow matrix.
Enable enhanced PowerShell logging [CPG 2.T, 2.U].
- PowerShell logs contain valuable data, including historical OS, registry interaction, and possibility of a threat actor’s PowerShell use.
- Ensure PowerShell instances are configured to use the latest version, and have module, script block, and transcription logging enabled (enhanced logging).
- The two logs that record PowerShell activity are the PowerShell Windows Event Log and the PowerShell Operational Log. It is recommended to turn on these two Windows Event Logs with a retention period of at least 180 days. These logs should be checked on a regular basis to confirm whether the log data has been deleted or logging has been turned off. Set the storage size permitted for both logs to as large as reasonably practical.
Configure the Windows Registry to require UAC approval for any PsExec operations requiring administrator privileges to reduce the risk of lateral movement by PsExec.

Privilege Escalation

Disable command-line and scripting activities and permissions. Privilege escalation and lateral movement often depend on software utilities running from the command line. If threat actors are not able to run these tools, they will have difficulty escalating privileges and/or moving laterally [CPG 2.N].
Enable Credential Guard to protect your Windows system credentials. This is enabled by default on Windows 11 Enterprise 22H2 and Windows 11 Education 22H2. Credential Guard prevents credential dumping techniques of the Local Security Authority (LSA) secrets. Be aware that enabling this security control has some downsides. In particular, you can no longer use New Technology Local Area Network (LAN) Manager (NTLM) classic authentication single sign-on, Kerberos unconstrained delegation, as well as Data Encryption Standard (DES) encryption.
Implement Local Administrator Password Solution (LAPS) where possible if your OS is older than Windows Server 2019 and Windows 10 as these versions do not have LAPS built in. NOTE: The authoring organizations recommend organizations upgrade to Windows Server 2019 and Windows 10 or greater.

Defense Evasion

Apply local security policies to control application execution (e.g., Software Restriction Policies (SRP), AppLocker, Windows Defender Application Control (WDAC)) with a strict allowlist.
Establish an application allowlist of approved software applications and binaries that are allowed to be executed on a system. This measure prevents unwanted software to be run. Usually, application allowlist software can also be used to define blocklists so that the execution of certain programs can be blocked, for example cmd.exe or PowerShell.exe [CPG 2.Q].

Credential Access

Restrict NTLM uses with security policies and firewalling.

Discovery

Disable unused ports. Disable ports that are not being used for business purposes (e.g., RDP-TCP Port 3389). Close unused RDP ports.

Lateral Movement

Identify Active Directory control paths and eliminate the most critical among them according to the business needs and assets.
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network [CPG 1.E]. EDR tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host.

Command and Control

Implement a tiering model by creating trust zones dedicated to an organization’s most sensitive assets.
VPN access should not be considered as a trusted network zone. Organizations should instead consider moving to zero trust architectures.

Exfiltration

Block connections to known malicious systems by using a Transport Layer Security (TLS) Proxy. Malware often uses TLS to communicate with the infrastructure of the threat actor. By using feeds for known malicious systems, the establishment of a connection to a C2 server can be prevented.
Use web filtering or a Cloud Access Security Broker (CASB) to restrict or monitor access to public-file sharing services that may be used to exfiltrate data from a network.

Impact

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (e.g., hard drive, storage device, the cloud) [CPG 2.R].
Maintain offline backups of data, and regularly maintain backup and restoration (daily or weekly at the minimum). By instituting this practice, the organization ensures they will not be severely interrupted, and/or only have irretrievable data [CPG 2.R]. ACSC recommends organizations follow the 3-2-1 backup strategy in which organizations have three copies of data (one copy of production data and two backup copies) on two different media, such as disk and tape, with one copy kept off-site for disaster recovery.
Ensure all backup data is encrypted, immutable (i.e., cannot be altered or deleted), and covers the entire organization’s data infrastructure [CPG 2.K, 2.R].

Implement Mitigations for Defense-in-Depth

Implementing multiple mitigations within a defense-in-depth approach can help protect against ransomware, such as LockBit. CERT NZ explains How ransomware happens and how to stop it by applying mitigations, or critical controls, to provide a stronger defense to detect, prevent, and respond to ransomware before an organization’s data is encrypted. By understanding the most common attack vectors, organizations can identify gaps in network defenses and implement the mitigations noted in this advisory to harden organizations against ransomware attacks. In Figure 3, a ransomware attack is broken into three phases:

Initial Access where the cyber actor is looking for a way into a network.
Consolidation and Preparation when the actor is attempting to gain access to all devices.
Impact on Target where the actor is able to steal and encrypt data and then demand ransom.

Figure 3 shows the mitigations/critical controls, as various colored hexagons, working together to stop a ransomware attacker from accessing a network to steal and encrypt data. In the Initial Access phase, mitigations working together to deny an attacker network access include securing internet-exposed services, patching devices, implementing MFA, disabling macros, employing application allowlisting, and using logging and alerting. In the Consolidation and Preparation phase, mitigations working together to keep an attacker from accessing network devices are patching devices, using network segmentation, enforcing the principle of least privilege, implementing MFA, and using logging and alerting. Finally, in the Impact on Target phase, mitigations working together to deny or degrade an attacker’s ability to steal and/or encrypt data includes using logging and alerting, using and maintaining backups, and employing application allowlisting.

Critical Controls Key

Figure 3: Stopping Ransomware Using Layered Mitigations

Validate Security Controls

In addition to applying mitigations, the authoring organizations recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring organizations recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.

To get started:

Select an ATT&CK technique described in this advisory (see Tables 5-16).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

The authoring organizations recommend continually testing your security program, at scale, in a production environment to ensure optimal performance against the MITRE ATT&CK techniques identified in this advisory.

Resources

ACSC:
- See 2023-03: ACSC Ransomware Profile – LockBit 3.0 for additional information.
CISA:
- Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
- Information on no-cost cyber hygiene services is available at Cyber Hygiene Services and Ransomware Readiness Assessment.
CISA, NSA, FBI, and MS-ISAC:
- See the #StopRansomware Guide developed through the Joint Ransomware Task Force (JRTF) to provide a one-stop resource to help organizations reduce the risk of ransomware incidents through best practices to detect, prevent, respond, and recover, including step-by-step approaches to address potential attacks.
FBI and CISA:
- See Alert AA23-075A – #StopRansomware: LockBit 3.0 for information on IOCs and TTPs identified through FBI investigations as recently as March 2023.
MS-ISAC:
- See the Center for Internet Security (CIS) Critical Security Controls (CIS Controls) https://www.cisecurity.org/insights/white-papers/cis-community-defense-model-2-0for information on strengthening an organization’s cybersecurity posture through implementing a prescriptive, prioritized, and simplified set of best.
- See the CIS Community Defense Model 2.0 (CDM 2.0) for the effectiveness of the CIS Controls against the most prevalent types of attacks and how CDM 2.0 can be used to design, prioritize, implement, and improve an organization’s cybersecurity program.
- See Blueprint for Ransomware Defense for a clear, actionable framework for ransomware mitigation, response, and recovery built around the CIS Controls.
NCSC-UK
- See guidance on Mitigating malware and ransomware attacks for information on defending organizations against malware or ransomware attacks.
BSI:
- See BSI’s Ransomware – Facts and Defense Strategies for a comprehensive collection of resources on ransomware prevention, detection, and reaction. Note: These resources are in German.
CCCS:
- See CCCS’s Ransomware playbook (ITSM.00.099) for information on ransomware prevention and response.
- See CCCS’s Top 10 IT security actions based on analysis of cyber threat trends to help minimize intrusions or the impacts of a successful cyber intrusion.
CERT NZ:
- See CERT NZ’s Security awareness building and Creating an effective security awareness program to assist organization’s in providing adequate security awareness and training to personnel while creating a positive security culture.
- Businesses can find information on developing an incident response plan, creating a contact list, and communicating ransomware incidents at CERT NZ’s Creating an incident response plan.
NCSC NZ:
- For guidance on ransomware for public service agencies, see NCSC NZ’s Ransomware: Your organization should be both protected and prepared.

Reporting

The authoring organizations do not encourage paying ransom, as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the authoring organizations urge you to promptly report ransomware incidents to your country’s respective authorities.

Australia: Australian organizations that have been impacted or require assistance in regard to a ransomware incident can contact ACSC via 1300 CYBER1 (1300 292 371), or by submitting a report to cyber.gov.au.
Canada: Canadian victims of ransomware are encouraged to consider reporting cyber incidents to law enforcement (e.g., local police or the Canadian Anti-Fraud Centre) as well as to the Canadian Centre for Cyber Security online via My Cyber Portal.
France:
- Individuals and small organizations can seek assistance with Cybermalveillance – https://www.cybermalveillance.gouv.fr/.
- Larger organizations, as well as public and regulated entities, can request assistance from CERT-FR via cert-fr@ssi.gouv.fr.
Germany: German victims of ransomware are encouraged to consider reporting cyber incidents to law enforcement (e.g., local police or the Central Contact Point for Cybercrime as well as to the Federal Office for Information Security (BSI) via the Reporting and Information Portal.
New Zealand: New Zealand organizations and businesses can report security incidents to the NCSC at incidents@ncsc.govt.nz or call 04 498 7654, or to CERT NZ through https://www.cert.govt/nz/it-specialists/report-an-incident/ or to ir@ops.cert.govt.nz.
United States:
- Report ransomware incidents to a local FBI Field Office or CISA’s 24/7 Operations Center at Report@cisa.dhs.gov, cisa.gov/report, or (888) 282-0870. When available, please include the information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
- For SLTTs, email soc@msisac.org or call (866) 787-4722.
United Kingdom: UK organizations should report any suspected compromises to NCSC.

Disclaimer

The information in this report is being provided “as is” for informational purposes only. The authoring organizations do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by the authoring organizations.

References

[1] LockBit, BlackCat, and Royal Dominate the Ransomware Scene

[2] Ransomware Diaries: Volume 1

[3] What is LockBit ransomware and how does it operate?

[4] Ransomware Spotlight: LockBit

[5] Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant

[6] A first look at the builder for LockBit 3.0 Black

[7] LockBit ransomware gang releases LockBit Green version

[8] LockBit Ransomware Now Targeting Apple macOS Devices

[9] Apple’s Macs Have Long Escaped Ransomware. That May be Changing

[10] Intelligence agency says ransomware group with Russian ties poses ‘an enduring threat’ to Canada

alerts

CISA and Partners Release Joint Advisory on Understanding Ransomware Threat Actors: LockBit

Post author By admin
Post date June 14, 2023

Today, CISA, the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and international partners released Understanding Ransomware Threat Actors: LockBit, a joint Cybersecurity Advisory (CSA) to help organizations understand and defend against threat actors using LockBit, the most globally used and prolific Ransomware-as-a-Service (RaaS) in 2022 and 2023. This guide is a comprehensive resource detailing the observed common vulnerabilities and exposures (CVEs) exploited, as well as the tools, and tactics, techniques, and procedures (TTPs) used by LockBit affiliates. Additionally, it includes recommended mitigations to help reduce the likelihood and impact of future ransomware incidents.

In 2022, LockBit was the most deployed ransomware variant across the world and continues to be prolific in 2023. The LockBit Ransomware-as-a-Service (RaaS) attracts affiliates to use LockBit for conducting ransomware attacks, resulting in a large web of unconnected threat actors conducting wildly varying attacks. Affiliates have attacked organizations of various sizes across an array of critical infrastructure sectors including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation. LockBit has been successful through its innovation and continual development of the group’s administrative panel (i.e., a simplified, point-and-click interface making ransomware deployment accessible to those with lower degrees of technical skill), affiliate supporting functions, and constant revision of TTPs.

CISA and the authoring agencies of this joint CSA encourage the implementation of recommendations provided to proactively improve their organization’s defenses against this global ransomware operation, and to reduce the likelihood and impact of future ransomware incidents.

alerts

CISA Issues BOD 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces

Post author By admin
Post date June 13, 2023

Today, CISA issued Binding Operational Directive (BOD) 23-02: Mitigating the Risk from Internet-Exposed Management Interfaces, requiring Federal Civilian Executive Branch (FCEB) agencies to reduce risks posed by internet-exposed networked management interfaces on federal information systems. This directive applies to dedicated device interfaces that are accessible over network protocols and are meant exclusively for authorized users to perform administrative activities on a device, a group of devices, or the network itself.

Agencies must be prepared to remove identified networked management interfaces from exposure to the internet, or protect them with Zero-Trust capabilities that implement a policy enforcement point separate from the interface itself. CISA will monitor and support agency adherence, providing additional resources as needed. FCEB agencies should contact CISA at cyberdirectives@cisa.dhs.gov for additional information.

While BOD 23-02 strictly applies to FCEB agencies, this threat extends to every sector. CISA recommends all stakeholders review and adopt this guidance.

alerts

Fortinet Releases Security Updates for FortiOS and FortiProxy

Post author By admin
Post date June 12, 2023

Fortinet has released security updates to address a heap-based buffer overflow vulnerability CVE-2023-27997 in FortiOS and FortiProxy. An attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review Fortinet security advisory FG-IR-23-097 and apply the necessary updates.

alerts

CISA and FBI Release #StopRansomware: CL0P Ransomware Gang Exploits MOVEit Vulnerability

Post author By admin
Post date June 7, 2023

CISA and FBI released a joint Cybersecurity Advisory (CSA) [CL0P Ransomware Gang Exploits MOVEit Vulnerability] in response to a recent vulnerability exploitation attributed to CL0P Ransomware Gang. This [joint guide] provides indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) identified through FBI investigations as recently as May this year. Additionally, it provides immediate actions to help reduce the impact of CL0P ransomware.

The CL0P Ransomware Gang, also known as TA505, reportedly began exploiting a previously unknown SQL injection vulnerability in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet- facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

CISA and FBI encourage information technology (IT) network defenders to review the MOVEit Transfer Advisory and implement the recommended mitigations to reduce the risk of compromise. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

alerts

#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability

Post author By admin
Post date June 7, 2023

SUMMARY

Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources.

Actions to take today to mitigate cyber threats from CL0P ransomware:

Take an inventory of assets and data, identifying authorized and unauthorized devices and software.
Grant admin privileges and access only when necessary, establishing a software allow list that only executes legitimate applications.
Monitor network ports, protocols, and services, activating security configurations on network infrastructure devices such as firewalls and routers.
Regularly patch and update software and applications to their latest versions, and conduct regular vulnerability assessments.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023.

According to open source information, beginning on May 27, 2023, CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software’s managed file transfer (MFT) solution known as MOVEit Transfer. Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases. In similar spates of activity, TA505 conducted zero-day-exploit-driven campaigns against Accellion File Transfer Appliance (FTA) devices in 2020 and 2021, and Fortra/Linoma GoAnywhere MFT servers in early 2023.

FBI and CISA encourage organizations to implement the recommendations in the Mitigations section of this CSA to reduce the likelihood and impact of CL0P ransomware and other ransomware incidents.

Download the PDF version of this report:

AA23-158A #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
(PDF, 651.42 KB
)

TECHNICAL DETAILS

Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 13. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques.

Appearing in February 2019, and evolving from the CryptoMix ransomware variant, CL0P was leveraged as a Ransomware as a Service (RaaS) in large-scale spear-phishing campaigns that used a verified and digitally signed binary to bypass system defenses. CL0P was previously known for its use of the “double extortion” tactic of stealing and encrypting victim data, refusing to restore victim access and publishing exfiltrated data on Tor via the CL0P^_-LEAKS website. In 2019, TA505 actors leveraged CL0P ransomware as the final payload of a phishing campaign involving a macro-enabled document that used a Get2 malware dropper for downloading SDBot and FlawedGrace. In recent campaigns beginning 2021, CL0P preferred to rely mostly on data exfiltration over encryption.

Beyond CL0P ransomware, TA505 is known for frequently changing malware and driving global trends in criminal malware distribution. Considered to be one of the largest phishing and malspam distributors worldwide, TA505 is estimated to have compromised more than 3,000 U.S.-based organizations and 8,000 global organizations.

TA505 has operated:

A RaaS and has acted as an affiliate of other RaaS operations,
As an initial access broker (IAB), selling access to compromised corporate networks,
As a customer of other IABs,
And as a large botnet operator specializing in financial fraud and phishing attacks.

In a campaign from 2020 to 2021, TA505 used several zero-day exploits to install a web shell named DEWMODE on internet-facing Accellion FTA servers. Similarly, the recent exploitation of MOVEit Transfer, a SQL injection vulnerability was used to install the web shell, which enabled TA505 to execute operating system commands on the infected server and steal data.

In late January 2023, the CL0P ransomware group launched a campaign using a zero-day vulnerability, now catalogued as CVE-2023-0669, to target the GoAnywhere MFT platform. The group claimed to have exfiltrated data from the GoAnywhere MFT platform that impacted approximately 130 victims over the course of 10 days. Lateral movement into the victim networks from the GoAnywhere MFT was not identified, suggesting the breach was limited to the GoAnywhere platform itself. Over the next several weeks, as the exfiltrated data was parsed by the group, ransom notes were sent to upper-level executives of the victim companies, likely identified through open source research. The ransom notes threatened to publish the stolen files on the CL0P data leak site if victims did not pay the ransom amount.

*Figure 1: CL0P Ransom Note*
Hello, this is the CL0P hacker group. As you may know, we recently carried out a hack, which was reported in the news on site [redacted]. We want to inform you that we have stolen important information from your GoAnywhere MFT resource and have attached a full list of files as evidence. We deliberately did not disclose your organization and wanted to negotiate with you and your leadership first. If you ignore us, we will sell your information on the black market and publish it on our blog, which receives 30-50 thousand unique visitors per day. You can read about us on [redacted] by searching for CLOP hacker group. You can contact us using the following contact information: unlock@rsv-box[.]com and unlock@support-mult[.]com

CL0P’s toolkit contains several malware types to collect information, including the following:

FlawedAmmyy/FlawedGrace remote access trojan (RAT) collects information and attempts to communicate with the Command and Control (C2) server to enable the download of additional malware components [T1071], [T1105].
SDBot RAT propagates the infection, exploiting vulnerabilities and dropping copies of itself in removable drives and network shares [T1105]. It is also capable of propagating when shared though peer-to-peer (P2P) networks. SDBot is used as a backdoor [T1059.001] to enable other commands and functions to be executed in the compromised computer. This malware uses application shimming for persistence and to avoid detection [T1546.011].
Truebot is a first-stage downloader module that can collect system information and take screenshots [T1113], developed and attributed to the Silence hacking group. After connecting to the C2 infrastructure, Truebot can be instructed to load shell code [T1055] or DLLs [T1574.002], download additional modules [T1129], run them, or delete itself [T1070]. In the case of TA505, Truebot has been used to download FlawedGrace or Cobalt Strike beacons.
Cobalt Strike is used to expand network access after gaining access to the Active Directory (AD) server [T1018].
DEWMODE is a web shell written in PHP designed to target Accellion FTA devices and interact with the underlying MySQL database and is used to steal data from the compromised device [1505.003].
LEMURLOOT is a web shell written in C# designed to target the MOVEit Transfer platform. The web shell authenticates incoming http requests via a hard-coded password and can run commands that will download files from the MOVEit Transfer system, extract its Azure system settings, retrieve detailed record information, and create, insert, or delete a particular user. When responding to the request, the web shell returns data in a gzip compressed format.

CVE-2023-34362 MOVEIT TRANSFER VULNERABILITY

MOVEit is typically used to manage an organization’s file transfer operations and has a web application that supports MySQL, Microsoft SQL Server, and Azure SQL database engines. In May 2023, the CL0P ransomware group exploited a SQL injection zero-day vulnerability CVE-2023-34362 to install a web shell named LEMURLOOT on MOVEit Transfer web applications [T1190] [1]. The web shell was initially observed with the name human2.aspx in an effort to masquerade as the legitimate human.aspx file present as part of MOVEit Transfer software. Upon installation, the web shell creates a random 36 character password to be used for authentication. The web shell interacts with its operators by awaiting HTTP requests containing a header field named X-siLock-Comment, which must have a value assigned equal to the password established upon the installation of the web shell. After authenticating with the web shell, operators pass commands to the web shell that can:

Retrieve Microsoft Azure system settings and enumerate the underlying SQL database.
Store a string sent by the operator and then retrieve a file with a name matching the string from the MOVEit Transfer system.
Create a new administrator privileged account with a randomly generated username and LoginName and RealName values set to “Health Check Service.”
Delete an account with LoginName and RealName values set to ‘Health Check Service.’

