DefendEdge Logo
Categories
alerts

Vulnerability Summary for the Week of April 10, 2023

 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
dts_electronics — redline_router Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. 2023-04-14 10 CVE-2023-1803
MISC
dts_electronics — redline_router Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17. 2023-04-14 10 CVE-2023-1833
MISC
safe-eval_project — safe-eval All versions of the package safe-eval are vulnerable to Prototype Pollution via the safeEval function, due to improper sanitization of its parameter content. 2023-04-11 10 CVE-2023-26121
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in HD FLV PLayer Plugin up to 1.7. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. 2023-04-09 9.8 CVE-2012-10011
MISC
MISC
MISC
wordpress — wordpress A vulnerability, which was classified as critical, has been found in Dynamic Widgets Plugin up to 1.5.10. This issue affects some unknown processing of the file classes/dynwid_class.php. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.11 is able to address this issue. The name of the patch is d0a19c6efcdc86d7093b369bc9e29a0629e57795. It is recommended to upgrade the affected component. The identifier VDB-225353 was assigned to this vulnerability. 2023-04-10 9.8 CVE-2015-10100
MISC
MISC
MISC
MISC
apple — iphone_os A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 16. An app may be able to execute arbitrary code with kernel privileges 2023-04-10 9.8 CVE-2022-46709
MISC
wordpress — wordpress The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. 2023-04-10 9.8 CVE-2023-1478
MISC
tcpdump — tcpdump The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. 2023-04-07 9.8 CVE-2023-1801
MISC
MISC
eskom_computer — water_metering_software Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Eskom Computer Water Metering Software allows Command Line Execution through SQL Injection.This issue affects Water Metering Software: before 23.04.06. 2023-04-14 9.8 CVE-2023-1863
MISC
sourcecodester — simple_and_beautiful_shopping_cart_system A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability. 2023-04-07 9.8 CVE-2023-1941
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. 2023-04-07 9.8 CVE-2023-1942
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. 2023-04-08 9.8 CVE-2023-1951
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. 2023-04-08 9.8 CVE-2023-1952
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. 2023-04-08 9.8 CVE-2023-1955
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. 2023-04-08 9.8 CVE-2023-1958
MISC
MISC
MISC
sourcecodester — — online_eyewear_shop A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects unknown code of the file /admin/inventory/manage_stock.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225406 is the identifier assigned to this vulnerability. 2023-04-10 9.8 CVE-2023-1969
MISC
MISC
MISC
microsoft — multiple_products Microsoft Message Queuing Remote Code Execution Vulnerability 2023-04-11 9.8 CVE-2023-21554
MISC
dlink — dir-882_a1_firmware D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-24797
MISC
MISC
dlink — dir-878_firmware D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-24798
MISC
MISC
dlink — dir-878_firmware D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-24799
MISC
MISC
dlink — dir-878_firmware D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-24800
MISC
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25210
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25211
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25212
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25213
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25214
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25215
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25216
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25217
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25218
MISC
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25219
MISC
tenda — ac5_firmware Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-25220
MISC
MISC
totolink — a7100ru_firmware TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. 2023-04-07 9.8 CVE-2023-26848
MISC
totolink — a7100ru_firmware TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. 2023-04-07 9.8 CVE-2023-26978
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27012
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27013
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27014
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27015
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27016
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27017
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27018
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27019
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27020
MISC
tenda — ac10_firmware Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 9.8 CVE-2023-27021
MISC
cdesigner_project — cdesigner Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). 2023-04-07 9.8 CVE-2023-27033
MISC
MISC
tenda — g103_firmware Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. 2023-04-10 9.8 CVE-2023-27076
MISC
gdidees — gdidees_cms An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. 2023-04-10 9.8 CVE-2023-27178
MISC
MISC
MISC
MISC
apache — linkis In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. We recommend users upgrade the version of Linkis to version 1.3.2.  For versions <=1.3.1, we suggest turning on the file path check switch in linkis.properties `wds.linkis.workspace.filesystem.owner.check=true` `wds.linkis.workspace.filesystem.path.check=true` 2023-04-10 9.8 CVE-2023-27602
MISC
MISC
apache — linkis In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2. 2023-04-10 9.8 CVE-2023-27603
MISC
MISC
apusapps — launcher An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. 2023-04-10 9.8 CVE-2023-27650
MISC
MISC
MISC
dlink — dir-878_firmware D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_48d630 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-09 9.8 CVE-2023-27720
MISC
MISC
microsoft — windows_server_2008 Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability 2023-04-11 9.8 CVE-2023-28250
MISC
siemens — multiple_products A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Affected devices are vulnerable to command injection via the web server port 443/tcp, if the parameter “Remote Operation” is enabled. The parameter is disabled by default. The vulnerability could allow an unauthenticated remote attacker to perform arbitrary code execution on the device. 2023-04-11 9.8 CVE-2023-28489
MISC
apache — airflow_hive_provider Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. 2023-04-07 9.8 CVE-2023-28706
MISC
MISC
MISC
sap — businessobjects_business_intelligence An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application. 2023-04-11 9.8 CVE-2023-28765
MISC
MISC
apache — linkis In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization vulnerability and eventually lead to remote code execution. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2. 2023-04-10 9.8 CVE-2023-29215
MISC
MISC
apache — linkis In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.2. 2023-04-10 9.8 CVE-2023-29216
MISC
MISC
progress — sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector. 2023-04-10 9.8 CVE-2023-29375
MISC
MISC
bibliocraftmod — bibliocraft BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. 2023-04-07 9.8 CVE-2023-29478
MISC
simple_and_beautiful_shopping_cart_system_project — simple_and_beautiful_shopping_cart_system A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316. 2023-04-07 9.1 CVE-2023-1940
MISC
MISC
MISC
apache — linkis In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Generation rules should add random values. We recommend users upgrade the version of Linkis to version 1.3.2 And modify the default token value. You can refer to Token authorization[1] https://linkis.apache.org/docs/latest/auth/token https://linkis.apache.org/docs/latest/auth/token 2023-04-10 9.1 CVE-2023-27987
MISC
MISC