Progress Software announced the discovery of CVE-2023-34362 MOVEit Transfer vulnerability and issued guidance on known affected versions, software upgrades, and patching. Based on evidence of active exploitation, CISA added this vulnerability to the Known Exploited Vulnerabilities (KEVs) Catalog on June 2, 2023. This MOVEit Transfer critical vulnerability exploit impacts the following versions of the software [2]:

MOVEit Transfer 2023.0.0
MOVEit Transfer 2022.1.x
MOVEit Transfer 2022.0.x
MOVEit Transfer 2021.1.x
MOVEit Transfer 2021.0.x
MOVEit Transfer 2020.1.x
MOVEit Transfer 2020.0.x

Due to the speed and ease TA505 has exploited this vulnerability, and based on their past campaigns, FBI and CISA expect to see widespread exploitation of unpatched software services in both private and public networks. For IOCs related to the MOVEit campaign, see table 2.

DETECTION METHODS

Below, are open source deployable YARA rules that may be used to detect malicious activity of the MOVEit Transfer Zero Day Vulnerability. For more information, visit GitHub or the resource section of this CSA. [1] [3]:

If a victim rebuilds the web server but leaves the database intact, the CL0P user accounts will still exist and can be used for persistent access to the system.

Victims can use the following SQL query to audit for active administrative accounts, and should validate that only intended accounts are present.

SELECT * FROM [<database name>].[dbo].[users] WHERE Permission=30 AND Status='active' and Deleted='0'

rule MOVEit_Transfer_exploit_webshell_aspx {

meta:

date = “2023-06-01”

description = “Detects indicators of compromise in MOVEit Transfer exploitation.”

author = “Ahmet Payaslioglu – Binalyze DFIR Lab”

hash1 = “44d8e68c7c4e04ed3adacb5a88450552”

hash2 = “a85299f78ab5dd05e7f0f11ecea165ea”

reference1 = “https://www.reddit.com/r/msp/comments/13xjs1y/tracking_emerging_moveit_transfer_critical/”

reference2 = “https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/”

reference3 = “https://gist.github.com/JohnHammond/44ce8556f798b7f6a7574148b679c643”

verdict = “dangerous”

mitre = “T1505.003”

platform = “windows”

search_context = “filesystem”

strings:

$a1 = “MOVEit.DMZ”

$a2 = “Request.Headers[“X-siLock-Comment”]”

$a3 = “Delete FROM users WHERE RealName=’Health Check Service'”

$a4 = “set[“Username”]”

$a5 = “INSERT INTO users (Username, LoginName, InstID, Permission, RealName”

$a6 = “Encryption.OpenFileForDecryption(dataFilePath, siGlobs.FileSystemFactory.Create()”

$a7 = “Response.StatusCode = 404;”

condition:

filesize < 10KB

and all of them

}

rule MOVEit_Transfer_exploit_webshell_dll {

meta:

date = “2023-06-01”

description = “Detects indicators of compromise in MOVEit Transfer exploitation.”

author = “Djordje Lukic – Binalyze DFIR Lab”

hash1 = “7d7349e51a9bdcdd8b5daeeefe6772b5”

hash2 = “2387be2afe2250c20d4e7a8c185be8d9”

reference1 = “https://www.reddit.com/r/msp/comments/13xjs1y/tracking_emerging_moveit_transfer_critical/”

reference2 = “https://www.bleepingcomputer.com/news/security/new-moveit-transfer-zero-day-mass-exploited-in-data-theft-attacks/”

reference3 = “https://gist.github.com/JohnHammond/44ce8556f798b7f6a7574148b679c643”

verdict = “dangerous”

mitre = “T1505.003”

platform = “windows”

search_context = “filesystem”

strings:

$a1 = “human2.aspx” wide

$a2 = “Delete FROM users WHERE RealName=’Health Check Service'” wide

$a3 = “X-siLock-Comment” wide

condition:

uint16(0) == 0x5A4D and filesize < 20KB

and all of them

}

MOVEit Campaign Indicators of Compromise

Files

Hash

LEMURLOOT

Web Shell

e.g. human2.aspx

0b3220b11698b1436d1d866ac07cc90018e59884e91a8cb71ef8924309f1e0e9

0ea05169d111415903a1098110c34cdbbd390c23016cd4e179dd9ef507104495

110e301d3b5019177728010202c8096824829c0b11bb0dc0bff55547ead18286

1826268249e1ea58275328102a5a8d158d36b4fd312009e4a2526f0bfbc30de2

2413b5d0750c23b07999ec33a5b4930be224b661aaf290a0118db803f31acbc5

2ccf7e42afd3f6bf845865c74b2e01e2046e541bb633d037b05bd1cdb296fa59

348e435196dd795e1ec31169bd111c7ec964e5a6ab525a562b17f10de0ab031d

387cee566aedbafa8c114ed1c6b98d8b9b65e9f178cf2f6ae2f5ac441082747a

38e69f4a6d2e81f28ed2dc6df0daf31e73ea365bd2cfc90ebc31441404cca264

3a977446ed70b02864ef8cfa3135d8b134c93ef868a4cc0aa5d3c2a74545725b

3ab73ea9aebf271e5f3ed701286701d0be688bf7ad4fb276cb4fbe35c8af8409

3c0dbda8a5500367c22ca224919bfc87d725d890756222c8066933286f26494c

4359aead416b1b2df8ad9e53c497806403a2253b7e13c03317fc08ad3b0b95bf

48367d94ccb4411f15d7ef9c455c92125f3ad812f2363c4d2e949ce1b615429a

58ccfb603cdc4d305fddd52b84ad3f58ff554f1af4d7ef164007cb8438976166

5b566de1aa4b2f79f579cdac6283b33e98fdc8c1cfa6211a787f8156848d67ff

6015fed13c5510bbb89b0a5302c8b95a5b811982ff6de9930725c4630ec4011d

702421bcee1785d93271d311f0203da34cc936317e299575b06503945a6ea1e0

769f77aace5eed4717c7d3142989b53bd5bac9297a6e11b2c588c3989b397e6b

7c39499dd3b0b283b242f7b7996205a9b3cf8bd5c943ef6766992204d46ec5f1

93137272f3654d56b9ce63bec2e40dd816c82fb6bad9985bed477f17999a47db

98a30c7251cf622bd4abce92ab527c3f233b817a57519c2dd2bf8e3d3ccb7db8

9d1723777de67bc7e11678db800d2a32de3bcd6c40a629cd165e3f7bbace8ead

9e89d9f045664996067a05610ea2b0ad4f7f502f73d84321fb07861348fdc24a

a1269294254e958e0e58fc0fe887ebbc4201d5c266557f09c3f37542bd6d53d7

a8f6c1ccba662a908ef7b0cb3cc59c2d1c9e2cbbe1866937da81c4c616e68986

b1c299a9fe6076f370178de7b808f36135df16c4e438ef6453a39565ff2ec272

b5ef11d04604c9145e4fe1bedaeb52f2c2345703d52115a5bf11ea56d7fb6b03

b9a0baf82feb08e42fa6ca53e9ec379e79fbe8362a7dac6150eb39c2d33d94ad

bdd4fa8e97e5e6eaaac8d6178f1cf4c324b9c59fc276fd6b368e811b327ccf8b

c56bcb513248885673645ff1df44d3661a75cfacdce485535da898aa9ba320d4

c77438e8657518221613fbce451c664a75f05beea2184a3ae67f30ea71d34f37

cec425b3383890b63f5022054c396f6d510fae436041add935cd6ce42033f621

cf23ea0d63b4c4c348865cefd70c35727ea8c82ba86d56635e488d816e60ea45

d477ec94e522b8d741f46b2c00291da05c72d21c359244ccb1c211c12b635899

d49cf23d83b2743c573ba383bf6f3c28da41ac5f745cde41ef8cd1344528c195

daaa102d82550f97642887514093c98ccd51735e025995c2cc14718330a856f4

e8012a15b6f6b404a33f293205b602ece486d01337b8b3ec331cd99ccadb562e

ea433739fb708f5d25c937925e499c8d2228bf245653ee89a6f3d26a5fd00b7a

ed0c3e75b7ac2587a5892ca951707b4e0dd9c8b18aaf8590c24720d73aa6b90c

f0d85b65b9f6942c75271209138ab24a73da29a06bc6cc4faeddcb825058c09d

fe5f8388ccea7c548d587d1e2843921c038a9f4ddad3cb03f3aa8a45c29c6a2f

GoAnywhere Campaign Indicators of Compromise

Files	Hash	Description
larabqFa.exe Qboxdv.dll	0e3a14638456f4451fe8d76fdc04e591fba942c2f16da31857ca66293a58a4c3	Truebot
%TMP%7ZipSfx.000Zoom.exe	1285aa7e6ee729be808c46c069e30a9ee9ce34287151076ba81a0bea0508ff7e	Spawns a PowerShell subprocess which executes a malicious DLL file
%TMP%7ZipSfx.000ANetDiag.dll	2c8d58f439c708c28ac4ad4a0e9f93046cf076fc6e5ab1088e8943c0909acbc4	Obfuscated malware which also uses long sleeps and debug detection to evade analysis
AVICaptures.dll	a8569c78af187d603eecdc5faec860458919349eef51091893b705f466340ecd	Truebot
kpdphhajHbFerUr.exe gamft.dll	c042ad2947caf4449295a51f9d640d722b5a6ec6957523ebf68cddb87ef3545c	Truebot
dnSjujahur.exe Pxaz.dll	c9b874d54c18e895face055eeb6faa2da7965a336d70303d0bd6047bec27a29d	Truebot
7ZSfxMod_x86.exe ZoomInstaller.exe Zoom.exe	d5bbcaa0c3eeea17f12a5cc3dbcaffff423d00562acb694561841bcfe984a3b7	Fake Zoom installer – Truebot
update.jsp	eb9f5cbe71f9658d38fb4a7aa101ad40534c4c93ee73ef5f6886d89159b0e2c2	Java Server Pages (JSP) web shell with some base64 obfuscation
%TMP%<folder>extracted_at_0xe5c8f00.exe	f2f08e4f108aaffaadc3d11bad24abdd625a77e0ee9674c4541b562c78415765	Employs sandbox detection and string obfuscation – appears to be a collection of C# hack tools
UhfdkUSwkFKedUUi.exe gamft.dll	ff8c8c8bfba5f2ba2f8003255949678df209dbff95e16f2f3c338cfa0fd1b885	Truebot

Email Address	Description
unlock@rsv-box[.]com	CL0P communication email
unlock@support-multi[.]com	CL0P communication email
rey14000707@gmail[.]com	Login/Download
gagnondani225@gmail[.]com	Email

Malicious Domain
http://hiperfdhaus[.]com
http://jirostrogud[.]com
http://qweastradoc[.]com
http://qweastradoc[.]com/gate.php
http://connectzoomdownload[.]com/download/ZoomInstaller.exe
https://connectzoomdownload[.]com/download/ZoomInstaller.exe
http://zoom[.]voyage/download/Zoom.exe
http://guerdofest[.]com/gate.php

Certificate Name	Status	Date Valid	Thumbprint	Serial Number
Savas Investments PTY LTD	Valid Issuer: Sectigo Public Code Signing CA R36	10/7/2022 – 10/7/2023	8DCCF6AD21A58226521 E36D7E5DBAD133331C181	00-82-D2-24-32-3E-FA-65-06-0B-64- 1F-51-FA-DF-EF-02

Certificate Name

Status

Date Valid

Thumbprint

Serial Number

Savas Investments PTY LTD

Valid Issuer: Sectigo Public Code Signing CA R36

10/7/2022 – 10/7/2023

8DCCF6AD21A58226521

E36D7E5DBAD133331C181

00-82-D2-24-32-3E-FA-65-06-0B-64- 1F-51-FA-DF-EF-02

MOVEit Campaign Infrastructure IP Addresses May/June 2023	GoAnywhere Campaign Infrastructure IP Addresses January/February 2023
104.194.222[.]107	100.21.161[.]34
138.197.152[.]201	104.200.72[.]149
146.0.77[.]141	107.181.161[.]207
146.0.77[.]155	141.101.68[.]154
146.0.77[.]183	141.101.68[.]166
148.113.152[.]144	142.44.212[.]178
162.244.34[.]26	143.31.133[.]99
162.244.35[.]6	148.113.159[.]146
179.60.150[.]143	148.113.159[.]213
185.104.194[.]156	15.235.13[.]184
185.104.194[.]24	15.235.83[.]73
185.104.194[.]40	162.158.129[.]79
185.117.88[.]17	166.70.47[.]90
185.162.128[.]75	172.71.134[.]76
185.174.100[.]215	173.254.236[.]131
185.174.100[.]250	185.104.194[.]134
185.181.229[.]240	185.117.88[.]2
185.181.229[.]73	185.174.100[.]17
185.183.32[.]122	185.33.86[.]225
185.185.50[.]172	185.33.87[.]126
188.241.58[.]244	185.80.52[.]230
193.169.245[.]79	185.81.113[.]156
194.33.40[.]103	192.42.116[.]191
194.33.40[.]104	195.38.8[.]241
194.33.40[.1]64	198.137.247[.]10
198.12.76[.]214	198.199.74[.]207
198.27.75[.]110	198.199.74[.]207:1234/update.jsp
206.221.182[.]106	198.245.13[.]4
209.127.116[.]122	20.47.120[.]195
209.127.4[.]22	208.115.199[.]25
209.222.103[.]170	209.222.98[.]25
209.97.137[.]33	213.121.182[.]84
45.227.253[.]133	216.144.248[.]20
45.227.253[.]147	23.237.114[.]154
45.227.253[.]50	23.237.56[.]234
45.227.253[.]6	3.101.53[.]11
45.227.253[.]82	44.206.3[.]111
45.56.165[.]248	45.182.189[.]200
5.149.248[.]68	45.182.189[.]228
5.149.250[.]74	45.182.189[.]229
5.149.250[.]92	5.149.250[.]90
5.188.86[.]114	5.149.252[.]51
5.188.86[.]250	5.188.206[.]76
5.188.87[.]194	5.188.206.76[:]8000/se1.dll
5.188.87[.]226	5.34.178[.]27
5.188.87[.]27	5.34.178[.]28
5.252.23[.]116	5.34.178[.]30
5.252.25[.]88	5.34.178[.]31
5.34.180[.]205	5.34.180[.]48
62.112.11[.]57	50.7.118[.]90
62.182.82[.]19	54.184.187[.]134
62.182.85[.]234	54.39.133[.]41
66.85.26[.]215	63.143.42[.]242
66.85.26[.]234	68.156.159[.]10
66.85.26[.]248	74.218.67[.]242
79.141.160[.]78	76.117.196[.]3
79.141.160[.]83	79.141.160[.]78
84.234.96[.]104	79.141.161[.]82
84.234.96[.]31	79.141.173[.]94
89.39.104[.]118	81.56.49[.]148
89.39.105[.]108	82.117.252[.]141
91.202.4[.]76	82.117.252[.]142
91.222.174[.]95	82.117.252[.]97
91.229.76[.]187	88.214.27[.]100
93.190.142[.]131	88.214.27[.]101
	91.222.174[.]68
	91.223.227[.]140
	92.118.36[.]210
	92.118.36[.]213
	92.118.36[.]249
	96.10.22[.]178
	96.44.181[.]131
	5.252.23[.]116
	5.252.25[.]88
	84.234.96[.]104
	89.39.105[.]108
	138.197.152[.]201
	148.113.152[.]144
	198.12.76[.]214
	209.97.137[.]33
	209.222.103[.]170

MITRE ATT&CK TECHNIQUES

See tables below for referenced CL0P tactics and techniques used in this advisory.

*Table 1. ATT&CK Techniques for Enterprise: Initial Access*
Initial Access
Technique Title	ID	Use
Exploit Public-Facing Application	T1190	CL0P ransomware group exploited the zero-day vulnerability CVE-2023-34362 affecting MOVEit Transfer software; begins with a SQL injection to infiltrate the MOVEit Transfer web application.
Phishing	T1566	CL0P actors send a large volume of spear-phishing emails to employees of an organization to gain initial access.

*Table 2. ATT&CK Techniques for Enterprise: Execution*
Execution
Technique Title	ID	Use
Command and Scripting Interpreter: PowerShell	T1059.001	CL0P actors use SDBot as a backdoor to enable other commands and functions to be executed in the compromised computer.
Command and Scripting Interpreter	T1059.003	CL0P actors use TinyMet, a small open-source Meterpreter stager to establish a reverse shell to their C2 server.
Shared Modules	T1129	CL0P actors use Truebot to download additional modules.

*Table 3. ATT&CK Techniques for Enterprise: Persistence*
Persistence
Technique Title	ID	Use
Server Software Component: Web Shell	T1505.003	DEWMODE is a web shell designed to interact with a MySQL database, and is used to exfiltrate data from the compromised network.
Event Triggered Execution: Application Shimming	T1546.011	CL0P actors use SDBot malware for application shimming for persistence and to avoid detection.

*Table 4. ATT&CK Techniques for Enterprise: Privilege Escalation*
Privilege Escalation
Technique Title	ID	Use
Exploitation for Privilege Escalation	T1068	CL0P actors were gaining access to MOVEit Transfer databases prior to escalating privileges within compromised network.

*Table 5. ATT&CK Techniques for Enterprise: Defense Evasion*
Defense Evasion
Technique Title	ID	Use
Process Injection	T1055	CL0P actors use Truebot to load shell code.
Indicator Removal	T1070	CL0P actors delete traces of Truebot malware after it is used.
Hijack Execution Flow: DLL Side-Loading	T1574.002	CL0P actors use Truebot to side load DLLs.

*Table 6. ATT&CK Techniques for Enterprise: Discovery*
Discovery
Technique Title	ID	Use
Remote System Discovery	T1018	CL0P actors use Cobalt Strike to expand network access after gaining access to the Active Directory (AD) servers.

*Table 7. ATT&CK Techniques for Enterprise: Lateral Movement*
Lateral Movement
Technique Title	ID	Use
Remote Services: SMB/Windows Admin Shares	T1021.002	CL0P actors have been observed attempting to compromise the AD server using Server Message Block (SMB) vulnerabilities with follow-on Cobalt Strike activity.
Remote Service Session Hijacking: RDP Hijacking	T1563.002	CL0P ransomware actors have been observed using Remote Desktop Protocol (RDP) to interact with compromised systems after initial access.

*Table 8. ATT&CK Techniques for Enterprise: Collection*
Collection
Technique Title	ID	Use
Screen Capture	T1113	CL0P actors use Truebot to take screenshots in effort to collect sensitive data.

*Table 9. ATT&CK Techniques for Enterprise: Command and Control*
Command and Control
Technique Title	ID	Use
Application Layer Protocol	T1071	CL0P actors use FlawedAmmyy remote access trojan (RAT) to communicate with the Command and Control (C2).
Ingress Tool Transfer	T1105	CL0P actors are assessed to use FlawedAmmyy remote access trojan (RAT) to the download of additional malware components. CL0P actors use SDBot to drop copies of itself in removable drives and network shares.

*Table 10. ATT&CK Techniques for Enterprise: Exfiltration*
Exfiltration
Technique Title	ID	Use
Exfiltration Over C2 Channel	T1041	CL0P actors exfiltrate data for C2 channels.

MITIGATIONS

The authoring agencies recommend organizations implement the mitigations below to improve their organization’s security posture in response to threat actors’ activity. These mitigations align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST). The CPGs provide a minimum set of practices and protections that CISA and NIST recommend all organizations implement. CISA and NIST based the CPGs on existing cybersecurity frameworks and guidance to protect against the most common and impactful threats and TTPs. Visit CISA’s Cross-Sector Cybersecurity Performance Goals for more information on the CPGs, including additional recommended baseline protections to reduce the risk of compromise by CL0P ransomware.

Reduce threat of malicious actors using remote access tools by:
- Auditing remote access tools on your network to identify currently used and/or authorized software.
- Reviewing logs for execution of remote access software to detect abnormal use of programs running as a portable executable [CPG 2.T].
- Using security software to detect instances of remote access software only being loaded in memory.
- Requiring authorized remote access solutions only be used from within your network over approved remote access solutions, such as virtual private networks (VPNs) or virtual desktop interfaces (VDIs).
- Blocking both inbound and outbound connections on common remote access software ports and protocols at the network perimeter.
Implement application controls to manage and control execution of software, including allowlisting remote access programs.
- Application controls should prevent installation and execution of portable versions of unauthorized remote access and other software. A properly configured application allowlisting solution will block any unlisted application execution. Allowlisting is important because antivirus solutions may fail to detect the execution of malicious portable executables when the files use any combination of compression, encryption, or obfuscation.
Strictly limit the use of RDP and other remote desktop services. If RDP is necessary, rigorously apply best practices, for example [CPG 2.W]:
- Audit the network for systems using RDP.
- Close unused RDP ports.
- Enforce account lockouts after a specified number of attempts.
- Apply phishing-resistant multifactor authentication (MFA).
- Log RDP login attempts.
Disable command-line and scripting activities and permissions [CPG 2.N].
Restrict the use of PowerShell, using Group Policy, and only grant to specific users on a case-by-case basis. Typically, only those users or administrators who manage the network or Windows operating systems (OSs) should be permitted to use PowerShell [CPG 2.E].
Update Windows PowerShell or PowerShell Core to the latest version and uninstall all earlier PowerShell versions. Logs from Windows PowerShell prior to version 5.0 are either non-existent or do not record enough detail to aid in enterprise monitoring and incident response activities [CPG 1.E, 2.S, 2.T].
Review domain controllers, servers, workstations, and active directories for new and/or unrecognized accounts [CPG 4.C].
Audit user accounts with administrative privileges and configure access controls according to the principle of least privilege [CPG 2.E].
Reduce the threat of credential compromise via the following:
- Place domain admin accounts in the protected users’ group to prevent caching of password hashes locally.
- Refrain from storing plaintext credentials in scripts.
Implement time-based access for accounts set at the admin level and higher [CPG 2.A, 2.E].

In addition, the authoring authorities of this CSA recommend network defenders apply the following mitigations to limit potential adversarial use of common system and network discovery techniques and to reduce the impact and risk of compromise by ransomware or data extortion actors:

Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location (i.e., hard drive, storage device, the cloud).
Maintain offline backups of data and regularly maintain backup and restoration (daily or weekly at minimum). By instituting this practice, an organization limits the severity of disruption to its business practices [CPG 2.R].
Require all accounts with password logins (e.g., service account, admin accounts, and domain admin accounts) to comply with National Institute for Standards and Technology (NIST) standards for developing and managing password policies.
- Use longer passwords consisting of at least eight characters and no more than 64 characters in length [CPG 2.B].
- Store passwords in hashed format using industry-recognized password managers.
- Add password user “salts” to shared login credentials.
- Avoid reusing passwords [CPG 2.C].
- Implement multiple failed login attempt account lockouts [CPG 2.G].
- Disable password “hints.”
- Refrain from requiring password changes more frequently than once per year. Note: NIST guidance suggests favoring longer passwords instead of requiring regular and frequent password resets. Frequent password resets are more likely to result in users developing password “patterns” cyber criminals can easily decipher.
- Require administrator credentials to install software.
Require multifactor authentication for all services to the extent possible, particularly for webmail, virtual private networks, and accounts that access critical systems [CPG 2.H].
Keep all operating systems, software, and firmware up to date. Timely patching is one of the most efficient and cost-effective steps an organization can take to minimize its exposure to cybersecurity threats. Prioritize patching known exploited vulnerabilities in internet-facing systems [CPG 1.E].
Segment networks to prevent the spread of ransomware. Network segmentation can help prevent the spread of ransomware by controlling traffic flows between—and access to—various subnetworks and by restricting adversary lateral movement [CPG 2.F].
Identify, detect, and investigate abnormal activity and potential traversal of the indicated ransomware with a networking monitoring tool. To aid in detecting the ransomware, implement a tool that logs and reports all network traffic, including lateral movement activity on a network. Endpoint detection and response (EDR) tools are particularly useful for detecting lateral connections as they have insight into common and uncommon network connections for each host [CPG 3.A].
Install, regularly update, and enable real time detection for antivirus software on all hosts.
Disable unused ports [CPG 2.V].
Consider adding an email banner to emails received from outside your organization [CPG 2.M].
Disable hyperlinks in received emails.
Ensure all backup data is encrypted, immutable (i.e., ensure backup data cannot be altered or deleted), and covers the entire organization’s data infrastructure [CPG 2.K, 2.L, 2.R].

VALIDATE SECURITY CONTROLS

In addition to applying mitigations, FBI and CISA recommend exercising, testing, and validating your organization’s security program against the threat behaviors mapped to the MITRE ATT&CK for Enterprise framework in this advisory. The authoring authorities of this CSA recommend testing your existing security controls inventory to assess how they perform against the ATT&CK techniques described in this advisory.
To get started:

Select an ATT&CK technique described in this advisory (see table 2).
Align your security technologies against the technique.
Test your technologies against the technique.
Analyze your detection and prevention technologies’ performance.
Repeat the process for all security technologies to obtain a set of comprehensive performance data.
Tune your security program, including people, processes, and technologies, based on the data generated by this process.

RESOURCES

Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment.

REFERENCE
[1] Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant
[2] MOVEit Transfer Critical Vulnerability (May 2023) – Progress Community
[3] MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com)

REPORTING

The FBI is seeking any information that can be shared, to include boundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with CL0P group actors, Bitcoin wallet information, decryptor files, and/or a benign sample of an encrypted file. The FBI and CISA do not encourage paying ransom as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. Regardless of whether you or your organization have decided to pay the ransom, the FBI and CISA urge you to promptly report ransomware incidents to a local FBI Field Office, report the incident to the FBI Internet Crime Complaint Center (IC3) at ic3.gov, or CISA at cisa.gov/report.

DISCLAIMER

The information in this report is being provided “as is” for informational purposes only. CISA and the FBI do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA or the FBI.

alerts

CISA and Partners Release the Guide to Securing Remote Access Software

Post author By admin
Post date June 6, 2023

Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Israel National Cyber Directorate (INCD) published the Guide to Securing Remote Access Software to provide organizations with an overview of common remote access exploitations and associated tactics, techniques, and procedures (TTPs).

The Guide to Securing Remote Access Software provides organizations with a remote access software overview, including the malicious use of remote access software, detection methods, and recommendations for all organizations. Remote access software provides a proactive and flexible approach for organizations to internally oversee networks, computers, and other devices; however, cyber threat actors increasingly co-opt these tools for access to victim systems.

CISA encourages organizations to use the provided additional information on remote management and on malicious use of remote monitoring and management software in implementing remote software and remote software mitigations.

alerts

Vulnerability Summary for the Week of May 29, 2023

Post author By admin
Post date June 5, 2023

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

High: vulnerabilities with a CVSS base score of 7.0–10.0
Medium: vulnerabilities with a CVSS base score of 4.0–6.9
Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

High Vulnerabilities

PrimaryVendor — Product	Description	Published	CVSS Score	Source & Patch Info
wordpress — wordpress	A vulnerability classified as critical has been found in Portfolio Gallery Plugin up to 1.1.8 on WordPress. This affects an unknown part. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.9 is able to address this issue. The name of the patch is 58ed88243e17df766036f4857041edaf358076d3. It is recommended to upgrade the affected component. The identifier VDB-230085 was assigned to this vulnerability.	2023-05-28	9.8	CVE-2014-125101 MISC MISC MISC
itrsgroup — ninja	A vulnerability was found in ITRS Group monitor-ninja up to 2021.11.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file modules/reports/models/scheduled_reports.php. The manipulation leads to sql injection. Upgrading to version 2021.11.30 is able to address this issue. The name of the patch is 6da9080faec9bca1ca5342386c0421dca0a6c0cc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230084.	2023-05-28	9.8	CVE-2021-4336 MISC MISC MISC MISC
huawei — emui	Lack of length check vulnerability in the HW_KEYMASTER module. Successful exploitation of this vulnerability may cause out-of-bounds read.	2023-05-26	9.8	CVE-2021-46887 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.	2023-05-29	9.8	CVE-2022-24627 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of BrowseFiles.php. An attacker can upload a .php file to WebAdmin/admin/AudioCodes_files/ajax/.	2023-05-29	9.8	CVE-2022-24629 MISC
microsoft — windows_10	Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability	2023-05-31	9.8	CVE-2022-35744 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Insecure Permissions.	2023-05-30	9.8	CVE-2022-36246 MISC
sprecher_automation — sprecon-e_cpu	Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher’s hardening guidelines.	2023-06-01	9.8	CVE-2022-4333 MISC
huawei — harmonyos	The facial recognition TA of some products lacks memory length verification. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.	2023-05-26	9.8	CVE-2022-48478 MISC
huawei — harmonyos	The facial recognition TA of some products has the out-of-bounds memory read vulnerability. Successful exploitation of this vulnerability may cause exceptions of the facial recognition service.	2023-05-26	9.8	CVE-2022-48479 MISC
samsung — galaxy_store	Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.	2023-05-26	9.8	CVE-2023-21514 MISC
wade_digital_design_co_ltd. — fantsy	Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service.	2023-06-02	9.8	CVE-2023-28698 MISC
elite_technology_corp. — web_fax	ELITE TECHNOLOGY CORP. Web Fax has a vulnerability of SQL Injection. An unauthenticated remote attacker can inject SQL commands into the input field of the login page to perform arbitrary system commands, disrupt service or terminate service.	2023-06-02	9.8	CVE-2023-28701 MISC
tenda — ac6_firmware	A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Affected by this vulnerability is the function fromDhcpListClient. The manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230077 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-05-27	9.8	CVE-2023-2923 MISC MISC MISC
supcontech — simfield_firmware	A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Affected by this issue is some unknown functionality of the file /admin/reportupload.aspx. The manipulation of the argument files[] leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230078 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-05-27	9.8	CVE-2023-2924 MISC MISC MISC
jizhicms — jizhicms	A vulnerability was found in JIZHICMS 2.4.5. It has been classified as critical. Affected is the function index of the file TemplateController.php. The manipulation of the argument webapi leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230082 is the identifier assigned to this vulnerability.	2023-05-27	9.8	CVE-2023-2927 MISC MISC MISC
sourcecodester — students_online_internship_timesheet_system	A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Affected is an unknown function of the file rendered_report.php of the component GET Parameter Handler. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230142 is the identifier assigned to this vulnerability.	2023-05-29	9.8	CVE-2023-2955 MISC MISC MISC
sourcecodester — faculty_evaluation_system	A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Affected by this issue is some unknown functionality of the file index.php?page=edit_user. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230150 is the identifier assigned to this vulnerability.	2023-05-29	9.8	CVE-2023-2962 MISC MISC MISC
erikoglu_technology — ermon	Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication Bypass.This issue affects ErMon: before 230602.	2023-06-02	9.8	CVE-2023-3000 MISC
tuzitio — camaleon_cms	Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter.	2023-05-26	9.8	CVE-2023-30145 MISC MISC MISC MISC MISC
hitron_technologies_inc. — hitron_coda-5310	Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remote attackers can exploit this vulnerability to obtain the administrator’s privilege, resulting in performing arbitrary system operation or disrupt service.	2023-06-02	9.8	CVE-2023-30603 MISC
hitron_technologies_inc. — hitron_coda-5310	It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. An unauthorized remote attacker can exploit this vulnerability to access system configuration interface, resulting in performing arbitrary system operation or disrupt service.	2023-06-02	9.8	CVE-2023-30604 MISC
okfn — ckan	CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker’s session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don’t have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don’t have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker’s insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues.	2023-05-26	9.8	CVE-2023-32321 MISC MISC
samsung — galaxy_store	XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.	2023-05-26	9.6	CVE-2023-21516 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za.	2023-05-30	9.1	CVE-2022-36247 MISC
haxx — curl	An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.	2023-05-26	9.1	CVE-2023-28322 MISC
bus_dispatch_and_information_system — bus_dispatch_and_information_system	A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Affected is an unknown function of the file delete_bus.php. The manipulation of the argument busid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230112.	2023-05-28	9.1	CVE-2023-2951 MISC MISC MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds (Tweets Widget) plugin <= 1.8.4 versions.	2023-05-29	8.8	CVE-2022-33974 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Cross Site Request Forgery (CSRF).	2023-05-30	8.8	CVE-2022-36250 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Plugin <= 2.0.4 versions.	2023-05-28	8.8	CVE-2022-36345 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.	2023-05-29	8.8	CVE-2022-45372 MISC
sguda — u-lock	SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks.	2023-06-02	8.8	CVE-2022-46307 MISC
sguda — u-lock	SGUDA U-Lock central lock control service’s user management function has incorrect authorization. A remote attacker with general user privilege can exploit this vulnerability to call privileged APIs to access, modify and delete user information.	2023-06-02	8.8	CVE-2022-46308 MISC
samsung — galaxy_store	InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.	2023-05-26	8.8	CVE-2023-21515 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions.	2023-05-26	8.8	CVE-2023-22693 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions.	2023-05-26	8.8	CVE-2023-23714 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero – Tom Skroza Admin Block Country plugin <= 7.1.4 versions.	2023-05-26	8.8	CVE-2023-24007 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik – Spam Blacklist plugin <= 0.7.8 versions.	2023-05-26	8.8	CVE-2023-24008 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions.	2023-05-26	8.8	CVE-2023-25029 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions.	2023-05-26	8.8	CVE-2023-25034 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions.	2023-05-26	8.8	CVE-2023-25038 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema – All In One Schema Rich Snippets plugin <= 1.6.5 versions.	2023-05-26	8.8	CVE-2023-25058 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Huizinga Resize at Upload Plus plugin <= 1.3 versions.	2023-05-26	8.8	CVE-2023-25467 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions.	2023-05-26	8.8	CVE-2023-25470 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions.	2023-05-26	8.8	CVE-2023-25971 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions.	2023-05-26	8.8	CVE-2023-25976 MISC
wade_digital_design_co_ltd. — fantsy	Wade Graphic Design FANTSY has a vulnerability of insufficient filtering for file type in its file update function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload a PHP file containing a webshell to perform arbitrary system operation or disrupt service.	2023-06-02	8.8	CVE-2023-28699 MISC
asus — rt-ac86u	ASUS RT-AC86U does not filter special characters for parameters in specific web URLs. A remote attacker with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands, disrupt system or terminate service.	2023-06-02	8.8	CVE-2023-28702 MISC
furbo — dog_camera	Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploit this vulnerability to perform command injection attack to execute arbitrary system commands or disrupt service.	2023-06-02	8.8	CVE-2023-28704 MISC
dedecms — dedecms	A vulnerability was found in DedeCMS up to 5.7.106. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file uploads/dede/article_allowurl_edit.php. The manipulation of the argument allurls leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230083.	2023-05-27	8.8	CVE-2023-2928 MISC MISC MISC
google — chrome	Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2929 MISC MISC MISC
google — chrome	Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2930 MISC MISC MISC
google — chrome	Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2931 MISC MISC MISC
google — chrome	Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2932 MISC MISC MISC
google — chrome	Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2933 MISC MISC MISC
google — chrome	Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2934 MISC MISC MISC
google — chrome	Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2935 MISC MISC MISC
google — chrome	Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	2023-05-30	8.8	CVE-2023-2936 MISC MISC MISC
open-emr — openemr	Code Injection in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	8.8	CVE-2023-2943 MISC CONFIRM
fs — s3900_24t4s_firmware	FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password.	2023-05-29	8.8	CVE-2023-30350 MISC
yank-note — yank_note	Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire(‘child_process’).	2023-05-29	8.8	CVE-2023-31874 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.	2023-05-26	8.8	CVE-2023-32964 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder — Dynamic Blocks Form Builder plugin <= 3.0.6 versions.	2023-05-28	8.8	CVE-2023-33212 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.	2023-05-28	8.8	CVE-2023-33313 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.	2023-05-28	8.8	CVE-2023-33314 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions.	2023-05-28	8.8	CVE-2023-33315 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.	2023-05-28	8.8	CVE-2023-33316 MISC
xuxueli — xxl-job	A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user’s account via a crafted POST request to the component /jobinfo/.	2023-05-26	8.8	CVE-2023-33779 MISC MISC MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions.	2023-05-28	8.8	CVE-2023-33926 MISC
wordpress — wordpress	Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions.	2023-05-28	8.8	CVE-2023-33931 MISC
microsoft — multiple_products	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	2023-05-31	8.1	CVE-2022-35745 MISC
microsoft — multiple_products	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	2023-05-31	8.1	CVE-2022-35752 MISC
microsoft — multiple_products	Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability	2023-05-31	8.1	CVE-2022-35753 MISC
et-x — ess_rec	Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Affected products and versions are as follows: ESS REC Agent Server Edition for Linux V1.0.0 to V1.4.3, ESS REC Agent Server Edition for Solaris V1.1.0 to V1.4.0, ESS REC Agent Server Edition for HP-UX V1.1.0 to V1.4.0, and ESS REC Agent Server Edition for AIX V1.2.0 to V1.4.1	2023-05-26	8.1	CVE-2023-28382 MISC MISC
open-emr — openemr	Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	8.1	CVE-2023-2942 MISC CONFIRM
open-emr — openemr	Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	8.1	CVE-2023-2946 CONFIRM MISC
open-emr — openemr	Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-28	8.1	CVE-2023-2950 MISC CONFIRM
microsoft — multiple_products	Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability	2023-05-31	7.8	CVE-2022-35743 MISC
microsoft — multiple_products	Windows Digital Media Receiver Elevation of Privilege Vulnerability	2023-05-31	7.8	CVE-2022-35746 MISC
microsoft — multiple_products	Windows Digital Media Receiver Elevation of Privilege Vulnerability	2023-05-31	7.8	CVE-2022-35749 MISC
microsoft — multiple_products	Win32k Elevation of Privilege Vulnerability	2023-05-31	7.8	CVE-2022-35750 MISC
microsoft — multiple_products	Windows Hyper-V Elevation of Privilege Vulnerability	2023-05-31	7.8	CVE-2022-35751 MISC
microsoft — multiple_products	Windows Kerberos Elevation of Privilege Vulnerability	2023-05-31	7.8	CVE-2022-35756 MISC
usebottles — bottles	Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.	2023-05-26	7.8	CVE-2023-22970 MISC FEDORA FEDORA
n158_project — n158	All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports’ function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.	2023-05-27	7.8	CVE-2023-26127 MISC MISC
keep-module-latest — keep-module-latest	All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.	2023-05-27	7.8	CVE-2023-26128 MISC MISC
bwm-ng_project — bwm-ng	All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the ‘check’ function in the bwm-ng.js file. Note: To execute the code snippet and potentially exploit the vulnerability, the attacker needs to have the ability to run Node.js code within the target environment. This typically requires some level of access to the system or application hosting the Node.js environment.	2023-05-27	7.8	CVE-2023-26129 MISC
google — chrome	Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)	2023-05-30	7.8	CVE-2023-2939 MISC MISC MISC
gin — gin	Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require(‘child_process’).	2023-05-28	7.8	CVE-2023-31873 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46881 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46882 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46883 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46884 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46885 MISC
huawei — emui	The video framework has memory overwriting caused by addition overflow. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2021-46886 MISC
microsoft — multiple_products	Microsoft Outlook Denial of Service Vulnerability	2023-06-01	7.5	CVE-2022-35742 MISC
microsoft — windows_server	HTTP.sys Denial of Service Vulnerability	2023-05-31	7.5	CVE-2022-35748 MISC
nagvis — nagvis	Nagvis before 1.9.34 was discovered to contain an arbitrary file read vulnerability via the component /core/classes/NagVisHoverUrl.php.	2023-05-26	7.5	CVE-2022-46945 CONFIRM MISC
huawei — emui	Integer overflow vulnerability in some phones. Successful exploitation of this vulnerability may affect service confidentiality.	2023-05-26	7.5	CVE-2022-48480 MISC
huawei — emui	The reminder module lacks an authentication mechanism for broadcasts received. Successful exploitation of this vulnerability may affect availability.	2023-05-26	7.5	CVE-2023-0116 MISC
gitlab — gitlab	An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups.	2023-05-26	7.5	CVE-2023-2825 MISC MISC CONFIRM
haxx — curl	A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server’s public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.	2023-05-26	7.5	CVE-2023-28319 MISC
haxx — curl	An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as “Subject Alternative Name” in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.	2023-05-26	7.5	CVE-2023-28321 MISC
wireshark — wireshark	GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file	2023-05-26	7.5	CVE-2023-2879 MISC CONFIRM MISC MLIST
linuxmint — warpinator	Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames.	2023-05-29	7.5	CVE-2023-29380 MISC MISC
libreswan — libreswan	pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. The earliest affected version is 3.28.	2023-05-29	7.5	CVE-2023-30570 CONFIRM
hitron_technologies_inc. — hitron_coda-5310	Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator.	2023-06-02	7.5	CVE-2023-30602 MISC
oracle — apache_openfire	Openfire is an XMPP server licensed under the Open Source Apache License. Openfire’s administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the yet-to-be released first version on the 4.8 branch (which is expected to be version 4.8.0). Users are advised to upgrade. If an Openfire upgrade isn’t available for a specific release, or isn’t quickly actionable, users may see the linked github advisory (GHSA-gw42-f939-fhvm) for mitigation advice.	2023-05-26	7.5	CVE-2023-32315 MISC
parseplatform — parse_server_push_adapter	parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3.	2023-05-27	7.5	CVE-2023-32688 MISC MISC MISC
qt — qt	An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered.	2023-05-28	7.5	CVE-2023-32763 CONFIRM MISC
microsoft — edge	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	2023-06-03	7.5	CVE-2023-33143 MISC
tweedegolf — ntpd-rs	ntpd-rs is an NTP implementation written in Rust. ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter than what the server expects. The server also crashes when it is not configured to handle NTS packets. The issue was caused by improper slice indexing. The indexing operations were replaced by safer alternatives that do not crash the ntpd-rs server process but instead properly handle the error condition. A patch was released in version 0.3.3.	2023-05-27	7.5	CVE-2023-33192 MISC MISC
talend — data_catalog	Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)	2023-05-26	7.5	CVE-2023-33247 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks	2023-05-31	7.5	CVE-2023-34227 MISC
ebankit — ebankit	In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. (It cannot be exploited with e-mail addresses or phone numbers that are registered in the application.)	2023-05-28	7.4	CVE-2023-33291 MISC MISC
microsoft — multiple_products	Windows Print Spooler Elevation of Privilege Vulnerability	2023-05-31	7.3	CVE-2022-35755 MISC
microsoft — multiple_products	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	2023-05-31	7.3	CVE-2022-35757 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.	2023-05-29	7.2	CVE-2022-24628 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed.	2023-05-29	7.2	CVE-2022-24630 MISC
hitron_technologies_inc. — hitron_coda-5310	Hitron CODA-5310 has insufficient filtering for specific parameters in the connection test function. A remote attacker authenticated as an administrator, can use the management page to perform command injection attacks, to execute arbitrary system command, manipulate system or disrupt service.	2023-06-02	7.2	CVE-2022-47616 MISC
hitron_technologies_inc. — hitron_coda-5310	Hitron CODA-5310 has hard-coded encryption/decryption keys in the program code. A remote attacker authenticated as an administrator can decrypt system files using the hard-coded keys for file access, modification, and cause service disruption.	2023-06-02	7.2	CVE-2022-47617 MISC
wordpress — wordpress	The Elementor Website Builder WordPress plugin before 3.12.2 does not properly sanitize and escape the Replace URL parameter in the Tools module before using it in a SQL statement, leading to a SQL injection exploitable by users with the Administrator role.	2023-05-30	7.2	CVE-2023-0329 MISC
zyxel — nas326_firmware	The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device remotely.	2023-05-30	7.2	CVE-2023-27988 CONFIRM
asus — rt-ac86u	ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges can exploit this vulnerability to execute arbitrary system commands, disrupt system or terminate service.	2023-06-02	7.2	CVE-2023-28703 MISC
autolabproject — autolab	Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted Tar file. Both “Base File Tar” and “Additional file archive” can be fed with Tar files that contain paths outside their target directories (e.g., `../../../../tmp/tarslipped2.sh`). When the MOSS cheat checker is started the files inside of the archives are expanded to the attacker-chosen locations. This issue may lead to arbitrary file write within the scope of the running process. This issue has been addressed in version 2.11.0. Users are advised to upgrade.	2023-05-26	7.2	CVE-2023-32317 MISC MISC
sourcecodester — faculty_evaluation_system	Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.	2023-05-26	7.2	CVE-2023-33439 MISC
sourcecodester — faculty_evaluation_system	Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.	2023-05-26	7.2	CVE-2023-33440 MISC MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33627 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33628 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33629 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33630 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33631 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33632 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33633 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33634 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33635 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33636 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33637 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33638 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33639 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33640 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33641 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33642 MISC
h3c — magic_r300-2100m_firmware	H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm.	2023-05-31	7.2	CVE-2023-33643 MISC