bestwebsoft — facebook_button A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355. 2023-04-10 8.8 CVE-2012-10012
MISC
MISC
MISC
scada-lts — scada-lts An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile. 2023-04-10 8.8 CVE-2022-41976
MISC
MISC
MISC
joomunited — wp_meta_seo The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. 2023-04-10 8.8 CVE-2023-1381
MISC
MISC
crocoblock — jetengine_for_elementor The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. 2023-04-10 8.8 CVE-2023-1406
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. 2023-04-08 8.8 CVE-2023-1953
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. 2023-04-08 8.8 CVE-2023-1954
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. 2023-04-08 8.8 CVE-2023-1956
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. 2023-04-08 8.8 CVE-2023-1957
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. 2023-04-08 8.8 CVE-2023-1959
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. 2023-04-08 8.8 CVE-2023-1960
MISC
MISC
MISC
microsoft — multiple_products Remote Procedure Call Runtime Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-21727
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24884
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24886
MISC
microsoft — windows_server_2008 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24887
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24924
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24925
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24926
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24927
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24928
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-24929
MISC
pgyer — codefever codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. 2023-04-07 8.8 CVE-2023-26817
MISC
save_your_carts_and_buy_later_or_send_it_project — save_your_carts_and_buy_later_or_send_it SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. 2023-04-10 8.8 CVE-2023-26860
MISC
MISC
apple — safari A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. 2023-04-10 8.8 CVE-2023-28205
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
microsoft — windows_server_2008 Windows Network Load Balancing Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-28240
MISC
microsoft — windows_server_2012 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-28243
MISC
microsoft — windows_server_2008 Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability 2023-04-11 8.8 CVE-2023-28275
MISC
microsoft — multiple_products Windows Remote Procedure Call Service (RPCSS) Elevation of Privilege Vulnerability 2023-04-11 8.8 CVE-2023-28297
MISC
sap — landscape_management An information disclosure vulnerability exists in SAP Landscape Management – version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. 2023-04-11 8.7 CVE-2023-26458
MISC
MISC
apple — ipados An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.7.5 and iPadOS 15.7.5, macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. 2023-04-10 8.6 CVE-2023-28206
MISC
MISC
MISC
MISC
MISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
FULLDISC
microsoft — raw_image_extension Raw Image Extension Remote Code Execution Vulnerability 2023-04-11 8.4 CVE-2023-28291
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. 2023-04-07 8.1 CVE-2022-33959
MISC
MISC
sap — diagnostics_agent Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent – version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. 2023-04-11 8.1 CVE-2023-27267
MISC
MISC
microsoft — windows_server_2008 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 2023-04-11 8.1 CVE-2023-28219
MISC
microsoft — windows_server_2008 Layer 2 Tunneling Protocol Remote Code Execution Vulnerability 2023-04-11 8.1 CVE-2023-28220
MISC
microsoft — windows_server_2008 Windows Kerberos Elevation of Privilege Vulnerability 2023-04-11 8.1 CVE-2023-28244
MISC
microsoft — windows_server Netlogon RPC Elevation of Privilege Vulnerability 2023-04-11 8.1 CVE-2023-28268
MISC
microsoft — windows_server_2008 DHCP Server Service Remote Code Execution Vulnerability 2023-04-11 8 CVE-2023-28231
MISC
apple — macos A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.1. An app may be able to execute arbitrary code with kernel privileges 2023-04-10 7.8 CVE-2022-42858
MISC
adobe — digital_editions Adobe Digital Editions version 4.5.11.187303 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-21582
MISC
adobe — incopy InCopy versions 18.1 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-22235
MISC
microsoft — ole_db_driver Microsoft ODBC and OLE DB Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-23375
MISC
gnu — screen socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. 2023-04-08 7.8 CVE-2023-24626
CONFIRM
MISC
MISC
microsoft — visual_studio_code Visual Studio Code Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-24893
MISC
microsoft — windows_server_2008 Windows Graphics Component Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-24912
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26371
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26372
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26373
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26383
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26384
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26388
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26389
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26390
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26391
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26392
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26393
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26394
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26395
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26396
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26398
MISC
adobe — substance3d-stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26402
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26405
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26406
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26407
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26408
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26409
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26410
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26411
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26412
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26413
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26414
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26415
MISC
adobe — substance3d-designer Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-13 7.8 CVE-2023-26416
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26417
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26418
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26419
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26420
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Integer Underflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26421
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26422
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26423
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26424
MISC
adobe — acrobat_reader Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 7.8 CVE-2023-26425
MISC
pega — synchronization_engine A user with non-Admin access can change a configuration file on the client to modify the Server URL. 2023-04-10 7.8 CVE-2023-26466
MISC
opendesign — drawings_sdk An issue was discovered in Open Design Alliance Drawings SDK before 2024.1. A crafted DWG file can force the SDK to reuse an object that has been freed. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code. 2023-04-10 7.8 CVE-2023-26495
MISC
chinamobileltd — oa_mailbox_pc An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox. 2023-04-10 7.8 CVE-2023-26986
MISC
MISC
dell — power_manager Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. 2023-04-07 7.8 CVE-2023-28051
MISC
microsoft — multiple_products
 