Medium Vulnerabilities

PrimaryVendor — Product	Description	Published	CVSS Score	Source & Patch Info
sprecher_automation — multiple_products	In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.	2023-06-01	6.8	CVE-2022-4332 MISC
itpison — omicard_edm	OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. A local area network attacker with administrator privileges can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service.	2023-06-02	6.8	CVE-2023-28700 MISC
microsoft — multiple_products	Unified Write Filter Elevation of Privilege Vulnerability	2023-05-31	6.7	CVE-2022-35754 MISC
nextcloud — nextcloud_server	Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1.	2023-05-26	6.7	CVE-2023-32318 MISC MISC
microsoft — multiple_products	Windows Local Security Authority (LSA) Denial of Service Vulnerability	2023-05-31	6.5	CVE-2022-35759 MISC
matrix — synapse	Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0	2023-05-26	6.5	CVE-2022-39374 MISC MISC
redhat — keycloak	A flaw was found in Keycloak. This flaw depends on a non-default configuration “Revalidate Client Certificate” to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of “Cannot validate client certificate trust: Truststore not available”. This may not impact availability as the attacker would have no access to the server, but consumer applications Integrity or Confidentiality may be impacted considering a possible access to them. Considering the environment is correctly set to use “Revalidate Client Certificate” this flaw is avoidable.	2023-05-26	6.5	CVE-2023-1664 MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data.	2023-05-29	6.5	CVE-2023-24603 MISC MISC
wireshark — wireshark	BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file	2023-05-26	6.5	CVE-2023-2854 MISC CONFIRM MISC
wireshark — wireshark	Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file	2023-05-26	6.5	CVE-2023-2855 CONFIRM MISC MISC
wireshark — wireshark	VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file	2023-05-26	6.5	CVE-2023-2856 CONFIRM MISC MISC MLIST
wireshark — wireshark	BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file	2023-05-26	6.5	CVE-2023-2857 MISC MISC CONFIRM
wireshark — wireshark	NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file	2023-05-26	6.5	CVE-2023-2858 MISC MISC CONFIRM MLIST
seacms — seacms	A vulnerability was found in SeaCMS 11.6 and classified as problematic. This issue affects some unknown processing of the file member.php of the component Picture Upload Handler. The manipulation of the argument oldpic leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230081 was assigned to this vulnerability.	2023-05-27	6.5	CVE-2023-2926 MISC MISC MISC
google — chrome	Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)	2023-05-30	6.5	CVE-2023-2940 MISC MISC MISC
avaya — ix_workforce_engagement	Avaya IX Workforce Engagement v15.2.7.1195 – CWE-522: Insufficiently Protected Credentials	2023-05-30	6.5	CVE-2023-31187 MISC
nextcloud — nextcloud_server	Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.	2023-05-26	6.5	CVE-2023-32319 MISC MISC
mp4v2_project — mp4v2	mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty.	2023-05-26	6.5	CVE-2023-33720 MISC
vmware — nsx-t_data_center	NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.	2023-05-26	6.1	CVE-2023-20868 MISC
open-xchange — ox_app_suite	OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API’s registry sub-tree.	2023-05-29	6.1	CVE-2023-24601 MISC MISC
open-xchange — ox_app_suite	OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title.	2023-05-29	6.1	CVE-2023-24602 MISC MISC
monitorclick — forms_ada	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MonitorClick Forms Ada – Form Builder plugin <= 1.0 versions.	2023-05-29	6.1	CVE-2023-27613 MISC
artistscope — copysafe_web_protection	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ArtistScope CopySafe Web Protection plugin <= 3.13 versions.	2023-05-26	6.1	CVE-2023-29098 MISC
sourcecodester — comment_system	A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Affected is an unknown function of the file index.php of the component GET Parameter Handler. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230076.	2023-05-27	6.1	CVE-2023-2922 MISC MISC MISC
open-emr — openemr	Cross-site Scripting (XSS) – Generic in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-28	6.1	CVE-2023-2948 MISC CONFIRM
open-emr — openemr	Cross-site Scripting (XSS) – Reflected in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-28	6.1	CVE-2023-2949 CONFIRM MISC
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.	2023-05-31	6.1	CVE-2023-2998 CONFIRM MISC
phpmyfaq — phpmyfaq	Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14.	2023-05-31	6.1	CVE-2023-2999 CONFIRM MISC
avaya — ix_workforce_engagement	Avaya IX Workforce Engagement v15.2.7.1195 – CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’)	2023-05-30	6.1	CVE-2023-32218 MISC
posthog — posthog-js	PostHog-js is a library to interface with the PostHog analytics tool. Versions prior to 1.57.2 have the potential for cross-site scripting. Problem has been patched in 1.57.2. Users are advised to upgrade. Users unable to upgrade should ensure that their Content Security Policy is in place.	2023-05-27	6.1	CVE-2023-32325 MISC MISC
python — requests	Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.	2023-05-26	6.1	CVE-2023-32681 MISC MISC MISC MISC MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in One Rank Math SEO PRO plugin <= 3.0.35 versions.	2023-05-28	6.1	CVE-2023-32800 MISC
craftcms — craft_cms	Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.	2023-05-27	6.1	CVE-2023-33195 MISC MISC MISC
uthscsa — papaya_viewer	An issue was discovered in Papaya Viewer 4a42701. User-supplied input in form of DICOM or NIFTI images can be loaded into the Papaya web application without any kind of sanitization. This allows injection of arbitrary JavaScript code into image metadata, which is executed when that metadata is displayed in the Papaya web application	2023-05-26	6.1	CVE-2023-33255 MISC MISC FULLDISC MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Awesome Motive Duplicator Pro plugin <= 4.5.11 versions.	2023-05-28	6.1	CVE-2023-33309 MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.	2023-05-28	6.1	CVE-2023-33319 MISC
wordpress — wordpress	Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.	2023-05-28	6.1	CVE-2023-33326 MISC
wordpress — wordpress	Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Product Vendors plugin <= 2.1.76 versions.	2023-05-28	6.1	CVE-2023-33332 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible	2023-05-31	6.1	CVE-2023-34222 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible	2023-05-31	6.1	CVE-2023-34226 MISC
microsoft — multiple_products	Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability	2023-05-31	5.9	CVE-2022-35747 MISC
cloudfoundry — routing_release	In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool.	2023-05-26	5.9	CVE-2023-20882 MISC
haxx — curl	A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.	2023-05-26	5.9	CVE-2023-28320 MISC
status_internet_co._ltd. — powerbpm	It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence.	2023-06-02	5.7	CVE-2023-25780 MISC
microsoft — multiple_products	Windows Kernel Memory Information Disclosure Vulnerability	2023-05-31	5.5	CVE-2022-35758 MISC
avahi — avahi	A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.	2023-05-26	5.5	CVE-2023-1981 MISC MISC MISC
omninotes — omni_notes	Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note’s attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability.	2023-05-27	5.5	CVE-2023-33188 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter.	2023-05-29	5.4	CVE-2022-24631 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 suffers from Multiple Stored Cross-Site Scripting (XSS) vulnerabilities via Shop Beat Control Panel found at www.shopbeat.co.za controlpanel.shopbeat.co.za.	2023-05-30	5.4	CVE-2022-36244 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass 2FA via APIs. For Controlpanel Lite. “After login we are directly able to use the bearer token or jsession ID to access the apis instead of entering the 2FA code. Thus, leading to bypass of 2FA on API level.	2023-05-30	5.4	CVE-2022-36249 MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Reynolds Progress Bar plugin <= 2.2.1 versions.	2023-05-29	5.4	CVE-2023-23699 MISC
craftcms — craft_cms	A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.	2023-05-26	5.4	CVE-2023-2817 MISC MISC
openfind_mail2000 — openfind_mail2000	Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. A remote attacker can exploit this vulnerability using phishing emails that contain malicious web pages injected with JavaScript. When users access the system and open the email, it triggers an XSS (Reflected Cross-site scripting) attack.	2023-06-02	5.4	CVE-2023-28705 MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Yoast Yoast SEO: Local plugin <= 14.9 versions.	2023-05-28	5.4	CVE-2023-28785 MISC
webkul — krayin_crm	A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230079. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.	2023-05-27	5.4	CVE-2023-2925 MISC MISC MISC
open-emr — openemr	Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	5.4	CVE-2023-2944 MISC CONFIRM
open-emr — openemr	Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	5.4	CVE-2023-2945 CONFIRM MISC
djangoblog_project — djangoblog	Cross-site Scripting (XSS) – Stored in GitHub repository liangliangyy/djangoblog prior to master.	2023-05-29	5.4	CVE-2023-2954 MISC CONFIRM
kiwitcms — kiwi_tcms	Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded. The upload validation checks were not robust enough which left the possibility of an attacker to circumvent them and upload a potentially dangerous file. Exploiting this flaw, a combination of files could be uploaded so that they work together to circumvent the existing Content-Security-Policy and allow execution of arbitrary JavaScript in the browser. This issue has been patched in version 12.3.	2023-05-27	5.4	CVE-2023-32686 MISC MISC
craftcms — craft_cms	Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.	2023-05-26	5.4	CVE-2023-33196 MISC MISC MISC
craftcms — craft_cms	Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.	2023-05-26	5.4	CVE-2023-33197 MISC MISC MISC
wordpress — wordpress	Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CRM Perks Contact Form Entries plugin <= 1.3.0 versions.	2023-05-28	5.4	CVE-2023-33311 MISC
skycaiji — skycaiji	skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Attackers can achieve backend XSS by deploying malicious JSON data.	2023-05-26	5.4	CVE-2023-33394 MISC
invernyx — smartcars_3	A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body of news article.	2023-05-26	5.4	CVE-2023-33780 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible	2023-05-31	5.4	CVE-2023-34220 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible	2023-05-31	5.4	CVE-2023-34221 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible	2023-05-31	5.4	CVE-2023-34225 MISC
audiocodes — device_manager_express	An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter.	2023-05-29	5.3	CVE-2022-24632 MISC
shopbeat — shop_beat_media_player	Shop Beat Solutions (pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Directory Traversal via server.shopbeat.co.za. Information Exposure Through Directory Listing vulnerability in “studio” software of Shop Beat. This issue affects: Shop Beat studio studio versions prior to 3.2.57 on arm.	2023-05-30	5.3	CVE-2022-36243 MISC
huawei — emui	The online authentication provided by the hwKitAssistant lacks strict identity verification of applications. Successful exploitation of this vulnerability may affect availability of features,such as MeeTime.	2023-05-26	5.3	CVE-2023-0117 MISC
open-xchange — ox_app_suite	OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message’s remote resources during printing.	2023-05-29	5.3	CVE-2023-24597 MISC MISC
netapp — blue_xp_connector	NetApp Blue XP Connector versions prior to 3.9.25 expose information via a directory listing. A new Connector architecture resolves this issue – obtaining the fix requires redeploying a fresh Connector.	2023-05-26	5.3	CVE-2023-27311 MISC
avaya — ix_workforce_engagement	Avaya IX Workforce Engagement v15.2.7.1195 – User Enumeration – Observable Response Discrepancy	2023-05-30	5.3	CVE-2023-31186 MISC
qt — qt	An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Qt Network incorrectly parses the strict-transport-security (HSTS) header, allowing unencrypted connections to be established, even when explicitly prohibited by the server. This happens if the case used for this header does not exactly match.	2023-05-28	5.3	CVE-2023-32762 CONFIRM MISC MISC
nextcloud — nextcloud_mail	Nextcloud Mail is a mail app in Nextcloud. A blind SSRF attack allowed to send GET requests to services running in the same web server. It is recommended that the Mail app is update to version 3.02, 2.2.5 or 1.15.3.	2023-05-27	5.3	CVE-2023-33184 MISC MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 parameters of the “password” type from build dependencies could be logged in some cases	2023-05-31	5.3	CVE-2023-34223 MISC
matrix — synapse	Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix Federation API allows remote homeservers to request the authorization events in a room. This is necessary so that a homeserver receiving some events can validate that those events are legitimate and permitted in their room. However, in versions of Synapse up to and including 1.68.0, a Synapse homeserver answering a query for authorization events does not sufficiently check that the requesting server should be able to access them. The issue was patched in Synapse 1.69.0. Homeserver administrators are advised to upgrade.	2023-05-26	5	CVE-2022-39335 MISC MISC MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sebastian Krysmanski Upload File Type Settings plugin <= 1.1 versions.	2023-05-26	4.8	CVE-2023-25781 MISC
open-emr — openemr	Cross-site Scripting (XSS) – Stored in GitHub repository openemr/openemr prior to 7.0.1.	2023-05-27	4.8	CVE-2023-2947 MISC CONFIRM
craftcms — craft_cms	Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.	2023-05-26	4.8	CVE-2023-33194 MISC MISC MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in André Bräkling WP-Matomo Integration (WP-Piwik) plugin <= 1.0.27 versions.	2023-05-28	4.8	CVE-2023-33211 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team WooDiscuz – WooCommerce Comments woodiscuz-woocommerce-comments allows Stored XSS.This issue affects WooDiscuz – WooCommerce Comments: from n/a through 2.2.9.	2023-05-28	4.8	CVE-2023-33216 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps MailChimp Subscribe Form plugin <= 4.0.9.1 versions.	2023-05-28	4.8	CVE-2023-33328 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible	2023-05-31	4.8	CVE-2023-34224 MISC
linux — kernel	There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.	2023-05-26	4.7	CVE-2023-2898 MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user.	2023-05-29	4.3	CVE-2023-24598 MISC MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka “ID confusion.”	2023-05-29	4.3	CVE-2023-24599 MISC MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book.	2023-05-29	4.3	CVE-2023-24600 MISC MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data.	2023-05-29	4.3	CVE-2023-24604 MISC MISC
google — chrome	Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)	2023-05-30	4.3	CVE-2023-2937 MISC MISC MISC
google — chrome	Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)	2023-05-30	4.3	CVE-2023-2938 MISC MISC MISC
google — chrome	Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)	2023-05-30	4.3	CVE-2023-2941 MISC MISC MISC
fit2cloud — cloudexplorer	CloudExplorer Lite is an open source cloud management platform. In CloudExplorer Lite prior to version 1.1.0 users organization/workspace permissions are not properly checked. This allows users to add themselves to any organization. This vulnerability has been fixed in v1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.	2023-05-26	4.3	CVE-2023-32311 MISC
fit2cloud — cloudexplorer	CloudExplorer Lite is an open source cloud management tool. In affected versions users can add themselves to any organization in CloudExplorer Lite. This is due to a missing permission check on the user profile. It is recommended to upgrade the version to v1.1.0. There are no known workarounds for this vulnerability.	2023-05-26	4.3	CVE-2023-32316 MISC
matrix — synapse	Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.	2023-05-26	4.3	CVE-2023-32323 MISC MISC MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API	2023-05-31	4.3	CVE-2023-34219 MISC
open-xchange — ox_app_suite	OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens.	2023-05-29	4.2	CVE-2023-24605 MISC MISC

Low Vulnerabilities

PrimaryVendor — Product	Description	Published	CVSS Score	Source & Patch Info
huawei — emui	The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability.	2023-05-26	3.3	CVE-2023-31225 MISC

Severity Not Yet Assigned

PrimaryVendor — Product	Description	Published	CVSS Score	Source & Patch Info
stars_alliance — psychostats	A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.2.2b is able to address this issue. The name of the patch is 5d3b7311fd5085ec6ea1b1bfa9a05285964e07e4. It is recommended to upgrade the affected component. The identifier VDB-230265 was assigned to this vulnerability.	2023-06-01	not yet calculated	CVE-2010-10010 MISC MISC MISC MISC MISC
wordpress — wordpress	A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The name of the patch is a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2012-10015 MISC MISC MISC
wordpress — wordpress	A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.	2023-05-29	not yet calculated	CVE-2014-125102 MISC MISC MISC
wordpress — wordpress	A vulnerability was found in BestWebSoft Twitter Plugin up to 1.3.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function twttr_settings_page of the file twitter.php. The manipulation of the argument twttr_url_twitter/bws_license_key/bws_license_plugin leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is e04d59ab578316ffeb204cf32dc71c0d0e1ff77c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230155.	2023-05-31	not yet calculated	CVE-2014-125103 MISC MISC MISC
wordpress — wordpress	A vulnerability was found in VaultPress Plugin up to 1.6.0 on WordPress. It has been declared as critical. Affected by this vulnerability is the function protect_aioseo_ajax of the file class.vaultpress-hotfixes.php of the component MailPoet Plugin. The manipulation leads to unrestricted upload. The attack can be launched remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is e3b92b14edca6291c5f998d54c90cbe98a1fb0e3. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230263.	2023-06-01	not yet calculated	CVE-2014-125104 MISC MISC MISC MISC
wordpress — wordpress	A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The name of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2015-10107 MISC MISC MISC
wordpress — wordpress	A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 0.9.6.1 is able to address this issue. The name of the patch is 2a8057df8ca30adc859cecbe5cad21ac28c5b747. It is recommended to upgrade the affected component. VDB-230234 is the identifier assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2015-10108 MISC MISC MISC MISC
wordpress — wordpress	A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264.	2023-06-01	not yet calculated	CVE-2015-10109 MISC MISC MISC MISC
wordpress — wordpress	A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392.	2023-06-02	not yet calculated	CVE-2015-10110 MISC MISC MISC
fanpress_cm — fanpress_cm	A vulnerability was found in sea75300 FanPress CM up to 3.6.3. It has been classified as problematic. This affects the function getArticlesPreview of the file inc/controller/action/system/templatepreview.php of the component Template Preview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 3.6.4 is able to address this issue. The name of the patch is c380d343c2107fcee55ab00eb8d189ce5e03369b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230235.	2023-06-01	not yet calculated	CVE-2018-25086 MISC MISC MISC MISC
oracle — apache	In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an attacker can insert index.fcgi/index.fcgi into a URL to bypass a Require directive.	2023-05-29	not yet calculated	CVE-2019-19791 CONFIRM MISC
citadel — citadel	An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure.	2023-05-29	not yet calculated	CVE-2020-29547 MISC MISC
mercury — mac1200r	A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.	2023-05-29	not yet calculated	CVE-2021-27825 MISC MISC
fighting_cock_information_system — fighting_cock_information_system	SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter.	2023-05-31	not yet calculated	CVE-2021-31233 MISC MISC
citadel — citadel	An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of “The STARTTLS command is only valid in non-authenticated state.” in RFC2595). This potentially allows an attacker to cause a victim’s e-mail messages to be stored into an attacker’s IMAP mailbox, but depends on details of the victim’s client behavior.	2023-05-29	not yet calculated	CVE-2021-37845 MISC MISC MISC
uniview — ip_camera	Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote unauthenticated attacker to overflow an internal buffer and achieve code execution. By using this buffer overflow, a remote attacker can start the telnetd service. This service has a hardcoded default username and password (root/123456). Although it has a restrictive shell, this can be easily bypassed via the built-in ECHO shell command.	2023-05-31	not yet calculated	CVE-2021-45039 MISC MISC
bluetooth — bluetooth	Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device.	2023-06-02	not yet calculated	CVE-2022-24695 MISC MISC MISC
zte_corporation — mobile_phones	There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission.	2023-05-30	not yet calculated	CVE-2022-39071 MISC
zte_corporation — mobile_phones	There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without user permission.	2023-05-30	not yet calculated	CVE-2022-39074 MISC
zte_corporation — mobile_phones	There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission.	2023-05-30	not yet calculated	CVE-2022-39075 MISC
mediawiki — mediawiki	An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).	2023-05-29	not yet calculated	CVE-2022-41766 MISC
honeywell — onewireless	Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1	2023-05-30	not yet calculated	CVE-2022-4240 MISC
honeywell — onewireless	Use of Insufficiently Random Values in Honeywell OneWireless. This vulnerability may allow attacker to manipulate claims in client’s JWT token. This issue affects OneWireless version 322.1	2023-05-30	not yet calculated	CVE-2022-43485 MISC
suse — rancher	An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user’s browser, allowing the attacker to steal sensitive information, manipulate web content, or perform other malicious activities on behalf of the victims. This could result in a user with write access to the affected areas being able to act on behalf of an administrator, once an administrator opens the affected web page. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.	2023-06-01	not yet calculated	CVE-2022-43760 MISC MISC
xfinity — comcast_defined_technologies_microeisbss	An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code Execution and privilege escalation..	2023-06-02	not yet calculated	CVE-2022-45938 MISC MISC
honeywell — onewireless	An attacker having physical access to WDM can plug USB device to gain access and execute unwanted commands. A malicious user could enter a system command along with a backup configuration, which could result in the execution of unwanted commands. This issue affects OneWireless all versions up to 322.1 and fixed in version 322.2.	2023-05-30	not yet calculated	CVE-2022-46361 MISC
wordpress — wordpress	The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.	2023-05-30	not yet calculated	CVE-2022-4676 MISC
action_launcher — action_launcher_for_android	An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert.	2023-05-30	not yet calculated	CVE-2022-47028 MISC
action_launcher — action_launcher	An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update.	2023-05-30	not yet calculated	CVE-2022-47029 MISC
foxit — fox_data_diode	Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue does not require user interaction.	2023-05-31	not yet calculated	CVE-2022-47525 MISC MISC
foxit — fox_data_diode	Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the downstream node user. Exploitation of this issue does not require user interaction.	2023-05-31	not yet calculated	CVE-2022-47526 MISC MISC
linux — kernel	An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in fs/ntfs3/xattr.c.	2023-05-31	not yet calculated	CVE-2022-48502 MISC MISC MISC
mozilla — thunderbird	Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird < 102.7.1.	2023-06-02	not yet calculated	CVE-2023-0430 MISC MISC
wordpress — wordpress	The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without actually paying the amount. Such key has been revoked.	2023-05-30	not yet calculated	CVE-2023-0443 MISC
mozilla — thunderbird	OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-0547 MISC MISC
wordpress — wordpress	The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST ‘update_vk_blocks_options’ function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change plugin settings including default icons.	2023-06-03	not yet calculated	CVE-2023-0583 MISC MISC
wordpress — wordpress	The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST ‘update_options’ function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the ‘vk_font_awesome_version’ option to an arbitrary value.	2023-06-03	not yet calculated	CVE-2023-0584 MISC MISC
mozilla — thunderbird	If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird’s user interface to lock up and no longer respond to the user’s actions. An attacker could send a crafted message with this structure to attempt a DoS attack. This vulnerability affects Thunderbird < 102.8.	2023-06-02	not yet calculated	CVE-2023-0616 MISC MISC
wordpress — wordpress	The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks	2023-05-30	not yet calculated	CVE-2023-0733 MISC
wordpress — wordpress	The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wp_newsletter_show_localrecord page is not protected with a nonce.	2023-05-30	not yet calculated	CVE-2023-0766 MISC
mozilla — multiple_products	An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-0767 MISC MISC MISC MISC
zephyr — zephyr	At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible.	2023-05-30	not yet calculated	CVE-2023-0779 MISC
wordpress — wordpress	The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.	2023-06-02	not yet calculated	CVE-2023-1159 MISC MISC
hashicorp — consul/consul_enterprise	Consul and Consul Enterprise’s cluster peering implementation contained a flaw whereby a peer cluster with service of the same name as a local service could corrupt Consul state, resulting in denial of service. This vulnerability was resolved in Consul 1.14.5, and 1.15.3	2023-06-02	not yet calculated	CVE-2023-1297 MISC
wordpress — wordpress	The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any file with the knowledge of any one file’s password.	2023-05-30	not yet calculated	CVE-2023-1524 MISC
wordpress — wordpress	The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-05-31	not yet calculated	CVE-2023-1661 MISC MISC
libssh — libssh	A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.	2023-05-26	not yet calculated	CVE-2023-1667 MISC MISC MISC FEDORA MLIST
hitachi_energy — foxman-un/unem	A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. If exploited an attacker could obtain confidential information. List of CPEs: * cpe:2.3:a:hitachienergy:foxman_un:R9C:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R10C:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R11A:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R11B:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R14A:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R14B:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R15A:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R15B:::::::* * cpe:2.3:a:hitachienergy:foxman_un:R16A:::::::* * * cpe:2.3:a:hitachienergy:unem:R9C:::::::* * cpe:2.3:a:hitachienergy: unem :R10C:::::::* * cpe:2.3:a:hitachienergy: unem :R11A:::::::* * cpe:2.3:a:hitachienergy: unem :R11B:::::::* * cpe:2.3:a:hitachienergy: unem :R14A:::::::* * cpe:2.3:a:hitachienergy: unem :R14B:::::::* * cpe:2.3:a:hitachienergy: unem :R15A:::::::* * cpe:2.3:a:hitachienergy: unem :R15B:::::::* * cpe:2.3:a:hitachienergy: unem :R16A:::::::*	2023-05-30	not yet calculated	CVE-2023-1711 MISC MISC
wordpress — wordpress	The WP Fastest Cache WordPress plugin before 1.1.5 does not have CSRF check in an AJAX action, and does not validate user input before using it in the wp_remote_get() function, leading to a Blind SSRF issue	2023-05-30	not yet calculated	CVE-2023-1938 MISC
mozilla — multiple_products	Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 102.10 and Firefox ESR < 102.10.	2023-06-02	not yet calculated	CVE-2023-1945 MISC MISC MISC
wordpress — wordpress	The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.	2023-05-30	not yet calculated	CVE-2023-2023 MISC
mitsubishi_electric — multiple_products	Weak Password Requirements vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to access to the module via FTP by dictionary attack or password sniffing.	2023-06-02	not yet calculated	CVE-2023-2060 MISC MISC
mitsubishi_electric — multiple_products	Use of Hard-coded Password vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to obtain a hard-coded password and access to the module via FTP.	2023-06-02	not yet calculated	CVE-2023-2061 MISC MISC
mitsubishi_electric — multiple_products	Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know the password for MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP. This vulnerability results in authentication bypass vulnerability, which allows the attacker to access MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP via FTP.	2023-06-02	not yet calculated	CVE-2023-2062 MISC MISC
mitsubishi_electric — multiple_products	Unrestricted Upload of File with Dangerous Type vulnerability in FTP function on Mitsubishi Electric Corporation MELSEC iQ-R Series EtherNet/IP module RJ71EIP91 and MELSEC iQ-F Series EtherNet/IP module FX5-ENET/IP allows a remote unauthenticated attacker to cause information disclosure, tampering, deletion or destruction via file upload/download. As a result, the attacker may be able to exploit this for further attacks.	2023-06-02	not yet calculated	CVE-2023-2063 MISC MISC
vmware — multiple_products	VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. An unauthenticated malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.	2023-05-30	not yet calculated	CVE-2023-20884 MISC
wordpress — wordpress	The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin’s report API endpoint, which could allow administrators in multi-site configuration to leak sensitive information from the site’s database.	2023-05-30	not yet calculated	CVE-2023-2111 MISC
wordpress — wordpress	The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary javascript into the admin panel, even when the unfiltered_html capability is disabled, such as in a multisite setup.	2023-05-30	not yet calculated	CVE-2023-2113 MISC
wordpress — wordpress	The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect names of files and directories outside of the sites root.	2023-05-30	not yet calculated	CVE-2023-2117 MISC
wordpress — wordpress	The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with contributor-level privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.	2023-06-02	not yet calculated	CVE-2023-2201 MISC MISC
wordpress — wordpress	The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).	2023-05-30	not yet calculated	CVE-2023-2223 MISC
wordpress — wordpress	The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting.	2023-05-30	not yet calculated	CVE-2023-2256 MISC
suse — rancher	An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4.	2023-06-01	not yet calculated	CVE-2023-22647 MISC MISC
suse — rancher	A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4.	2023-06-01	not yet calculated	CVE-2023-22648 MISC MISC
opensuse — libeconf	A Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in openSUSE libeconf leads to DoS via malformed config files. This issue affects libeconf: before 0.5.2.	2023-06-01	not yet calculated	CVE-2023-22652 MISC MISC
libssh — libssh	A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The problem is caused by the return value `rc,` which is initialized to SSH_ERROR and later rewritten to save the return value of the function call `pki_key_check_hash_compatible.` The value of the variable is not changed between this point and the cryptographic verification. Therefore any error between them calls `goto error` returning SSH_OK.	2023-05-26	not yet calculated	CVE-2023-2283 MISC MISC MISC FEDORA
wordpress — wordpress	The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. This leads to a server-side request forgery as the user may force the server to access any URL of their choosing.	2023-05-30	not yet calculated	CVE-2023-2287 MISC
wordpress — wordpress	The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.	2023-05-30	not yet calculated	CVE-2023-2288 MISC
wordpress — wordpress	The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin	2023-05-30	not yet calculated	CVE-2023-2296 MISC
wordpress — wordpress	The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘business_id’ parameter in versions up to, and including, 4.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-2298 MISC MISC MISC
wordpress — wordpress	The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and including, 4.2.10 due to a missing capability check on the processAction function. This makes it possible for unauthenticated attackers modify the plugin’s settings.	2023-06-03	not yet calculated	CVE-2023-2299 MISC MISC MISC
wordpress — wordpress	The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-2300 MISC MISC MISC
wordpress — wordpress	The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-2301 MISC MISC MISC
wordpress — wordpress	The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-2302 MISC MISC MISC
wordpress — wordpress	The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-2303 MISC MISC MISC
wordpress — wordpress	The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user_favorites’ shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-05-31	not yet calculated	CVE-2023-2304 MISC MISC MISC MISC
stormshield — endpoint_security_evolution	Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information.	2023-05-30	not yet calculated	CVE-2023-23561 MISC MISC
stormshield — endpoint_security_evolution	Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters.	2023-05-31	not yet calculated	CVE-2023-23562 MISC MISC
mozilla — firefox	A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Given a reliable exploit primitive, this new process could be exploited again leading to arbitrary file read. This vulnerability affects Firefox < 109.	2023-06-02	not yet calculated	CVE-2023-23597 MISC MISC
mozilla — multiple_products	Due to the Firefox GTK wrapper code’s use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to `DataTransfer.setData`. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23598 MISC MISC MISC MISC
mozilla — multiple_products	When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23599 MISC MISC MISC MISC
mozilla — firefox_for_android	Per origin notification permissions were being stored in a way that didn’t take into account what browsing context the permission was granted in. This lead to the possibility of notifications to be displayed during different browsing sessions. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 109.	2023-06-02	not yet calculated	CVE-2023-23600 MISC MISC
mozilla — multiple_products	Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23601 MISC MISC MISC MISC
mozilla — firefox	A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from inside WebWorkers. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23602 MISC MISC MISC MISC
mozilla — multiple_products	Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren’t accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23603 MISC MISC MISC MISC
mozilla — firefox	A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.	2023-06-02	not yet calculated	CVE-2023-23604 MISC MISC
mozilla — firefox	Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.	2023-06-02	not yet calculated	CVE-2023-23605 MISC MISC MISC MISC
mozilla — firefox	Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 109.	2023-06-02	not yet calculated	CVE-2023-23606 MISC MISC
joomla! — joomla!	An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.	2023-05-30	not yet calculated	CVE-2023-23754 MISC
joomla! — joomla!	An issue was discovered in Joomla! 4.2.0 through 4.3.1. The lack of rate limiting allowed brute force attacks against MFA methods.	2023-05-30	not yet calculated	CVE-2023-23755 MISC
advanced_secure_gateway_content_analysis — advanced_secure_gateway_content_analysis	Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.	2023-06-01	not yet calculated	CVE-2023-23952 MISC
advanced_secure_gateway_content_analysis — advanced_secure_gateway_content_analysis	Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.	2023-06-01	not yet calculated	CVE-2023-23953 MISC
advanced_secure_gateway_content_analysis — advanced_secure_gateway_content_analysis	Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.	2023-06-01	not yet calculated	CVE-2023-23954 MISC
advanced_secure_gateway_content_analysis — advanced_secure_gateway_content_analysis	Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.	2023-06-01	not yet calculated	CVE-2023-23955 MISC
symantec — symantec_siteminder_webagent	A user can supply malicious HTML and JavaScript code that will be executed in the client browser	2023-05-30	not yet calculated	CVE-2023-23956 MISC
wordpress — wordpress	The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-2404 MISC MISC MISC
wordpress — wordpress	The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-2405 MISC MISC MISC
wordpress — wordpress	The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Stored Cross-Site Scripting via the ’email’ parameter in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with the edit_posts capability, such as contributors and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-2406 MISC MISC MISC MISC
wordpress — wordpress	The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin’s settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-2407 MISC MISC MISC MISC
wordpress — wordpress	The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to logout a vctia connected account which would cause a denial of service on the appointment scheduler.	2023-06-03	not yet calculated	CVE-2023-2415 MISC MISC MISC
wordpress — wordpress	The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in versions up to, and including, 4.2.10. This makes it possible for unauthenticated to logout a vctia connected account which would cause a denial of service on the appointment scheduler, via a forged request granted they can trick a site user into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-2416 MISC MISC MISC
wordpress — wordpress	The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘reset’ function in versions up to, and including, 3.2.3. This makes it possible for authenticated attackers, with editor-level permissions and above, to reset plugin settings.	2023-05-31	not yet calculated	CVE-2023-2434 MISC MISC MISC
wordpress — wordpress	The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.	2023-05-31	not yet calculated	CVE-2023-2435 MISC MISC
wordpress — wordpress	The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘blog_in_blog’ shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-05-31	not yet calculated	CVE-2023-2436 MISC MISC
dell — networker	Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates.	2023-05-30	not yet calculated	CVE-2023-24568 MISC
gallagher — controller_6000	Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior.	2023-06-01	not yet calculated	CVE-2023-24584 MISC
wordpress — wordpress	The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.	2023-05-30	not yet calculated	CVE-2023-2470 MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer. Triggering the access at the right time will corrupt other packets or the allocator metadata. Corrupting a pointer will lead to denial of service. This issue is fixed in version 2023.04. As a workaround, disable SRH in the network stack.	2023-05-30	not yet calculated	CVE-2023-24817 MISC MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixed in version 2023.04. There are no known workarounds.	2023-05-30	not yet calculated	CVE-2023-24825 MISC MISC MISC MISC MISC MISC MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issue is fixed in version 2023.04. As a workaround, disable fragment forwarding or SFR.	2023-05-30	not yet calculated	CVE-2023-24826 MISC MISC MISC MISC
wordpress — wordpress	The Easy Forms for Mailchimp WordPress plugin through 6.8.8 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.	2023-05-30	not yet calculated	CVE-2023-2518 MISC
wordpress — wordpress	The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘getListOfUsers’ function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.	2023-05-31	not yet calculated	CVE-2023-2545 MISC MISC
wordpress — wordpress	The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ‘deleteUser’ function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin.	2023-05-31	not yet calculated	CVE-2023-2547 MISC MISC
wordpress — wordpress	The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the ‘createTempAccountLink’ function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user’s email address.	2023-05-31	not yet calculated	CVE-2023-2549 MISC MISC
dell — networker	Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. This is a high severity vulnerability as the exploitation allows an attacker to take complete control of a system, so Dell recommends customers to upgrade at the earliest opportunity.	2023-05-31	not yet calculated	CVE-2023-25539 MISC
mozilla — multiple_products	The `Content-Security-Policy-Report-Only` header could allow an attacker to leak a child iframe’s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25728 MISC MISC MISC MISC
mozilla — multiple_products	Permission prompts for opening external schemes were only shown for `ContentPrincipals` resulting in extensions being able to open them without user interaction via `ExpandedPrincipals`. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25729 MISC MISC MISC MISC
mozilla — firefox	A background script invoking `requestFullscreen` and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25730 MISC MISC MISC MISC
mozilla — firefox	Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.	2023-06-02	not yet calculated	CVE-2023-25731 MISC MISC
mozilla — multiple_products	When encoding data from an `inputStream` in `xpcom` the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25732 MISC MISC MISC MISC
mozilla — multiple_products	After downloading a Windows `.url` shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25734 MISC MISC MISC MISC MISC MISC MISC
mozilla — multiple_products	Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25735 MISC MISC MISC MISC
mozilla — multiple_products	An invalid downcast from `nsTextNode` to `SVGElement` could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25737 MISC MISC MISC MISC
mozilla — multiple_products	Members of the `DEVMODEW` struct set by the printer device driver weren’t being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables. This bug only affects Firefox on Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25738 MISC MISC MISC MISC
mozilla — multiple_products	Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in `ScriptLoadContext`. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25739 MISC MISC MISC MISC
mozilla — firefox	After downloading a Windows `.scf` script from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource. This bug only affects Firefox for Windows. Other operating systems are unaffected. This vulnerability affects Firefox < 110.	2023-06-02	not yet calculated	CVE-2023-25740 MISC MISC
mozilla — firefox	When dragging and dropping an image cross-origin, the image’s size could potentially be leaked. This behavior was shipped in 109 and caused web compatibility problems as well as this security concern, so the behavior was disabled until further review. This vulnerability affects Firefox < 110.	2023-06-02	not yet calculated	CVE-2023-25741 MISC MISC MISC MISC
mozilla — multiple_products	When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25742 MISC MISC MISC MISC
mozilla — firefox	A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome. This bug only affects Firefox Focus. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25743 MISC MISC MISC
mozilla — firefox	Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25744 MISC MISC MISC
mozilla — firefox	Mozilla developers Timothy Nikkel, Gabriele Svelto, Jeff Muizelaar and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110.	2023-06-02	not yet calculated	CVE-2023-25745 MISC MISC
mozilla — multiple_products	Mozilla developers Philipp and Gabriele Svelto reported memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.	2023-06-02	not yet calculated	CVE-2023-25746 MISC MISC MISC
mozilla — firefox_for_android	By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-25748 MISC MISC
mozilla — firefox_for_android	Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Firefox will now confirm with users that they want to launch an external application before doing so. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-25749 MISC MISC
mozilla — firefox	Under certain circumstances, a ServiceWorker’s offline cache may have leaked to the file system when using private browsing mode. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-25750 MISC MISC
mozilla — multiple_products	Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-25751 MISC MISC MISC MISC
mozilla — multiple_products	When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-25752 MISC MISC MISC MISC
linux — kernel	A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end of the buffer. This flaw enables full local privilege escalation.	2023-06-01	not yet calculated	CVE-2023-2598 MISC
linux — kernel	Jean-Baptiste Cayrou discovered that the shiftfs file system in the Ubuntu Linux kernel contained a race condition when handling inode locking in some situations. A local attacker could use this to cause a denial of service (kernel deadlock).	2023-05-31	not yet calculated	CVE-2023-2612 MISC MISC
cpp-httplib — cpp-httplib	Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete requests. This can lead to logical errors and other misbehaviors. Note: This issue is present due to an incomplete fix for [CVE-2020-11709](https://security.snyk.io/vuln/SNYK-UNMANAGED-YHIROSECPPHTTPLIB-2366507).	2023-05-30	not yet calculated	CVE-2023-26130 MISC MISC MISC MISC
theme_engine — theme_engine	All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting this vulnerability is possible when a file/resource is not found.	2023-05-31	not yet calculated	CVE-2023-26131 MISC MISC MISC MISC MISC
ibm — qradar_wincollect_agent	IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. IBM X-Force ID: 248156.	2023-05-31	not yet calculated	CVE-2023-26277 MISC MISC
ibm — qradar_wincollect_agent	IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. IBM X-Force ID: 248158.	2023-05-31	not yet calculated	CVE-2023-26278 MISC MISC
openssl — openssl	Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers – sub-identifiers – most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with ‘n’ being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer’s certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low.	2023-05-30	not yet calculated	CVE-2023-2650 MISC MISC MISC MISC MISC MISC MISC
churchcrm — churchcrm	A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.	2023-05-31	not yet calculated	CVE-2023-26842 MISC
silicon_labs — gecko_sdk	Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap.	2023-06-02	not yet calculated	CVE-2023-2687 MISC MISC
asustor — download_center	Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without appropriate permission restrictions. Download Center on ADM 4.0 and above will be affected. Affected products and versions include: Download Center 1.1.5.r1280 and below.	2023-05-31	not yet calculated	CVE-2023-2749 MISC
contec — conprosys_hmi_system	A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time.	2023-05-31	not yet calculated	CVE-2023-2758 MISC MISC
tshirtecommerce — tshirtecommerce	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter file_name in the tshirtecommerce/ajax.php?type=svg endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). Only files that can be parsed in XML can be opened. This is exploited in the wild in March 2023.	2023-06-01	not yet calculated	CVE-2023-27639 MISC
tshirtecommerce — tshirtecommerce	An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. An HTTP request can be forged with the POST parameter type in the /tshirtecommerce/fonts.php endpoint, to allow a remote attacker to traverse directories on the system in order to open files (without restriction on the extension and path). The content of the file is returned with base64 encoding. This is exploited in the wild in March 2023.	2023-06-01	not yet calculated	CVE-2023-27640 MISC
south_river_technologies — titanftp	An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.	2023-06-02	not yet calculated	CVE-2023-27744 MISC MISC
south_river_technologies — titanftp	An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server.	2023-06-02	not yet calculated	CVE-2023-27745 MISC MISC
wordpress — wordpress	The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resend_verification_email function. This allows unauthenticated attackers to impersonate users and trigger an email address verification for arbitrary accounts, including administrative accounts, and automatically be logged in as that user, including any site administrators. This requires the Allow Automatic Login After Successful Verification setting to be enabled, which it is not by default.	2023-06-03	not yet calculated	CVE-2023-2781 MISC MISC MISC MISC