Windows NTLM Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28225
MISC
microsoft — multiple_products Windows Kernel Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28236
MISC
microsoft — multiple_products Windows Kernel Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28237
MISC
microsoft — multiple_ products
 
Windows Registry Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28246
MISC
microsoft — multiple_products Windows Kernel Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28248
MISC
microsoft — multiple_products Windows Common Log File System Driver Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28252
MISC
microsoft — multiple_products
 
.NET DLL Hijacking Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28260
MISC
microsoft — visual_studio
 
Visual Studio Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28262
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28272
MISC
microsoft — multiple_products
 
Windows Win32k Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28274
MISC
microsoft — multiple_products Microsoft Office Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28285
MISC
microsoft — raw_image_extendion
 
Raw Image Extension Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28292
MISC
microsoft — multiple_products
 
Windows Kernel Elevation of Privilege Vulnerability 2023-04-11 7.8 CVE-2023-28293
MISC
microsoft — visual_studio
 
Visual Studio Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28296
MISC
microsoft — multiple_products Microsoft ODBC and OLE DB Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28304
MISC
microsoft — multiple_products
 
Microsoft Word Remote Code Execution Vulnerability 2023-04-11 7.8 CVE-2023-28311
MISC
siemens — multiple_products
 
A vulnerability has been identified in JT Open (All versions < V11.3.2.0), JT Utilities (All versions < V13.3.0.0). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process. 2023-04-11 7.8 CVE-2023-29053
MISC
linux — linux_kernel An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. 2023-04-10 7.8 CVE-2023-30456
MISC
MISC
microsoft — multiple_products

 

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 2023-04-11 7.6 CVE-2023-28309
MISC
lua — lua In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read. 2023-04-10 7.5 CVE-2021-45985
MISC
MISC
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. 2023-04-07 7.5 CVE-2022-34333
MISC
MISC
siemens — multiple_products A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. 2023-04-11 7.5 CVE-2022-43716
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. 2023-04-11 7.5 CVE-2022-43767
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. 2023-04-11 7.5 CVE-2022-43768
MISC
apple — ipados A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. Private Relay functionality did not match system settings 2023-04-10 7.5 CVE-2022-46716
MISC
MISC
microsoft — multiple_products
 
Microsoft Message Queuing Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-21769
MISC
microsoft — multiple_products Microsoft Defender Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-24860
MISC
microsoft — multiple_products Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability 2023-04-11 7.5 CVE-2023-24885
MISC
microsoft — multiple_products Windows Secure Channel Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-24931
MISC
aten — pe8108_firmware Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. 2023-04-11 7.5 CVE-2023-25413
MISC
siteproxy_project — siteproxy siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. 2023-04-07 7.5 CVE-2023-26820
MISC
gdidees — gdidees_cms GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. 2023-04-07 7.5 CVE-2023-27180
MISC
MISC
MISC
dualspace — super_security An issue found in DUALSPACE Super Security v.2.3.7 allows an attacker to cause a denial of service via the SharedPreference files. 2023-04-11 7.5 CVE-2023-27191
MISC
MISC
MISC
microsoft — windows_server_2008 Windows Network Address Translation (NAT) Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-28217
MISC
microsoft — windows_server_2008 Windows Bluetooth Driver Remote Code Execution Vulnerability 2023-04-11 7.5 CVE-2023-28227
MISC
microsoft — windows_server_2008 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability 2023-04-11 7.5 CVE-2023-28232
MISC
microsoft — windows_server_2022 Windows Secure Channel Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-28233
MISC
microsoft — windows_server_2022 Windows Secure Channel Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-28234
MISC
microsoft — windows_server_2008 Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability 2023-04-11 7.5 CVE-2023-28238
MISC
microsoft — windows_server_2008 Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-28241
MISC
microsoft — multiple_products
 
Windows Network File System Information Disclosure Vulnerability 2023-04-11 7.5 CVE-2023-28247
MISC
microsoft — multiple_products
 
Azure Service Connector Security Feature Bypass Vulnerability 2023-04-11 7.5 CVE-2023-28300
MISC
microsoft — multiple_products Microsoft Message Queuing Denial of Service Vulnerability 2023-04-11 7.5 CVE-2023-28302
MISC
apache — airflow_drill_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. 2023-04-07 7.5 CVE-2023-28707
MISC
MISC
MISC
apache — airflow_spark_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. 2023-04-07 7.5 CVE-2023-28710
MISC
MISC
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.40), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.40), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.40), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.40), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.40), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.40), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.40), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.40), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.40), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.40), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions < V9.40), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service. An unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. 2023-04-11 7.5 CVE-2023-28766
MISC
wacom — driver Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability. 2023-04-11 7.3 CVE-2022-38604
MISC
MISC
MISC
microsoft — sql_server
 
Microsoft SQL Server Remote Code Execution Vulnerability 2023-04-11 7.3 CVE-2023-23384
MISC
siemens — multiple_products A vulnerability has been identified in TIA Portal V15 (All versions), TIA Portal V16 (All versions), TIA Portal V17 (All versions), TIA Portal V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. 2023-04-11 7.3 CVE-2023-26293
MISC
groundhogg — groundhogg The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins 2023-04-10 7.2 CVE-2023-1425
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability. 2023-04-11 7.2 CVE-2023-1985
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability. 2023-04-11 7.2 CVE-2023-1986
MISC
MISC
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535. 2023-04-11 7.2 CVE-2023-1987
MISC
MISC
MISC
aten — pe8108_firmware Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. 2023-04-11 7.2 CVE-2023-25407
MISC
javadelight — nashorn_sandbox delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process. 2023-04-10 7.2 CVE-2023-26919
MISC
microsoft — mulitple_products
 
Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 7.2 CVE-2023-28254
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 7.1 CVE-2022-47338
MISC
ibm — tririga_application_platform IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. 2023-04-07 7.1 CVE-2023-27876
MISC
MISC
microsoft — windows_server_2008 Windows Kernel Elevation of Privilege Vulnerability 2023-04-11 7.1 CVE-2023-28222
MISC
microsoft — multiple_products
 
Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability 2023-04-11 7.1 CVE-2023-28224
MISC
microsoft — windows_11_22h2 Win32k Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-24914
MISC
microsoft — windows_server_2008 Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-28216
MISC
microsoft — windows_server_2008 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-28218
MISC
microsoft — multiple_products
 
Windows Error Reporting Service Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-28221
MISC
microsoft — multiple_products Windows CNG Key Isolation Service Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-28229
MISC
microsoft — multiple_products
 
Windows Clip Service Elevation of Privilege Vulnerability 2023-04-11 7 CVE-2023-28273
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows_server_2019 Windows Lock Screen Security Feature Bypass Vulnerability 2023-04-11 6.8 CVE-2023-28235
MISC
microsoft — multiple_products Windows Lock Screen Security Feature Bypass Vulnerability 2023-04-11 6.8 CVE-2023-28270
MISC
siemens– multiple_products
 
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2P IRT (All versions < V5.5.2), SCALANCE X202-2P IRT PRO (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT (All versions < V5.5.2), SCALANCE X204IRT PRO (All versions < V5.5.2), SCALANCE XF201-3P IRT (All versions < V5.5.2), SCALANCE XF202-2P IRT (All versions < V5.5.2), SCALANCE XF204-2BA IRT (All versions < V5.5.2), SCALANCE XF204IRT (All versions < V5.5.2), SIPLUS NET SCALANCE X202-2P IRT (All versions < V5.5.2). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. 2023-04-11 6.7 CVE-2023-29054
MISC
microsoft — multiple_products Windows Domain Name Service Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28223
MISC
microsoft — multiple_products Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28255
MISC
microsoft — multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28256
MISC
microsoft — multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28278
MISC
microsoft — multiple_products Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28305
MISC
microsoft — multiple_products Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28306
MISC
microsoft — multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28307
MISC
microsoft — multiple_products
 
Windows DNS Server Remote Code Execution Vulnerability 2023-04-11 6.6 CVE-2023-28308
MISC
ibm — db2_mirror_for_i The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. 2023-04-07 6.5 CVE-2022-43928
MISC
MISC
keetrax — wp_tiles The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of post. 2023-04-10 6.5 CVE-2023-1426
MISC
bp_monitoring_management_system_project — bp_monitoring_management_system A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability. 2023-04-07 6.5 CVE-2023-1909
MISC
MISC
MISC
microsoft — multiple_products Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability 2023-04-11 6.5 CVE-2023-24883
MISC
microsoft — multiple_products
 
Remote Desktop Protocol Client Information Disclosure Vulnerability 2023-04-11 6.5 CVE-2023-28267
MISC
microsoft — multiple_products
 
Microsoft SharePoint Server Spoofing Vulnerability 2023-04-11 6.5 CVE-2023-28288
MISC
microsoft — azure_machine_learning_information Azure Machine Learning Information Disclosure Vulnerability 2023-04-11 6.5 CVE-2023-28312
MISC
zohocorp — manageengine_applications_manager Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. 2023-04-11 6.5 CVE-2023-28340
MISC
MISC
sap — netweaver_enterprise_portal In SAP NetWeaver Enterprise Portal – version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity. 2023-04-11 6.5 CVE-2023-28761
MISC
MISC
sap — netweaver_application_server_abap SAP NetWeaver AS for ABAP and ABAP Platform – versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server’s resources sufficiently to make it unavailable over the network without any user interaction. 2023-04-11 6.5 CVE-2023-28763
MISC
MISC
sap — customer_relationship_management In SAP CRM – versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability. 2023-04-11 6.3 CVE-2023-27897
MISC
MISC
siemens — multiple_products
 
A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC IPC647E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC847D (All versions), SIMATIC IPC847E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows). The Adaptec Maxview application on affected devices is using a non-unique TLS certificate across installations to protect the communication from the local browser to the local application. A local attacker may use this key to decrypt intercepted local traffic between the browser and the application and could perform a man-in-the-middle attack in order to modify data in transit. 2023-04-11 6.2 CVE-2023-23588
MISC
microsoft — malware_protection_engine
 
Microsoft Defender Security Feature Bypass Vulnerability 2023-04-14 6.2 CVE-2023-24934
MISC
microsoft — multiple_products
 
Windows Boot Manager Security Feature Bypass Vulnerability 2023-04-11 6.2 CVE-2023-28249
MISC
microsoft — multiple_products
 
Windows Boot Manager Security Feature Bypass Vulnerability 2023-04-11 6.2 CVE-2023-28269
MISC
sandbox_theme_project — sandbox_theme A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The name of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability. 2023-04-10 6.1 CVE-2009-10004
MISC
MISC
MISC
MISC
fancy_gallery_project — fancy_gallery A vulnerability was found in Fancy Gallery Plugin 1.5.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file class.options.php of the component Options Page. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.13 is able to address this issue. The name of the patch is fdf1f9e5a1ec738900f962e69c6fa4ec6055ed8d. It is recommended to upgrade the affected component. The identifier VDB-225349 was assigned to this vulnerability. 2023-04-10 6.1 CVE-2014-125096
MISC
MISC
MISC
bestwebsoft — facebook_button A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The name of the patch is b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability. 2023-04-10 6.1 CVE-2014-125097
MISC
MISC
MISC
dart — http_server A vulnerability was found in Dart http_server up to 0.9.5 and classified as problematic. Affected by this issue is the function VirtualDirectory of the file lib/src/virtual_directory.dart of the component Directory Listing Handler. The manipulation of the argument request.uri.path leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.9.6 is able to address this issue. The name of the patch is 27c1cbd8125bb0369e675eb72e48218496e48ffb. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225356. 2023-04-10 6.1 CVE-2014-125098
MISC
MISC
MISC
MISC
MISC
pingidentity — self-service_account_manager A vulnerability, which was classified as problematic, has been found in Ping Identity Self-Service Account Manager 1.1.2. Affected by this issue is some unknown functionality of the file src/main/java/com/unboundid/webapp/ssam/SSAMController.java. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.1.3 is able to address this issue. The name of the patch is f64b10d63bb19ca2228b0c2d561a1a6e5a3bf251. It is recommended to upgrade the affected component. VDB-225362 is the identifier assigned to this vulnerability. 2023-04-10 6.1 CVE-2018-25084
MISC
MISC
MISC
MISC
servicenow — servicenow ServiceNow Tokyo allows XSS. 2023-04-10 6.1 CVE-2022-39048
MISC
MISC
stylishcostcalculator — stylish_cost_calculator The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could be used against admins when viewing submissions submitted through the Email Quote Form. 2023-04-10 6.1 CVE-2023-0983
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability 2023-04-11 6.1 CVE-2023-24935
MISC
kibokolabs — arigato_autoresponder_and_newsletter Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. 2023-04-07 6.1 CVE-2023-25020
MISC
cththemes — monolit Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions. 2023-04-07 6.1 CVE-2023-25041
MISC
wpglobus — wpglobus_translate_options Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions. 2023-04-07 6.1 CVE-2023-25711
MISC
fullworksplugins — quick_paypal_payments Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. 2023-04-07 6.1 CVE-2023-25713
MISC
sales_tracker_management_system_project — sales_tracker_management_system Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. 2023-04-10 6.1 CVE-2023-26773
MISC
MISC
MISC
MISC
veritas — netbackup_appliance_firmware Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. 2023-04-10 6.1 CVE-2023-26788
MISC
MISC
microsoft — multiple_products
 
Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability 2023-04-11 6.1 CVE-2023-28313
MISC
microsoft — multiple_products
 