dell — scg	Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.	2023-06-01	not yet calculated	CVE-2023-28043 MISC
dell — os_recovery_tool	Dell OS Recovery Tool, versions 2.2.4013 and 2.3.7012.0, contain an Improper Access Control Vulnerability. A local authenticated non-administrator user could potentially exploit this vulnerability in order to elevate privileges on the system.	2023-06-01	not yet calculated	CVE-2023-28066 MISC
dell — powerpath_for_windows	PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITYSYSTEM.	2023-05-30	not yet calculated	CVE-2023-28079 MISC
mattermost — mattermost	Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link.	2023-05-29	not yet calculated	CVE-2023-2808 MISC
dell — powerpath_for_windows	PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. A regular user (non-admin) can exploit these issues to potentially escalate privileges and execute arbitrary code in the context of NT AUTHORITYSYSTEM.	2023-05-30	not yet calculated	CVE-2023-28080 MISC
arm — mali_gpu	An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Midgard r29p0 through r32p0, Bifrost r17p0 through r42p0 before r43p0, Valhall r19p0 through r42p0 before r43p0, and Arm’s GPU Architecture Gen5 r41p0 through r42p0 before r43p0.	2023-06-02	not yet calculated	CVE-2023-28147 MISC
kiddoware_kids_place_parental_control — kiddoware_kids_place_parental_control_for_android	An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into Android Safe Mode and disabling the “Display over other apps” permission.	2023-05-29	not yet calculated	CVE-2023-28153 MISC
mozilla — firefox_for_android	The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. This bug only affects Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-28159 MISC MISC
hashicorp — consul/consul_enterprise	Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the service(s) corresponding to those modified proxies.	2023-06-02	not yet calculated	CVE-2023-2816 MISC
mozilla — firefox	When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-28160 MISC MISC
mozilla — firefox	If temporary “one-time” permissions, such as the ability to use the Camera, were granted to a document loaded using a file: URL, that permission persisted in that tab for all other documents loaded from a file: URL. This is potentially dangerous if the local files came from different sources, such as in a download directory. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-28161 MISC MISC
mozilla — multiple_products	While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-28162 MISC MISC MISC MISC
mozilla — multiple_products	When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-28163 MISC MISC MISC MISC
mozilla — multiple_products	Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-28164 MISC MISC MISC MISC
mozilla — multiple_products	Mozilla developers Timothy Nikkel, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.	2023-06-02	not yet calculated	CVE-2023-28176 MISC MISC MISC MISC
mozilla — firefox	Mozilla developers and community members Calixte Denizet, Gabriele Svelto, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 110. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111.	2023-06-02	not yet calculated	CVE-2023-28177 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified screenshots on behalf of students. Attackers are able to view screenshots of student desktops without their consent. These screenshots may potentially contain sensitive/personal data. Attackers can also rapidly submit falsified images, hiding the actual contents of student desktops from the Teacher Console.	2023-05-31	not yet calculated	CVE-2023-28344 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher’s Console password in cleartext via an API endpoint accessible from localhost. Attackers with physical access to the Teacher Console can open a web browser, navigate to the affected endpoint and obtain the teacher’s password. This enables them to log into the Teacher Console and begin trivially attacking student machines.	2023-05-31	not yet calculated	CVE-2023-28345 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc. despite Virtual Host Routing being used to block this access. Remote attackers can interact with private pages on the web server, enabling them to perform privileged actions such as logging into the console and changing console settings if they have valid credentials.	2023-05-31	not yet calculated	CVE-2023-28346 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated attackers with the ability to exploit XSS vulnerabilities within the Teacher Console application and achieve remote code execution as NT AUTHORITY/SYSTEM on all connected Student Consoles and the Teacher Console in a Zero Click manner.	2023-05-31	not yet calculated	CVE-2023-28347 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept student keystrokes or modify executable files being sent from teachers to students.	2023-05-31	not yet calculated	CVE-2023-28348 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can compel Student Consoles to connect and put themselves at risk automatically. Connected Student Consoles can be compelled to write arbitrary files to arbitrary locations on disk with NT AUTHORITY/SYSTEM level permissions, enabling remote code execution.	2023-05-31	not yet calculated	CVE-2023-28349 MISC MISC
wordpress — wordpress	The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search’ parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.	2023-06-02	not yet calculated	CVE-2023-2835 MISC MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to execute JavaScript in these applications. Due to the rich and highly privileged functionality offered by the Teacher Console, the ability to silently exploit Cross Site Scripting (XSS) on the Teacher Machine enables remote code execution on any connected student machine (and the teacher’s machine).	2023-05-31	not yet calculated	CVE-2023-28350 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory. A local attacker can trivially extract these cleartext keystrokes, potentially enabling them to obtain PII and/or to compromise personal accounts owned by the victim.	2023-05-31	not yet calculated	CVE-2023-28351 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher Console even after Enhanced Security Mode has been enabled.	2023-05-31	not yet calculated	CVE-2023-28352 MISC MISC
faronics — insight_for_windows	An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console’s computer, enabling a variety of different exploitation paths including code execution. It is also possible for the attacker to chain this vulnerability with others to cause a deployed DLL file to immediately execute as NT AUTHORITY/SYSTEM.	2023-05-31	not yet calculated	CVE-2023-28353 MISC MISC
wordpress — wordpress	The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.	2023-05-31	not yet calculated	CVE-2023-2836 MISC MISC MISC
contec — conprosys_hmi_system	Incorrect permission assignment for critical resource exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. ACL (Access Control List) is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC where the affected product is installed. As a result, the user may be able to destroy the system and/or execute a malicious program.	2023-06-01	not yet calculated	CVE-2023-28399 MISC MISC MISC
arm — mali_gpu	An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r42p0 before r43p0, and Arm’s GPU Architecture Gen5 r41p0 through r42p0 before r43p0.	2023-06-02	not yet calculated	CVE-2023-28469 MISC
contec — conprosys_hmi_system	Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is accessing the affected product with an administrative privilege.	2023-06-01	not yet calculated	CVE-2023-28651 MISC MISC MISC
contec — conprosys_hmi_system	Improper access control vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user of the PC where the affected product is installed may gain an administrative privilege. As a result, information regarding the product may be obtained and/or altered by the user.	2023-06-01	not yet calculated	CVE-2023-28657 MISC MISC MISC
contec — conprosys_hmi_system	Plaintext storage of a password exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Because account information of the database is saved in a local file in plaintext, a user who can access the PC where the affected product is installed can obtain the information. As a result, information in the database may be obtained and/or altered by the user.	2023-06-01	not yet calculated	CVE-2023-28713 MISC MISC MISC
contec — conprosys_hmi_system	Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may bypass the database restriction set on the query setting page, and connect to a user unintended database.	2023-06-01	not yet calculated	CVE-2023-28824 MISC MISC MISC
saison_information_systems — dataspider_servista	DataSpider Servista version 4.4 and earlier uses a hard-coded cryptographic key. DataSpider Servista is data integration software. ScriptRunner and ScriptRunner for Amazon SQS are used to start the configured processes on DataSpider Servista. The cryptographic key is embedded in ScriptRunner and ScriptRunner for Amazon SQS, which is common to all users. If an attacker who can gain access to a target DataSpider Servista instance and obtain a Launch Settings file of ScriptRunner and/or ScriptRunner for Amazon SQS, the attacker may perform operations with the user privilege encrypted in the file.	2023-06-01	not yet calculated	CVE-2023-28937 MISC MISC
asustor — adm	EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Affected products and versions include: ADM 4.0.6.REG2, 4.1.0 and below as well as ADM 4.2.1.RGE2 and below.	2023-05-31	not yet calculated	CVE-2023-2909 MISC
contec — conprosys_hmi_system	SQL injection vulnerability exists in the CONPROSYS HMI System (CHS) versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page.	2023-06-01	not yet calculated	CVE-2023-29154 MISC MISC MISC
starlette — starlette	Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.	2023-06-01	not yet calculated	CVE-2023-29159 MISC MISC MISC
wireshark — wireshark	XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file	2023-05-30	not yet calculated	CVE-2023-2952 CONFIRM MISC MISC MLIST
openldap — openldap	A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.	2023-05-30	not yet calculated	CVE-2023-2953 MISC MISC
mozilla — multiple_products	A website could have obscured the fullscreen notification by using a combination of `window.open`, fullscreen requests, `window.name` assignments, and `setInterval` calls. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29533 MISC MISC MISC MISC MISC
mozilla — multiple_products	Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29535 MISC MISC MISC MISC
mozilla — multiple_products	An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29536 MISC MISC MISC MISC
mozilla — multiple_products	Multiple race conditions in the font initialization could have led to memory corruption and execution of attacker-controlled code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29537 MISC MISC MISC MISC
mozilla — multiple_products	Under specific circumstances a WebExtension may have received a `jar:file:///` URI instead of a `moz-extension:///` URI during a load request. This leaked directory paths on the user’s machine. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29538 MISC MISC
mozilla — multiple_products	When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29539 MISC MISC MISC MISC
mozilla — multiple_products	Using a redirect embedded into `sourceMappingUrls` could allow for navigation to external protocol links in sandboxed iframes without `allow-top-navigation-to-custom-protocols`. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29540 MISC MISC
mozilla — multiple_products	Firefox did not properly handle downloads of files ending in `.desktop`, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable to enumerate all affected Linux Distributions. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29541 MISC MISC MISC MISC
mozilla — multiple_products	An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object’s debugger vector. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29543 MISC MISC
mozilla — multiple_products	If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29544 MISC MISC
mozilla — multiple_products	When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29547 MISC MISC
mozilla — multiple_products	A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29548 MISC MISC MISC MISC
mozilla — multiple_products	Under certain circumstances, a call to the `bind` function may have resulted in the incorrect realm. This may have created a vulnerability relating to JavaScript-implemented sandboxes such as SES. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29549 MISC MISC
mozilla — multiple_products	Mozilla developers Randell Jesup, Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.	2023-06-02	not yet calculated	CVE-2023-29550 MISC MISC MISC MISC
mozilla — multiple_products	Mozilla developers Randell Jesup, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 111. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.	2023-06-02	not yet calculated	CVE-2023-29551 MISC MISC
socket.remoteaddress — socket.remoteaddress	A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.	2023-05-30	not yet calculated	CVE-2023-2968 MISC
mindspore — mindspore	A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. This vulnerability affects the function JsonHelper::UpdateArray of the file mindspore/ccsrc/minddata/dataset/util/json_helper.cc. The manipulation leads to memory corruption. The name of the patch is 30f4729ea2c01e1ed437ba92a81e2fc098d608a9. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-230176.	2023-05-30	not yet calculated	CVE-2023-2970 MISC MISC MISC MISC
utils — utils	Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.	2023-05-30	not yet calculated	CVE-2023-2972 CONFIRM MISC
glitter_unicorn_wallpaper — glitter_unicorn_wallpaper_for_android	The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized apps to actively request permission to modify data in the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.	2023-06-01	not yet calculated	CVE-2023-29722 MISC
glitter_unicorn_wallpaper — glitter_unicorn_wallpaper_for_android	The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.	2023-06-01	not yet calculated	CVE-2023-29723 MISC
bt21_x_bts_wallpaper — bt21_x_bts_wallpaper_for_android	The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the app is opened. An attacker could tamper with this data to cause an escalation of privilege attack.	2023-06-02	not yet calculated	CVE-2023-29724 MISC MISC MISC
bt21_x_bts_wallpaper — bt21_x_bts_wallpaper_for_android	The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user’s personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting data, the attacker can force the application to load malicious image URLs and display them in the UI. As the amount of data increases, it will eventually cause the application to trigger an OOM error and crash, resulting in a persistent denial of service attack.	2023-06-02	not yet calculated	CVE-2023-29725 MISC MISC MISC MISC
call_blocker — call_blocker_for_android	The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application’s database. When the application starts, it loads the data from the database into memory. Once the attacker injects too much data, the application triggers an OOM error and crashes, resulting in a persistent denial of service.	2023-05-30	not yet calculated	CVE-2023-29726 MISC MISC MISC
call_blocker — call_blocker_for_android	The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause an escalation of privilege attack.	2023-05-30	not yet calculated	CVE-2023-29727 MISC MISC MISC
call_blocker — call_blocker_for_android	The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.	2023-05-30	not yet calculated	CVE-2023-29728 MISC MISC MISC
sourcecodester — students_online_internship_timesheet_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_company. The manipulation of the argument name with the input leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230204.	2023-05-30	not yet calculated	CVE-2023-2973 MISC MISC MISC
solive — solive_for_android	SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.	2023-05-30	not yet calculated	CVE-2023-29731 MISC
solive — solive_for_android	SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.	2023-05-30	not yet calculated	CVE-2023-29732 MISC
lock_master — lock_master_for_android	The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by unauthorized apps can cause security issues, such as functionality manipulation, resulting in a severe escalation of privilege attack.	2023-05-30	not yet calculated	CVE-2023-29733 MISC
edjing_mix –edjing_mix_for_android	An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.	2023-05-30	not yet calculated	CVE-2023-29734 MISC
edjing_mix –edjing_mix_for_android	An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files.	2023-05-30	not yet calculated	CVE-2023-29735 MISC
keyboard_themes — keyboard_themes_for_android	Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows unauthorized apps to overwrite arbitrary files in its internal storage and achieve arbitrary code execution.	2023-06-01	not yet calculated	CVE-2023-29736 MISC
wave_animated_keyboard_emoji — wave_animated_keyboard_emoji_for_android	An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files.	2023-05-30	not yet calculated	CVE-2023-29737 MISC MISC MISC
wave_animated_keyboard_emoji — wave_animated_keyboard_emoji_for_android	An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files.	2023-05-30	not yet calculated	CVE-2023-29738 MISC MISC MISC MISC
alarm_clock_for_heavy_sleepers — alarm_clock_for_heavy_sleepers_for_android	An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.	2023-05-30	not yet calculated	CVE-2023-29739 MISC MISC MISC
alarm_clock_for_heavy_sleepers — alarm_clock_for_heavy_sleepers_for_android	An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database.	2023-05-30	not yet calculated	CVE-2023-29740 MISC MISC MISC MISC
bestweather — bestweather	An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database.	2023-05-30	not yet calculated	CVE-2023-29741 MISC MISC MISC
bestweather — bestweather	An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database.	2023-05-31	not yet calculated	CVE-2023-29742 MISC MISC MISC
bestweather — bestweather	An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.	2023-05-30	not yet calculated	CVE-2023-29743 MISC MISC MISC
bestweather — bestweather	An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database.	2023-05-31	not yet calculated	CVE-2023-29745 MISC MISC MISC MISC
thethaiger — thethaiger	An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files.	2023-06-02	not yet calculated	CVE-2023-29746 MISC MISC MISC MISC
instagram — video_downloader_for_android	Story Saver for Instragram – Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in any SharedPreference file, these data will be loaded into the memory when the application is opened. Depending on how the data is used, this can result in various attack consequences, such as ad display exceptions.	2023-05-31	not yet calculated	CVE-2023-29747 MISC MISC MISC
instagram — video_downloader_for_android	Story Saver for Instragram – Video Downloader 1.0.6 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount of data into any SharedPreference file, which will be loaded into memory when the application is opened. When an attacker injects too much data, the application will trigger an OOM error and crash at startup, resulting in a persistent denial of service.	2023-06-01	not yet calculated	CVE-2023-29748 MISC MISC MISC MISC
opensc — opensc	A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.	2023-06-01	not yet calculated	CVE-2023-2977 MISC MISC MISC MISC
abstrium_pydio_cells — abstrium_pydio_cells	A vulnerability was found in Abstrium Pydio Cells 4.2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Change Subscription Handler. The manipulation leads to authorization bypass. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-230210 is the identifier assigned to this vulnerability.	2023-05-30	not yet calculated	CVE-2023-2978 MISC MISC MISC
abstrium_pydio_cells — abstrium_pydio_cells	A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211.	2023-05-30	not yet calculated	CVE-2023-2979 MISC MISC MISC
abstrium_pydio_cells — abstrium_pydio_cells	A vulnerability classified as critical was found in Abstrium Pydio Cells 4.2.0. This vulnerability affects unknown code of the component User Creation Handler. The manipulation leads to improper control of resource identifiers. The attack can be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230212.	2023-05-30	not yet calculated	CVE-2023-2980 MISC MISC MISC
abstrium_pydio_cells — abstrium_pydio_cells	A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. This issue affects some unknown processing of the component Chat. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230213 was assigned to this vulnerability.	2023-05-30	not yet calculated	CVE-2023-2981 MISC MISC MISC
pimcore — pimcore	Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23.	2023-05-30	not yet calculated	CVE-2023-2983 CONFIRM MISC
pimcore — pimcore	Path Traversal: ‘..filename’ in GitHub repository pimcore/pimcore prior to 10.5.22.	2023-05-30	not yet calculated	CVE-2023-2984 CONFIRM MISC
linux — kernel	A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.	2023-06-01	not yet calculated	CVE-2023-2985 MISC
wordpress — wordpress	The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the ‘wa_pdx_op_config_set’ function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated attackers to the plugin to change the ‘validation_token’ in the plugin config, providing access to the plugin’s remote control functionalities, such as creating an admin access URL, which can be used for privilege escalation.	2023-05-31	not yet calculated	CVE-2023-2987 MISC MISC MISC MISC
sourcecodester — train_station_ticketing_system	A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_prices.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230347.	2023-05-31	not yet calculated	CVE-2023-3003 MISC MISC MISC
sourcecodester — simple_chat_system	A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=read_msg of the component POST Parameter Handler. The manipulation of the argument convo_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230348.	2023-05-31	not yet calculated	CVE-2023-3004 MISC MISC MISC
sourcecodester — local_service_search_engine_management_system	A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. This affects an unknown part of the file /admin/ajax.php?action=save_area of the component POST Parameter Handler. The manipulation of the argument area with the input leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230349 was assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2023-3005 MISC MISC MISC
linux — kernel	A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious code uses the shared branch history (stored in the CPU Branch History Buffer, or BHB) to influence mispredicted branches within the victim’s hardware context. Once that occurs, speculation caused by the mispredicted branches can cause cache allocation. This issue leads to obtaining information that should not be accessible.	2023-05-31	not yet calculated	CVE-2023-3006 MISC
student_management_system — student_management_system	A vulnerability was found in ningzichun Student Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file resetPassword.php of the component Password Reset Handler. The manipulation of the argument sid leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230354 is the identifier assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2023-3007 MISC MISC MISC
student_management_system — student_management_system	A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument user/pass leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230355.	2023-05-31	not yet calculated	CVE-2023-3008 MISC MISC MISC
teampass — teampass	Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.	2023-05-31	not yet calculated	CVE-2023-3009 CONFIRM MISC
gpac — gpac	NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.	2023-05-31	not yet calculated	CVE-2023-3012 MISC CONFIRM
gpac — gpac	Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2.	2023-05-31	not yet calculated	CVE-2023-3013 CONFIRM MISC
beipyvideoresolution — beipyvideoresolution	A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Affected is an unknown function of the file admin/admincore.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-230358 is the identifier assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2023-3014 MISC MISC MISC
prestashop — cityautocomplete	SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for PrestaShop version 1.7), allows remote attackers to execute arbitrary SQL commands via the type, input_name. or q parameter in the autocompletion.php front controller.	2023-06-02	not yet calculated	CVE-2023-30149 MISC MISC
vip_video_analysis — vip_video_analysis	A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file data/title.php. The manipulation of the argument titurl leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230359.	2023-05-31	not yet calculated	CVE-2023-3015 MISC MISC MISC
vip_video_analysis — vip_video_analysis	A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/admincore.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230360.	2023-05-31	not yet calculated	CVE-2023-3016 MISC MISC MISC
sourcecodester — lost_and_found_information_system	A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2023-3017 MISC MISC MISC
sourcecodester — lost_and_found_information_system	A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability.	2023-05-31	not yet calculated	CVE-2023-3018 MISC MISC MISC MISC
prestashop — salesbooster	Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php.	2023-05-30	not yet calculated	CVE-2023-30196 MISC MISC
prestashop — myinventory	Incorrect Access Control in the module “My inventory” (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack.	2023-05-31	not yet calculated	CVE-2023-30197 MISC MISC
i-librarian-free — i-librarian-free	Cross-site Scripting (XSS) – Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4.	2023-05-31	not yet calculated	CVE-2023-3020 CONFIRM MISC
i-librarian-free — i-librarian-free	Cross-site Scripting (XSS) – Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4.	2023-05-31	not yet calculated	CVE-2023-3021 CONFIRM MISC
dolibarr — dolibarr	Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data.	2023-05-29	not yet calculated	CVE-2023-30253 MISC MISC MISC
drawio — drawio	Cross-site Scripting (XSS) – Stored in GitHub repository jgraph/drawio prior to 21.2.8.	2023-06-01	not yet calculated	CVE-2023-3026 MISC CONFIRM
hangzhou_hopechart_iot_technology — hqt401	Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: – The MQTT backend does not require authentication, allowing unauthorized connections from an attacker. – The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend. – The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle’s location. – The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend. The confirmed version is 201808021036, however further versions have been also identified as potentially impacted.	2023-06-01	not yet calculated	CVE-2023-3028 MISC
atlassian — jira	An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser.	2023-05-31	not yet calculated	CVE-2023-30285 MISC MISC MISC
guangdong — pythagorean_oa_office_system	A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. This vulnerability affects unknown code of the file /note/index/delete. The manipulation of the argument id leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230458 is the identifier assigned to this vulnerability.	2023-06-01	not yet calculated	CVE-2023-3029 MISC MISC MISC
prestashop — king-avis	Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15.	2023-06-02	not yet calculated	CVE-2023-3031 MISC
mobatime — mobatime	Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.This issue affects Mobatime web application: through 06.7.22.	2023-06-02	not yet calculated	CVE-2023-3032 MISC
mobatime — mobatime	Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22.	2023-06-02	not yet calculated	CVE-2023-3033 MISC
guangdong — pythagorean_oa_office_system	A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Schedule Handler. The manipulation of the argument description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230467.	2023-06-01	not yet calculated	CVE-2023-3035 MISC MISC MISC
xpdf — xpdf	An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf’s text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.	2023-06-02	not yet calculated	CVE-2023-3044 MISC MISC
wordpress — wordpress	The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ‘azh_post’ shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.	2023-06-03	not yet calculated	CVE-2023-3051 MISC MISC MISC
wordpress — wordpress	The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the ‘azh_add_post’, ‘azh_duplicate_post’, ‘azh_update_post’ and ‘azh_remove_post’ functions. This makes it possible for unauthenticated attackers to create, modify, and delete a post via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-3052 MISC MISC MISC MISC MISC MISC
wordpress — wordpress	The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ‘azh_add_post’ function in versions up to, and including, 1.27.133. This makes it possible for authenticated attackers to create a post with any post type and post status.	2023-06-03	not yet calculated	CVE-2023-3053 MISC MISC MISC
wordpress — wordpress	The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the ‘azh_save’ function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.	2023-06-03	not yet calculated	CVE-2023-3055 MISC MISC
yfcmf — yfcmf	A vulnerability was found in YFCMF up to 3.0.4. It has been declared as problematic. This vulnerability affects unknown code of the file index.php. The manipulation leads to path traversal: ‘../filedir’. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230542 is the identifier assigned to this vulnerability.	2023-06-02	not yet calculated	CVE-2023-3056 MISC MISC MISC
yfcmf — yfcmf	A vulnerability was found in YFCMF up to 3.0.4. It has been rated as problematic. This issue affects some unknown processing of the file app/admin/controller/Ajax.php. The manipulation of the argument controllername leads to path traversal: ‘../filedir’. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230543.	2023-06-02	not yet calculated	CVE-2023-3057 MISC MISC MISC
libarchive — libarchive	Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories.	2023-05-29	not yet calculated	CVE-2023-30571 MISC MISC
07fly — crm	A vulnerability was found in 07FLY CRM up to 1.2.0. It has been declared as problematic. This vulnerability affects unknown code of the component User Profile Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230560.	2023-06-02	not yet calculated	CVE-2023-3058 MISC MISC MISC
sourcecodester — online_exam_form_submission	A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/update_s6.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230565 was assigned to this vulnerability.	2023-06-02	not yet calculated	CVE-2023-3059 MISC MISC MISC
code-projects — agro-school_management_system	A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. This vulnerability affects the function doAddQuestion of the file btn_functions.php. The manipulation of the argument Question leads to cross site scripting. The attack can be initiated remotely. VDB-230566 is the identifier assigned to this vulnerability.	2023-06-02	not yet calculated	CVE-2023-3060 MISC MISC MISC
oracle — apache_cassandra	Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.0.9, from 4.1.0 through 4.1.1. WORKAROUND The vulnerability requires nodetool/JMX access to be exploitable, disable access for any non-trusted users. MITIGATION Upgrade to 4.0.10 or 4.1.2 and leave the new FQL/Auditlog configuration property allow_nodetool_archive_command as false.	2023-05-30	not yet calculated	CVE-2023-30601 MISC
code-projects — agro-school_management_system	A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-230567.	2023-06-02	not yet calculated	CVE-2023-3061 MISC MISC MISC
code-projects — agro-school_management_system	A vulnerability was found in code-projects Agro-School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-230568.	2023-06-02	not yet calculated	CVE-2023-3062 MISC MISC MISC
trilium — trilium	Cross-site Scripting (XSS) – Stored in GitHub repository zadam/trilium prior to 0.59.4.	2023-06-02	not yet calculated	CVE-2023-3067 MISC CONFIRM
campcodes_retro_cellphone_online_store — campcodes_retro_cellphone_online_store	A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Affected is an unknown function of the file /admin/modal_add_product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-230580.	2023-06-02	not yet calculated	CVE-2023-3068 MISC MISC MISC
corebos — corebos	Unverified Password Change in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3069 MISC CONFIRM
corebos — corebos	Cross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3070 CONFIRM MISC
corebos — corebos	Cross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3071 MISC CONFIRM