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability 2023-04-11 6.1 CVE-2023-28314
MISC
zohocorp — manageengine_applications_manager Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. 2023-04-11 6.1 CVE-2023-28341
MISC
MISC
cimatti — wordpress_contact_forms Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. 2023-04-07 6.1 CVE-2023-28781
MISC
cimatti — wordpress_contact_forms Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. 2023-04-07 6.1 CVE-2023-28789
MISC
i13websolution — continuous_image_carosel_with_lightbox Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. 2023-04-07 6.1 CVE-2023-28792
MISC
magic-post-thumbnail — magic_post_thumbnail Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions. 2023-04-07 6.1 CVE-2023-29171
MISC
wp-property-hive — propertyhive Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions. 2023-04-07 6.1 CVE-2023-29172
MISC
cththemes — outdoor Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions. 2023-04-07 6.1 CVE-2023-29236
MISC
implecode — product_catalog_simple Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions. 2023-04-07 6.1 CVE-2023-29388
MISC
wacom — driver Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component WacomWacom_Tablet.exe. 2023-04-11 5.9 CVE-2022-43293
MISC
MISC
MISC
allegro — bigflow Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. 2023-04-10 5.9 CVE-2023-25392
MISC
MISC
canonical — ubuntu_linux It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. 2023-04-07 5.5 CVE-2020-11935
UBUNTU
UBUNTU
apple — ipados A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, iOS 15.7.2 and iPadOS 15.7.2. An app may be able to read sensitive location information 2023-04-10 5.5 CVE-2022-46703
MISC
MISC
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47335
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47336
MISC
google — android In media service, there is a missing permission check. This could lead to local denial of service in media service. 2023-04-11 5.5 CVE-2022-47337
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47362
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47463
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47464
MISC
google — android In vdsp service, there is a missing permission check. This could lead to local denial of service in vdsp service. 2023-04-11 5.5 CVE-2022-47465
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47466
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47467
MISC
google — android In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service. 2023-04-11 5.5 CVE-2022-47468
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26374
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26375
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26376
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26377
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26378
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26379
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26380
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26381
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26382
MISC
adobe — substance_3d_stager
 
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26385
MISC
adobe — substance_3d_stager
 
Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26386
MISC
adobe — substance_3d_stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26387
MISC
adobe — acrobat_reader
 
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26397
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26400
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26401
MISC
adobe — substance_3d_stager Adobe Substance 3D Stager version 2.0.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26403
MISC
adobe — dimension Adobe Dimension version 3.4.8 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2023-04-12 5.5 CVE-2023-26404
MISC
microsoft — windows_server_2008 Windows Spoofing Vulnerability 2023-04-11 5.5 CVE-2023-28228
MISC
microsoft — windows_server_2008 Windows Kernel Information Disclosure Vulnerability 2023-04-11 5.5 CVE-2023-28253
MISC
microsoft — visual_studio
 
Visual Studio Information Disclosure Vulnerability 2023-04-11 5.5 CVE-2023-28263
MISC
microsoft — windows_server_2008 Windows Common Log File System Driver Information Disclosure Vulnerability 2023-04-11 5.5 CVE-2023-28266
MISC
microsoft — windows_server_2008 Windows Kernel Memory Information Disclosure Vulnerability 2023-04-11 5.5 CVE-2023-28271
MISC
microsoft — multiple_products Windows Kernel Denial of Service Vulnerability 2023-04-11 5.5 CVE-2023-28298
MISC
microsoft — visual_studio
 
Visual Studio Spoofing Vulnerability 2023-04-11 5.5 CVE-2023-28299
MISC
ibm — tririga_application_platform IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036. 2023-04-07 5.4 CVE-2022-43914
MISC
MISC
keetrax — wp_tiles The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-04-10 5.4 CVE-2022-4827
MISC
nlb-creations — scheduled_announcements_widget The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-04-10 5.4 CVE-2023-0363
MISC
fluentforms — contact_form The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it’s custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will trigger for any visitor to the form or admins previewing or editing the form. 2023-04-10 5.4 CVE-2023-0546
MISC
prolizyazilim — student_affairs_information_system Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01. 2023-04-07 5.4 CVE-2023-1726
MISC
fullworksplugins — quick_contact_form Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. 2023-04-07 5.4 CVE-2023-23885
MISC
openwrt — luci LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. 2023-04-10 5.4 CVE-2023-24181
MISC
MISC
MISC
liveaction — livesp A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML. 2023-04-10 5.4 CVE-2023-24721
MISC
MISC
kibokolabs — arigato_autoresponder_and_newsletter Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. 2023-04-07 5.4 CVE-2023-25061
MISC
opencats — opencats A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at opencats/index.php?m=candidates. 2023-04-11 5.4 CVE-2023-26846
MISC
MISC
opencats — opencats A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at opencats/index.php?m=candidates. 2023-04-11 5.4 CVE-2023-26847
MISC
MISC
robogallery — robo_gallery Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions. 2023-04-07 5.4 CVE-2023-27620
MISC
progress — sitefinity An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potential XSS by privileged users in Sitefinity to media libraries. 2023-04-10 5.4 CVE-2023-29376
MISC
MISC
github — enterprise_server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users’ secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 5.3 CVE-2023-23761
MISC
MISC
MISC
MISC
MISC
github — enterprise_server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 5.3 CVE-2023-23762
MISC
MISC
MISC
MISC
MISC
sap — netweaver_as_java_for_deploy_service SAP NetWeaver AS Java for Deploy Service – version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity. 2023-04-11 5.3 CVE-2023-24527
MISC
MISC
aten — pe8108_firmware Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). 2023-04-11 5.3 CVE-2023-25414
MISC
aten — pe8108_firmware Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Event Notification configuration. 2023-04-11 5.3 CVE-2023-25415
MISC
siemens — mendix_forgot_password A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. 2023-04-11 5.3 CVE-2023-27464
MISC
microsoft — multiple_products Windows Enroll Engine Security Feature Bypass Vulnerability 2023-04-11 5.3 CVE-2023-28226
MISC
siemens — polarion_alm
 
A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. 2023-04-11 5.3 CVE-2023-28828
MISC
updraftplus — all-in-one_security The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it’s settings pages, allowing an authorized user (admin+) to view the contents of arbitrary files and list directories anywhere on the server (to which the web server has access). The plugin only displays the last 50 lines of the file. 2023-04-10 4.9 CVE-2023-0156
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27801
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27802
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27803
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27804
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27805
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27806
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27807
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27808
MISC
h3c — magic_r100_firmware H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 4.9 CVE-2023-27810
MISC
microsoft — multiple_products
 
Windows DNS Server Information Disclosure Vulnerability 2023-04-11 4.9 CVE-2023-28277
MISC
updraftplus — all-in-one_security The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant bogus log files containing malicious JavaScript code that will be executed in the context of any administrator visiting this page. 2023-04-10 4.8 CVE-2023-0157
MISC
article_directory_project — article_directory The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to conduct Stored XSS attacks in multisite contexts. 2023-04-10 4.8 CVE-2023-0422
MISC
wordpress_amazon_s3_project — wordpress_amazon_s3 The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-10 4.8 CVE-2023-0423
MISC
auto_rename_media_on_upload_project — auto_rename_media_on_upload The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-04-10 4.8 CVE-2023-0605
MISC
klaviyo — klavio The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). 2023-04-10 4.8 CVE-2023-0874
MISC
dcac — time_sheets The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-04-10 4.8 CVE-2023-0893
MISC
ibenic — simple_giveaways The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-04-10 4.8 CVE-2023-1120
MISC
ibenic — simple_giveaways The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-04-10 4.8 CVE-2023-1121
MISC
ibenic — simple_giveaways The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2023-04-10 4.8 CVE-2023-1122
MISC
online_computer_and_laptop_store_project — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536. 2023-04-11 4.8 CVE-2023-1988
MISC
MISC
MISC
easy_panorama_project — easy_panorama Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions. 2023-04-07 4.8 CVE-2023-23799
MISC
auto_hide_admin_bar_project — auto_hide_admin_bar Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions. 2023-04-07 4.8 CVE-2023-23994
MISC
snapcreek — ezp_coming_soon_page Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions. 2023-04-07 4.8 CVE-2023-24398
MISC
wpbookingsystem — wp_booking_system Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions. 2023-04-07 4.8 CVE-2023-24402
MISC
kibokolabs — watu_quiz Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions. 2023-04-07 4.8 CVE-2023-25022
MISC
kibokolabs — chained_quiz Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions. 2023-04-07 4.8 CVE-2023-25027
MISC
kibokolabs — arigato_autoresponder_and_newsletter Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions. 2023-04-07 4.8 CVE-2023-25031
MISC
podlove — podlove_podcast_publisher Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions. 2023-04-07 4.8 CVE-2023-25046
MISC
implecode — ecommerce_product_catalog Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions. 2023-04-07 4.8 CVE-2023-25049
MISC
avalex — avalex Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions. 2023-04-07 4.8 CVE-2023-25059
MISC
zeno_font_resizer_project — zeno_font_resizer Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions. 2023-04-07 4.8 CVE-2023-25442
MISC
streamweasels — twitch_player Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions. 2023-04-07 4.8 CVE-2023-25464
MISC
fullworksplugins — quick_paypal_payments Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. 2023-04-07 4.8 CVE-2023-25702
MISC
goprayer — wp_prayer Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions. 2023-04-07 4.8 CVE-2023-25705
MISC
wp-buddy — google_analytics_opt-out Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions. 2023-04-07 4.8 CVE-2023-25712
MISC
announce_from_the_dashboard_project — announce_from_the_dashboard Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions. 2023-04-07 4.8 CVE-2023-25716
MISC
piwebsolution — product_page_shipping_calculator_for_woocommerce Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions. 2023-04-07 4.8 CVE-2023-29094
MISC
piwebsolution — product_enquiry_for_woocommerce Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions. 2023-04-07 4.8 CVE-2023-29170
MISC
microsoft — windows_server_2008 Windows Group Policy Security Feature Bypass Vulnerability 2023-04-11 4.4 CVE-2023-28276
MISC
sap — hcm_fiori_app_my_forms SAP HCM Fiori App My Forms (Fiori 2.0) – version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. 2023-04-11 4.3 CVE-2023-1903
MISC
MISC
my-blog_project — my-blog A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. 2023-04-07 4.3 CVE-2023-1937
MISC
MISC
MISC
microsoft — multiple_products
 
Remote Procedure Call Runtime Information Disclosure Vulnerability 2023-04-11 4.3 CVE-2023-21729
MISC
aten — pe8108_firmware Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF). 2023-04-11 4.3 CVE-2023-25411
MISC
opencats — opencats A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. 2023-04-11 4.3 CVE-2023-26845
MISC
MISC
microsoft — edge_chromium
 
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability 2023-04-11 4.3 CVE-2023-28284
MISC
silverwaregames — silverwaregames SilverwareGames.io versions before 1.2.19 allow users with access to the game upload panel to edit download links for games uploaded by other developers. This has been fixed in version 1.2.19. 2023-04-10 4.3 CVE-2023-29192
MISC
microsoft — edge_chromium Microsoft Edge (Chromium-based) Tampering Vulnerability 2023-04-11 4.2 CVE-2023-28301
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
apple — iphone_os A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16. A person with physical access to a device may be able to use Siri to access private calendar information 2023-04-10 2.4 CVE-2022-32871
MISC
apple — ipados A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.2 and iPadOS 16.2. A user with physical access to a locked Apple Watch may be able to view user photos via accessibility features 2023-04-10 2.4 CVE-2022-46717
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
bestwebsoft — contact_form A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The name of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability. 2023-04-09 not yet calculated CVE-2012-10010
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. 2023-04-08 not yet calculated CVE-2013-10023
MISC
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10024
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10025
MISC
MISC
MISC
bestwebsoft — contact_form
 
A vulnerability was found in BestWebSoft Contact Form Plugin 1.3.4 and classified as problematic. Affected by this issue is the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3.7 is able to address this issue. The name of the patch is 4d531f74b4a801c805dc80360d4ea1312e9a278f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225320. 2023-04-09 not yet calculated CVE-2014-125095
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. 2023-04-08 not yet calculated CVE-2015-10098
MISC
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability classified as critical has been found in CP Appointment Calendar Plugin up to 1.1.5. This affects the function dex_process_ready_to_go_appointment of the file dex_appointments.php. The manipulation of the argument itemnumber leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is e29a9cdbcb0f37d887dd302a05b9e8bf213da01d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225351. 2023-04-10 not yet calculated CVE-2015-10099
MISC
MISC
MISC
wordpress — wordpress
 