corebos — corebos	Cross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3073 MISC CONFIRM
corebos — corebos	Cross-site Scripting (XSS) – Stored in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3074 CONFIRM MISC
corebos — corebos	Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8.	2023-06-02	not yet calculated	CVE-2023-3075 CONFIRM MISC
pleasanter — pleasanter	Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script.	2023-06-01	not yet calculated	CVE-2023-30758 MISC MISC MISC
teampass — teampass	Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.	2023-06-03	not yet calculated	CVE-2023-3083 MISC CONFIRM
teampass — teampass	Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.	2023-06-03	not yet calculated	CVE-2023-3084 MISC CONFIRM
x-wrt_luci — x-wrt_luci	A vulnerability, which was classified as problematic, has been found in X-WRT luci up to 22.10_b202303061504. This issue affects the function run_action of the file modules/luci-base/ucode/dispatcher.uc of the component 404 Error Template Handler. The manipulation of the argument request_path leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 22.10_b202303121313 is able to address this issue. The name of the patch is 24d7da2416b9ab246825c33c213fe939a89b369c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230663.	2023-06-03	not yet calculated	CVE-2023-3085 MISC MISC MISC MISC
teampass — teampass	Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9.	2023-06-03	not yet calculated	CVE-2023-3086 CONFIRM MISC
rozcom — rozcom	ROZCOM client CWE-798: Use of Hard-coded Credentials	2023-05-30	not yet calculated	CVE-2023-31184 MISC
rozcom — rozcom	ROZCOM server framework – Misconfiguration may allow information disclosure via an unspecified request.	2023-05-30	not yet calculated	CVE-2023-31185 MISC
churchcrm — churchcrm	A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.	2023-05-31	not yet calculated	CVE-2023-31548 MISC
jenkins — jenkins	Tuleap is an open source tool for end to end traceability of application and system developments. Tuleap Community Edition prior to version 14.8.99.60 and Tuleap Enterprise edition prior to 14.8-3 and 14.7-7, the logs of the triggered Jenkins job URLs are not properly escaped. A malicious Git administrator can setup a malicious Jenkins hook to make a victim, also a Git administrator, execute uncontrolled code. Tuleap Community Edition 14.8.99.60, Tuleap Enterprise Edition 14.8-3, and Tuleap Enterprise Edition 14.7-7 contain a patch for this issue.	2023-05-29	not yet calculated	CVE-2023-32072 MISC MISC MISC MISC
opensuse — libeconf	A Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2.	2023-06-01	not yet calculated	CVE-2023-32181 MISC MISC
mozilla — multiple_products	In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32205 MISC MISC MISC MISC MISC
mozilla — multiple_products	An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32206 MISC MISC MISC MISC
mozilla — multiple_products	A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32207 MISC MISC MISC MISC
mozilla — multiple_products	A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32211 MISC MISC MISC MISC
mozilla — multiple_products	An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32212 MISC MISC MISC MISC
mozilla — multiple_products	When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32213 MISC MISC MISC MISC
mozilla — multiple_products	Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.	2023-06-02	not yet calculated	CVE-2023-32215 MISC MISC MISC MISC
sofia-sip — sofia-sip	Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Referring to [GHSA-8599-x7rq-fr54] (https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54), several other potential heap-over-flow and integer-overflow in stun_parse_attr_error_code and stun_parse_attr_uint32 were found because the lack of attributes length check when Sofia-SIP handles STUN packets. The previous patch of [GHSA-8599-x7rq-fr54] (https://github.com/freeswitch/sofia-sip/security/advisories/GHSA-8599-x7rq-fr54) fixed the vulnerability when attr_type did not match the enum value, but there are also vulnerabilities in the handling of other valid cases. The OOB read and integer-overflow made by attacker may lead to crash, high consumption of memory or even other more serious consequences. These issue have been addressed in version 1.13.15. Users are advised to upgrade.	2023-05-26	not yet calculated	CVE-2023-32307 MISC MISC
dataease — dataease	DataEase is an open source data visualization and analysis tool. The API interface for DataEase delete dashboard and delete system messages is vulnerable to insecure direct object references (IDOR). This could result in a user deleting another user’s dashboard or messages or interfering with the interface for marking messages read. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.	2023-06-01	not yet calculated	CVE-2023-32310 MISC MISC MISC MISC
openprinting_cups — openprinting_cups	OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.	2023-06-01	not yet calculated	CVE-2023-32324 MISC MISC
ibm — gskit	IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 255828.	2023-05-30	not yet calculated	CVE-2023-32342 MISC
dell — powerpath_for_windows	PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. A local user with access to the installation directory can retrieve the license key of the product and use it to install and license PowerPath on different systems.	2023-05-30	not yet calculated	CVE-2023-32448 MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kyle Maurer Don8 plugin <= 0.4 versions.	2023-06-03	not yet calculated	CVE-2023-32582 MISC
lima-vm — lima	Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to version 0.16.0, a virtual machine instance with a malicious disk image could read a single file on the host filesystem, even when no filesystem is mounted from the host. The official templates of Lima and the well-known third party products (Colima, Rancher Desktop, and Finch) are unlikely to be affected by this issue. To exploit this issue, the attacker has to embed the target file path (an absolute or a relative path from the instance directory) in a malicious disk image, as the qcow2 (or vmdk) backing file path string. As Lima refuses to run as the root, it is practically impossible for the attacker to read the entire host disk via `/dev/rdiskN`. Also, practically, the attacker cannot read at least the first 512 bytes (MBR) of the target file. The issue has been patched in Lima in version 0.16.0 by prohibiting using a backing file path in the VM base image.	2023-05-30	not yet calculated	CVE-2023-32684 MISC MISC MISC
kanboard — kanboard	Kanboard is project management software that focuses on the Kanban methodology. Due to improper handling of elements under the `contentEditable` element, maliciously crafted clipboard content can inject arbitrary HTML tags into the DOM. A low-privileged attacker with permission to attach a document on a vulnerable Kanboard instance can trick the victim into pasting malicious screenshot data and achieve cross-site scripting if CSP is improperly configured. This issue has been patched in version 1.2.29.	2023-05-30	not yet calculated	CVE-2023-32685 MISC MISC MISC
tgstation — tgstation-server	tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and prior to 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a workaround, remove the list chat bots permission from users that should not have the ability to view connection strings. Invalidate any credentials previously stored for safety.	2023-05-29	not yet calculated	CVE-2023-32687 MISC MISC MISC
parse_server — parse_server	Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 5.4.4 and 6.1.1 are vulnerable to a phishing attack vulnerability that involves a user uploading malicious files. A malicious user could upload an HTML file to Parse Server via its public API. That HTML file would then be accessible at the internet domain at which Parse Server is hosted. The URL of the the uploaded HTML could be shared for phishing attacks. The HTML page may seem legitimate because it is served under the internet domain where Parse Server is hosted, which may be the same as a company’s official website domain. An additional security issue arises when the Parse JavaScript SDK is used. The SDK stores sessions in the internet browser’s local storage, which usually restricts data access depending on the internet domain. A malicious HTML file could contain a script that retrieves the user’s session token from local storage and then share it with the attacker. The fix included in versions 5.4.4 and 6.1.1 adds a new Parse Server option `fileUpload.fileExtensions` to restrict file upload on Parse Server by file extension. It is recommended to restrict file upload for HTML file extensions, which this fix disables by default. If an app requires upload of files with HTML file extensions, the option can be set to `[‘.*’]` or another custom value to override the default.	2023-05-30	not yet calculated	CVE-2023-32689 MISC MISC MISC
libspdm — libspdm	libspdm is a sample implementation that follows the DMTF SPDM specifications. Prior to versions 2.3.3 and 3.0, following a successful CAPABILITIES response, a libspdm Requester stores the Responder’s CTExponent into its context without validation. If the Requester sends a request message that requires a cryptography operation by the Responder, such as CHALLENGE, libspdm will calculate the timeout value using the Responder’s unvalidated CTExponent. A patch is available in version 2.3.3. A workaround is also available. After completion of VCA, the Requester can check the value of the Responder’s CTExponent. If it greater than or equal to 64, then the Requester can stop communication with the Responder.	2023-06-01	not yet calculated	CVE-2023-32690 MISC MISC MISC
golang — gost	gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`’s `ConstantTimeCompare`.	2023-05-30	not yet calculated	CVE-2023-32691 MISC MISC
codeigniter4 — codeigniter4	CodeIgniter is a PHP full-stack web framework. This vulnerability allows attackers to execute arbitrary code when you use Validation Placeholders. The vulnerability exists in the Validation library, and validation methods in the controller and in-model validation are also vulnerable because they use the Validation library internally. This issue is patched in version 4.3.5.	2023-05-30	not yet calculated	CVE-2023-32692 MISC MISC
ckan — ckan	CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files in the docker container and the `ckan` user had the permissions to use sudo. These issues allowed for code execution or privilege escalation if an arbitrary file write bug was available. Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.	2023-05-30	not yet calculated	CVE-2023-32696 MISC MISC
goreleaser — nfpm	nFPM is an alternative to fpm. The file permissions on the checked-in files were not maintained. Hence, when nfpm packaged the files (without extra config for enforcing it’s own permissions) files could go out with bad permissions (chmod 666 or 777). Anyone using nfpm for creating packages without checking/setting file permissions before packaging could result in bad permissions for files/folders.	2023-05-30	not yet calculated	CVE-2023-32698 MISC MISC MISC
metersphere — metersphere	MeterSphere is an open source continuous testing platform. Version 2.9.1 and prior are vulnerable to denial of service. ?The `checkUserPassword` method is used to check whether the password provided by the user matches the password saved in the database, and the `CodingUtil.md5` method is used to encrypt the original password with MD5 to ensure that the password will not be saved in plain text when it is stored. If a user submits a very long password when logging in, the system will be forced to execute the long password MD5 encryption process, causing the server CPU and memory to be exhausted, thereby causing a denial of service attack on the server. This issue is fixed in version 2.10.0-lts with a maximum password length.	2023-05-30	not yet calculated	CVE-2023-32699 MISC MISC
splunk — splunk_enterprise	On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of service in the Splunk daemon.	2023-06-01	not yet calculated	CVE-2023-32706 MISC
splunk — splunk_enterprise	In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.	2023-06-01	not yet calculated	CVE-2023-32707 MISC MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them potentially access other REST endpoints in the system arbitrarily.	2023-06-01	not yet calculated	CVE-2023-32708 MISC MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint.	2023-06-01	not yet calculated	CVE-2023-32709 MISC MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run.	2023-06-01	not yet calculated	CVE-2023-32710 MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a stored cross-site scripting (XSS) payload.	2023-06-01	not yet calculated	CVE-2023-32711 MISC MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an attacker can use a specially crafted web URL in their browser to cause log file poisoning. The attack requires the attacker to have secure shell (SSH) access to the instance and use a terminal program that supports a certain feature set to execute the attack successfully.	2023-06-01	not yet calculated	CVE-2023-32712 MISC
splunk — splunk_app_for_stream	In Splunk App for Stream versions below 8.1.1, a low-privileged user could use a vulnerability in the streamfwd process within the Splunk App for Stream to escalate their privileges on the machine that runs the Splunk Enterprise instance, up to and including the root user.	2023-06-01	not yet calculated	CVE-2023-32713 MISC
splunk — splunk_app_for_lookup_file_editing	In the Splunk App for Lookup File Editing versions below 4.0.1, a low-privileged user can, with a specially crafted web request, trigger a path traversal exploit that can then be used to read and write to restricted areas of the Splunk installation directory.	2023-06-01	not yet calculated	CVE-2023-32714 MISC MISC
splunk — splunk_app_for_lookup_file_editing	In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. The app itself does not contain the potentially malicious JavaScript code. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser, and requires additional user interaction to trigger. The attacker cannot exploit the vulnerability at will.	2023-06-01	not yet calculated	CVE-2023-32715 MISC
splunk — splunk_enterprise	In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon.	2023-06-01	not yet calculated	CVE-2023-32716 MISC MISC
splunk — splunk_enterprise	On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job.	2023-06-01	not yet calculated	CVE-2023-32717 MISC MISC
wordpress — wordpress	Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nose Graze Novelist plugin <= 1.2.0 versions.	2023-05-28	not yet calculated	CVE-2023-32958 MISC
toui — toui	ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. ToUI is using Flask-Caching (SimpleCache) to store user variables. Websites that use `Website.user_vars` property. It affects versions 2.0.1 to 2.4.0. This issue has been patched in version 2.4.1.	2023-05-30	not yet calculated	CVE-2023-33175 MISC MISC
xibo — xibo	Xibo is a content management system (CMS). A path traversal vulnerability exists in the Xibo CMS whereby a specially crafted zip file can be uploaded to the CMS via the layout import function by an authenticated user which would allow creation of files outside of the CMS library directory as the webserver user. This can be used to upload a PHP webshell inside the web root directory and achieve remote code execution as the webserver user. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. Customers who host their CMS with Xibo Signage have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running.	2023-05-30	not yet calculated	CVE-2023-33177 MISC MISC MISC MISC MISC
xibo — xibo	Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `/dataset/data/{id}` API route inside the CMS starting in version 1.4.0 and prior to versions 2.3.17 and 3.3.5. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `filter` parameter. Values allowed in the filter parameter are checked against a deny list of commands that should not be allowed, however this checking was done in a case sensitive manor and so it is possible to bypass these checks by using unusual case combinations. Users should upgrade to version 2.3.17 or 3.3.5, which fix this issue. There are no workarounds aside from upgrading.	2023-05-30	not yet calculated	CVE-2023-33178 MISC MISC MISC
xibo — xibo	Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.5 in the `nameFilter` function used throughout the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values for logical operators. Users should upgrade to version 3.3.5 which fixes this issue. There are no known workarounds aside from upgrading.	2023-05-30	not yet calculated	CVE-2023-33179 MISC MISC MISC
xibo — xibo	Xibo is a content management system (CMS). An SQL injection vulnerability was discovered starting in version 3.2.0 and prior to version 3.3.2 in the `/display/map` API route inside the CMS. This allows an authenticated user to exfiltrate data from the Xibo database by injecting specially crafted values in to the `bounds` parameter. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.	2023-05-30	not yet calculated	CVE-2023-33180 MISC MISC MISC
xibo — xibo	Xibo is a content management system (CMS). Starting in version 3.0.0 and prior to version 3.3.5, some API routes will print a stack trace when called with missing or invalid parameters revealing sensitive information about the locations of paths that the server is using. Users should upgrade to version 3.3.5, which fixes this issue. There are no known workarounds aside from upgrading.	2023-05-30	not yet calculated	CVE-2023-33181 MISC MISC MISC
nextcloud — nextcloud	Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can’t render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4	2023-05-30	not yet calculated	CVE-2023-33182 MISC MISC MISC
nextcloud — nextcloud	Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3	2023-05-30	not yet calculated	CVE-2023-33183 MISC MISC
zulip — zulip	Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. The main development branch of Zulip Server from May 2, 2023 and later, including beta versions 7.0-beta1 and 7.0-beta2, is vulnerable to a cross-site scripting vulnerability in tooltips on the message feed. An attacker who can send messages could maliciously craft a topic for the message, such that a victim who hovers the tooltip for that topic in their message feed triggers execution of JavaScript code controlled by the attacker.	2023-05-30	not yet calculated	CVE-2023-33186 MISC MISC MISC MISC
pomerium — pomerium	Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue has been patched in versions 0.17.4, 0.18.1, 0.19.2, 0.20.1, 0.21.4 and 0.22.2.	2023-05-30	not yet calculated	CVE-2023-33189 MISC MISC MISC MISC MISC MISC MISC MISC
kyverno — kyverno	Kyverno is a policy engine designed for Kubernetes. Kyverno seccomp control can be circumvented. Users of the podSecurity `validate.podSecurity` subrule in Kyverno 1.9.2 and 1.9.3 are vulnerable. This issue was patched in version 1.9.4.	2023-05-30	not yet calculated	CVE-2023-33191 MISC MISC MISC
embysupport — security	Emby Server is a user-installable home media server which stores and organizes a user’s media files of virtually any format and makes them available for viewing at home and abroad on a broad range of client devices. This vulnerability may allow administrative access to an Emby Server system, depending on certain user account settings. By spoofing certain headers which are intended for interoperation with reverse proxy servers, it may be possible to affect the local/non-local network determination to allow logging in without password or to view a list of user accounts which may have no password configured. Impacted are all Emby Server system which are publicly accessible and where the administrator hasn’t tightened the account login configuration for administrative users. This issue has been patched in Emby Server Beta version 4.8.31 and Emby Server version 4.7.12.	2023-05-30	not yet calculated	CVE-2023-33193 MISC
tgstation — tgstation-server	tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discord channels for the instance on enabled chat bots. This lasts until the instance’s chat channels are updated in TGS or DreamDaemon is restarted. TGS chat commands are unaffected, custom or otherwise.	2023-05-30	not yet calculated	CVE-2023-33198 MISC MISC MISC
oracle — apache_airflow_cncf_kubernetes	Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner. Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.	2023-05-30	not yet calculated	CVE-2023-33234 MISC
minecraft — minecraft	Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink.	2023-05-30	not yet calculated	CVE-2023-33245 MISC MISC MISC
atlassian — confluence	A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into the tables.	2023-05-31	not yet calculated	CVE-2023-33287 MISC MISC MISC
iniparser– iniparser	iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring’s return.	2023-06-01	not yet calculated	CVE-2023-33461 MISC
readymedia — readymedia	ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacker-controlled chunk values that exceed the length of the allocated buffer, resulting in out-of-bounds read/write.	2023-06-02	not yet calculated	CVE-2023-33476 MISC MISC MISC
totolink — x5000r	TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function.	2023-05-31	not yet calculated	CVE-2023-33485 MISC
totolink — x5000r	TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the “hostName” parameter.	2023-05-31	not yet calculated	CVE-2023-33486 MISC
totolink — x5000r	TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the “ip” parameter.	2023-05-31	not yet calculated	CVE-2023-33487 MISC
kramerav — via_go²	KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read.	2023-05-31	not yet calculated	CVE-2023-33507 MISC
kramerav — via_go²	KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE).	2023-05-31	not yet calculated	CVE-2023-33508 MISC
kramerav — via_go²	KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection.	2023-05-31	not yet calculated	CVE-2023-33509 MISC
hawtio — hawtio	hawtio 2.17.2 is vulnerable to Path Traversal. it is possible to input malicious zip files, which can result in the high-risk files after decompression being stored in any location, even leading to file overwrite.	2023-06-01	not yet calculated	CVE-2023-33544 MISC
janino — janino	janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. If the parser runs on user-supplied input, an attacker could supply content that causes the parser to crash due to a stack overflow.	2023-06-01	not yet calculated	CVE-2023-33546 MISC
erofs-utils — erofs-utils	Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.	2023-06-01	not yet calculated	CVE-2023-33551 MISC
erofs-utils — erofs-utils	Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.	2023-06-01	not yet calculated	CVE-2023-33552 MISC
nanomq — nanomq	A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit this vulnerability to cause a denial of service attack by causing the program to consume all available memory resources.	2023-05-30	not yet calculated	CVE-2023-33656 MISC MISC MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.	2023-06-02	not yet calculated	CVE-2023-33669 MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.	2023-06-02	not yet calculated	CVE-2023-33670 MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.	2023-06-02	not yet calculated	CVE-2023-33671 MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function.	2023-06-02	not yet calculated	CVE-2023-33672 MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.	2023-06-02	not yet calculated	CVE-2023-33673 MISC
tenda — ac8v4.0-v16.03.34.06	Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function.	2023-06-02	not yet calculated	CVE-2023-33675 MISC
mp4v2 — mp4v2	mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp.	2023-06-01	not yet calculated	CVE-2023-33716 MISC
mp4v2 — mp4v2	mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes()	2023-06-02	not yet calculated	CVE-2023-33717 MISC MISC
mp4v2 — mp4v2	mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp	2023-05-31	not yet calculated	CVE-2023-33718 MISC
mp4v2 — mp4v2	mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp	2023-06-01	not yet calculated	CVE-2023-33719 MISC MISC
edimax — br-6288acl	EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter.	2023-05-31	not yet calculated	CVE-2023-33722 MISC MISC
microworld_technologies — escan_management_console	Privilege Escalation in the “GetUserCurrentPwd” function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format.	2023-05-31	not yet calculated	CVE-2023-33730 MISC
microworld_technologies — escan_management_console	Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the URL directly.	2023-06-02	not yet calculated	CVE-2023-33731 MISC MISC
microworld_technologies — escan_management_console	Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.	2023-05-31	not yet calculated	CVE-2023-33732 MISC
bluecms — bluecms	BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.	2023-05-30	not yet calculated	CVE-2023-33734 MISC
d-link — dir-846	D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface.	2023-05-31	not yet calculated	CVE-2023-33735 MISC MISC
dcat-admin — dcat-admin	A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter.	2023-05-31	not yet calculated	CVE-2023-33736 MISC
luowice — luowice	Incorrect access control in luowice v3.5.18 allows attackers to access cloud source code information via modification fo the Verify parameter in a warning message.	2023-05-30	not yet calculated	CVE-2023-33740 MISC
macro-video_technologies — v380pro	Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device.	2023-05-30	not yet calculated	CVE-2023-33741 MISC
inpiazza_cloud_wifi — inpiazza_cloud_wifi	The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to gain access to login credentials.	2023-06-01	not yet calculated	CVE-2023-33754 MISC
emedia_consulting_simpleredak — emedia_consulting_simpleredak	eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php.	2023-06-02	not yet calculated	CVE-2023-33761 MISC
emedia_consulting_simpleredak — emedia_consulting_simpleredak	eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter.	2023-06-02	not yet calculated	CVE-2023-33762 MISC
emedia_consulting_simpleredak — emedia_consulting_simpleredak	eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php.	2023-06-02	not yet calculated	CVE-2023-33763 MISC
emedia_consulting_simpleredak — emedia_consulting_simpleredak	eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>.	2023-06-01	not yet calculated	CVE-2023-33764 MISC
draytek — vigor_routers	Draytek Vigor Routers firmware versions below 3.9.6/4.2.4, Access Points firmware versions below v1.4.0, Switches firmware versions below 2.6.7, and Myvigor firmware versions below 2.3.2 were discovered to use hardcoded encryption keys which allows attackers to bind any affected device to their own account. Attackers are then able to create WCF and DrayDDNS licenses and synchronize them from the website.	2023-06-01	not yet calculated	CVE-2023-33778 MISC
minio — minio_object_storage	Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.	2023-05-30	not yet calculated	CVE-2023-33955 MISC MISC MISC
openproject — openproject	OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to version 12.5.6, even if the entire instance is marked as `Login required` and prevents all truly anonymous access, the `/robots.txt` route remains publicly available. Version 12.5.6 has a fix for this issue. Alternatively, users can download a patchfile to apply the patch to any OpenProject version greater than 10.0 As a workaround, one may mark any public project as non-public and give anyone in need of access to the project a membership.	2023-06-01	not yet calculated	CVE-2023-33960 MISC MISC MISC MISC MISC
leantime — leantime	Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist.	2023-05-30	not yet calculated	CVE-2023-33961 MISC
jstachio — jstachio	JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes `’` in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users visiting pages that use this template engine. This can lead to various consequences, including session hijacking, defacement of web pages, theft of sensitive information, or even the propagation of malware. Version 1.0.1 contains a patch for this issue. To mitigate this vulnerability, the template engine should properly escape special characters, including single quotes. Common practice is to escape `’` as `&#39`. As a workaround, users can avoid this issue by using only double quotes `”` for HTML attributes.	2023-05-30	not yet calculated	CVE-2023-33962 MISC MISC MISC MISC MISC
dataease — dataease	DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.	2023-06-01	not yet calculated	CVE-2023-33963 MISC MISC
mx-chain-go — mx-chain-go	mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.	2023-05-31	not yet calculated	CVE-2023-33964 MISC MISC
txthinking — brook	Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606.	2023-06-01	not yet calculated	CVE-2023-33965 MISC MISC
deno — deno	Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`–allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.	2023-05-31	not yet calculated	CVE-2023-33966 MISC MISC
easeprobe — easeprobe	EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0.	2023-05-31	not yet calculated	CVE-2023-33967 MISC MISC MISC MISC
formcreator — formcreator	Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > “` in all fields.	2023-05-31	not yet calculated	CVE-2023-33971 MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds.	2023-05-30	not yet calculated	CVE-2023-33973 MISC MISC MISC MISC MISC MISC MISC MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds.	2023-05-30	not yet calculated	CVE-2023-33974 MISC MISC MISC MISC MISC MISC MISC MISC
riot_os — riot_os	RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams.	2023-05-30	not yet calculated	CVE-2023-33975 MISC MISC MISC MISC MISC MISC MISC MISC
chatgpt — gpt_academic	gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the `/file` route, leading to sensitive information leakage. This affects users that uses file configurations via `config.py`, `config_private.py`, `Dockerfile`. A patch is available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a workaround, one may use environment variables instead of `config*.py` files to configure this project, or use docker-compose installation to configure this project.	2023-05-31	not yet calculated	CVE-2023-33979 MISC MISC
collabora_online — collabora_online	Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch.	2023-05-31	not yet calculated	CVE-2023-34088 MISC
kyverno — kyverno	Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the Kubernetes finalizers feature by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to bypass policies. This is resolved in Kyverno 1.10.0. There is no known workaround.	2023-06-01	not yet calculated	CVE-2023-34091 MISC MISC
vite — vite	Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`[‘.env’, ‘.env.’, ‘.{crt,pem}’]`). Only users explicitly exposing the Vite dev server to the network (using `–host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in vite@4.3.9, vite@4.2.3, vite@4.1.5, vite@4.0.5, vite@3.2.7, and vite@2.9.16.	2023-06-01	not yet calculated	CVE-2023-34092 MISC MISC MISC
chatgpt — chuanhuchatgPT	ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.	2023-06-02	not yet calculated	CVE-2023-34094 MISC MISC
imagemagick — imagemagick	A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546).	2023-05-30	not yet calculated	CVE-2023-34151 MISC MISC MISC FEDORA
imagemagick — imagemagick	A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with –enable-pipes configured.	2023-05-30	not yet calculated	CVE-2023-34152 MISC MISC MISC FEDORA
imagemagick — imagemagick	A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding.	2023-05-30	not yet calculated	CVE-2023-34153 MISC MISC MISC FEDORA
imapsync — imapsync	imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync’s cache and overwrite files belonging to the user who runs it.	2023-05-30	not yet calculated	CVE-2023-34204 MISC
moov — signedxml	In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW).	2023-05-30	not yet calculated	CVE-2023-34205 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible	2023-05-31	not yet calculated	CVE-2023-34218 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions	2023-05-31	not yet calculated	CVE-2023-34228 MISC
jetbrains — teamcity	In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible	2023-05-31	not yet calculated	CVE-2023-34229 MISC
linux — kernel	An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset.	2023-05-31	not yet calculated	CVE-2023-34256 MISC MISC MISC
tencent — multiple_products	An issue was discovered in BMC Patrol before 22.1.00. The agent’s configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution.	2023-05-31	not yet calculated	CVE-2023-34258 MISC MISC
tencent — multiple_products	In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition.	2023-06-01	not yet calculated	CVE-2023-34312 MISC
jetbrains — ktor	In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception’s message	2023-06-01	not yet calculated	CVE-2023-34339 MISC
moveit_transfer — moveit_transfer	In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer’s database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.	2023-06-02	not yet calculated	CVE-2023-34362 MISC