A vulnerability classified as problematic was found in Google Analytics Top Content Widget Plugin up to 1.5.6 on WordPress. Affected by this vulnerability is an unknown functionality of the file class-tgm-plugin-activation.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.5.7 is able to address this issue. The name of the patch is 25bb1dea113716200a6f0f3135801d84a7a65540. It is recommended to upgrade the affected component. The identifier VDB-226117 was assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2015-10101
MISC
MISC
MISC
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout. 2023-04-15 not yet calculated CVE-2018-15472
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Remote attackers could obtain sensitive information about issues, comments, and project titles via events API insecure direct object reference. 2023-04-15 not yet calculated CVE-2018-17449
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via the Kubernetes integration, leading (for example) to disclosure of a GCP service token. 2023-04-15 not yet calculated CVE-2018-17450
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Cross Site Request Forgery (CSRF) in the Slack integration for issuing slash commands. 2023-04-15 not yet calculated CVE-2018-17451
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. 2023-04-15 not yet calculated CVE-2018-17452
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception. 2023-04-15 not yet calculated CVE-2018-17453
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the issue details screen. 2023-04-15 not yet calculated CVE-2018-17454
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the “merge request approvals” feature. 2023-04-15 not yet calculated CVE-2018-17455
MISC
CONFIRM
gitlab — community/enterprise_edition
 
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is stored XSS on the merge request page via project import. 2023-04-15 not yet calculated CVE-2018-17536
MISC
CONFIRM
lilypond — lilypond
 
LilyPond before 2.24 allows attackers to bypass the -dsafe protection mechanism via output-def-lookup or output-def-scope, as demonstrated by dangerous Scheme code in a .ly file that causes arbitrary code execution during conversion to a different file format. NOTE: in 2.24 and later versions, safe mode is removed, and the product no longer tries to block code execution when external files are used. 2023-04-15 not yet calculated CVE-2020-17354
MISC
MISC
MISC
CONFIRM
MISC
MISC
milken — doyocms
 
File Upload vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the upload file type parameter. 2023-04-11 not yet calculated CVE-2020-19802
MISC
milken — doyocms
 
Cross Site Request Forgery vulnerability found in Milken DoyoCMS v.2.3 allows a remote attacker to execute arbitrary code via the background system settings. 2023-04-11 not yet calculated CVE-2020-19803
MISC
MISC
sqlite3 — sqlite3
 
Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause a denial of service via a crafted script. 2023-04-11 not yet calculated CVE-2020-24736
MISC
score — score
 
The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code. 2023-04-15 not yet calculated CVE-2020-29007
MISC
MISC
MISC
MISC
MISC
tailor_mangement_system — tailor_mangement_system
 
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file 2023-04-10 not yet calculated CVE-2020-36077
MISC
MISC
cs-cart — shipstation
 
The ShipStation.com plugin 1.1 and earlier for CS-Cart allows remote attackers to insert arbitrary information into the database (via action=shipnotify) because access to this endpoint is completely unchecked. The attacker must guess an order number. 2023-04-11 not yet calculated CVE-2020-9009
MISC
MISC
visualeditor — visualeditor
 
An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13, and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing, but hidden, user, VisualEditor will disclose that the user exists. (It shouldn’t because they are hidden.) This is related to ApiVisualEditor. 2023-04-15 not yet calculated CVE-2021-30153
CONFIRM
CONFIRM
MISC
mailman_core — mailman_core
 
An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attackers to exploit this, but can optionally be made to listen on other interfaces. 2023-04-15 not yet calculated CVE-2021-34337
MISC
MISC
MISC
openbmc — openbmc
 
In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface. 2023-04-15 not yet calculated CVE-2021-39295
MISC
MISC
CONFIRM
MISC
MISC
MISC
 lldpd — lldpd
 
In lldpd before 1.0.13, when decoding SONMP packets in the sonmp_decode function, it’s possible to trigger an out-of-bounds heap read via short SONMP packets. 2023-04-15 not yet calculated CVE-2021-43612
MISC
CONFIRM
CONFIRM
kvmtool — kvmtool
 
kvmtool through 39181fc allows an out-of-bounds write, related to virtio/balloon.c and virtio/pci.c. This allows a guest OS user to execute arbitrary code on the host machine. 2023-04-15 not yet calculated CVE-2021-45464
MISC
MISC
MISC
MISC
fluent — treasure_data_fluent_bit
 
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. 2023-04-11 not yet calculated CVE-2021-46878
MISC
MISC
fluent — treasure_data_fluent_bit
 
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. 2023-04-11 not yet calculated CVE-2021-46879
MISC
MISC
libressl/openbsd — libressl/openbsd
 
x509/x509_verify.c in LibreSSL before 3.4.2, and OpenBSD before 7.0 errata 006, allows authentication bypass because an error for an unverified certificate chain is sometimes discarded. 2023-04-15 not yet calculated CVE-2021-46880
MISC
MISC
MISC
insyde — kernel
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Specially formatted buffer contents used for software SMI could cause SMRAM corruption, leading to escalation of privilege. 2023-04-12 not yet calculated CVE-2022-24350
MISC
MISC
calibre-web — calibre-web
 
Improper Restriction of Excessive Authentication Attempts in GitHub repository janeczku/calibre-web prior to 0.6.20. 2023-04-15 not yet calculated CVE-2022-2525
CONFIRM
MISC
qualcomm — snapdragon
 
Memory correction in modem due to buffer overwrite during coap connection 2023-04-13 not yet calculated CVE-2022-25678
MISC
qualcomm — snapdragon
 
Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet 2023-04-13 not yet calculated CVE-2022-25726
MISC
qualcomm — snapdragon
 
Information disclosure in modem due to improper check of IP type while processing DNS server query 2023-04-13 not yet calculated CVE-2022-25730
MISC
qualcomm — snapdragon
 
Information disclosure in modem due to buffer over-read while processing packets from DNS server 2023-04-13 not yet calculated CVE-2022-25731
MISC
qualcomm — snapdragon
 