Sort all tables

alerts

Progress Software Releases Security Advisory for MOVEit Transfer

Post author By admin
Post date June 1, 2023

Progress Software has released a security advisory for a vulnerability in MOVEit Transfer—a Managed File Transfer Software. A cyber threat actor could exploit this vulnerability to take over an affected system.

CISA urgers users and organizations to review the MOVEit Transfer Advisory, follow the mitigation steps, apply the necessary updates, and hunt for any malicious activity.

Managed Security Services

Cyber Threat Intelligence

iDNA

SiON

About Us

Leadership

Advisors

Cyber Security Assessment

SOC Cost Calculator

Request a Dark Web Report

Cyber Security Threat Alerts

What is Incident Response?

SOC 2 Compliance

Cyber Security Definitions and Terminology

Cyber Security Jobs

Blog

Podcast

Instagram

LinkedIn

Twitter

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!

SUMMARY

TECHNICAL DETAILS

Introduction

LockBit Statistics

Percentage of ransomware incidents attributed to LockBit:

Number of LockBit ransomware attacks in the U.S. since 2020:

Total of U.S. ransoms paid to LockBit:

Earliest observed LockBit activity:

Most recently observed LockBit activity:

Operational activity related to LockBit in France

* Name either obtained from ANSSI’s or the victim’s investigations ** Includes incidents with multiple strains

Leak Sites

Tools

Common Vulnerabilities and Exposures (CVEs) Exploited

Post Detonation TTPs

MITRE ATT&CK Tactics and Techniques

Mitigations

Initial Access

Execution

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Command and Control

Exfiltration

Impact

Implement Mitigations for Defense-in-Depth

Validate Security Controls

Resources

Reporting

Disclaimer

References

SUMMARY

TECHNICAL DETAILS

CVE-2023-34362 MOVEIT TRANSFER VULNERABILITY

DETECTION METHODS

MOVEit Campaign Indicators of Compromise

GoAnywhere Campaign Indicators of Compromise

MITRE ATT&CK TECHNIQUES

MITIGATIONS

VALIDATE SECURITY CONTROLS

RESOURCES

REPORTING

DISCLAIMER

High Vulnerabilities

Medium Vulnerabilities

Low Vulnerabilities

Severity Not Yet Assigned

Company

Our services

Resources

Partners

Cyber news

Weekly Newsletter

Subscribe to our weekly newsletter on cyber news and best practices!

* Name either obtained from ANSSI’s or the victim’s investigations
** Includes incidents with multiple strains