Information disclosure in modem due to missing NULL check while reading packets received from local network 2023-04-13 not yet calculated CVE-2022-25737
MISC
qualcomm — snapdragon
 
Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call 2023-04-13 not yet calculated CVE-2022-25739
MISC
qualcomm — snapdragon
 
Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface 2023-04-13 not yet calculated CVE-2022-25740
MISC
qualcomm — snapdragon
 
Memory corruption in modem due to improper input validation while handling the incoming CoAP message 2023-04-13 not yet calculated CVE-2022-25745
MISC
qualcomm — snapdragon
 
Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message 2023-04-13 not yet calculated CVE-2022-25747
MISC
fortinet — fortisandbox
 
A improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability [CWE-89] in Fortinet FortiSandbox version 4.2.0, 4.0.0 through 4.0.2, 3.2.0 through 3.2.3, 3.1.x and 3.0.x allows a remote and authenticated attacker with read permission to retrieve arbitrary files from the underlying Linux system via a crafted HTTP request. 2023-04-11 not yet calculated CVE-2022-27485
MISC
fortinet — fortisandbox
 
A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. 2023-04-11 not yet calculated CVE-2022-27487
MISC
qualcomm — snapdragon
 
memory corruption in modem due to improper check while calculating size of serialized CoAP message 2023-04-13 not yet calculated CVE-2022-33211
MISC
qualcomm — snapdragon
 
Information disclosure due to buffer over-read while parsing DNS response packets in Modem. 2023-04-13 not yet calculated CVE-2022-33222
MISC
qualcomm — snapdragon
 
Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding. 2023-04-13 not yet calculated CVE-2022-33223
MISC
qualcomm — snapdragon
 
Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header. 2023-04-13 not yet calculated CVE-2022-33228
MISC
qualcomm — snapdragon
 
Memory corruption due to double free in core while initializing the encryption key. 2023-04-13 not yet calculated CVE-2022-33231
MISC
qualcomm — snapdragon
 
Information disclosure due to buffer over-read in modem while reading configuration parameters. 2023-04-13 not yet calculated CVE-2022-33258
MISC
qualcomm — snapdragon
 
Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received. 2023-04-13 not yet calculated CVE-2022-33259
MISC
qualcomm — snapdragon
 
Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. 2023-04-13 not yet calculated CVE-2022-33269
MISC
qualcomm — snapdragon
 
Transient DOS due to time-of-check time-of-use race condition in Modem while processing RRC Reconfiguration message. 2023-04-13 not yet calculated CVE-2022-33270
MISC
qualcomm — snapdragon
 
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video playback. 2023-04-13 not yet calculated CVE-2022-33282
MISC
qualcomm — snapdragon
 
Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. 2023-04-13 not yet calculated CVE-2022-33287
MISC
qualcomm — snapdragon
 
Memory corruption due to buffer copy without checking the size of input in Core while sending SCM command to get write protection information. 2023-04-13 not yet calculated CVE-2022-33288
MISC
qualcomm — snapdragon
 
Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. 2023-04-13 not yet calculated CVE-2022-33289
MISC
qualcomm — snapdragon
 
Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. 2023-04-13 not yet calculated CVE-2022-33291
MISC
qualcomm — snapdragon
 
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message. 2023-04-13 not yet calculated CVE-2022-33294
MISC
qualcomm — snapdragon
 
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length. 2023-04-13 not yet calculated CVE-2022-33295
MISC
qualcomm — snapdragon
 
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message. 2023-04-13 not yet calculated CVE-2022-33296
MISC
qualcomm — snapdragon
 
Information disclosure due to buffer overread in Linux sensors 2023-04-13 not yet calculated CVE-2022-33297
MISC
qualcomm — snapdragon
 
Memory corruption due to use after free in Modem while modem initialization. 2023-04-13 not yet calculated CVE-2022-33298
MISC
qualcomm — snapdragon
 
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM. 2023-04-13 not yet calculated CVE-2022-33301
MISC
qualcomm — snapdragon
 
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. 2023-04-13 not yet calculated CVE-2022-33302
MISC
fortinet — fortiauthenticator
 
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in FortiAuthenticator versions 6.4.0 through 6.4.4, 6.3.0 through 6.3.3, all versions of 6.2 and 6.1 may allow a remote unauthenticated attacker to trigger a reflected cross site scripting (XSS) attack via the “reset-password” page. 2023-04-11 not yet calculated CVE-2022-35850
MISC
hitachi_vantara — pentaho_business_analytics_server
 
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.3.0.0, 9.2.0.4 and 8.3.0.27 allow a malicious URL to inject content into a dashboard when the CDE plugin is present.    2023-04-11 not yet calculated CVE-2022-3695
MISC
upstream_works — agent_desktop_for_cisco_finesse
 
A stored Cross-Site Scripting (XSS) vulnerability in the Chat gadget in Upstream Works Agent Desktop for Cisco Finesse through 4.2.12 and 5.0 allows remote attackers to inject arbitrary web script or HTML via AttachmentId in the file-upload details. 2023-04-10 not yet calculated CVE-2022-37462
MISC
MISC
forgerock_inc — access_management
 
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication Bypass.This issue affects Access Management: from 6.5.0 through 7.2.0. 2023-04-14 not yet calculated CVE-2022-3748
MISC
MISC
MISC
qualcomm — snapdragon
 
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming. 2023-04-13 not yet calculated CVE-2022-40503
MISC
qualcomm — snapdragon
 
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. 2023-04-13 not yet calculated CVE-2022-40532
MISC
fortinet — fortiadc/fortiddos
 
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 5.x all versions, 6.0 all versions, 6.1 all versions, 6.2.0 through 6.2.4, 7.0.0 through 7.0.3, 7.1.0; FortiDDoS 4.x all versions, 5.0 all versions, 5.1 all versions, 5.2 all versions, 5.3 all versions, 5.4 all versions, 5.5 all versions, 5.6 all versions and FortiDDoS-F 6.4.0, 6.3.0 through 6.3.3, 6.2.0 through 6.2.2, 6.1.0 through 6.1.4 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. 2023-04-11 not yet calculated CVE-2022-40679
MISC
fortinet — forticlient_for_windows
 
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. 2023-04-11 not yet calculated CVE-2022-40682
MISC
fortinet — fortios/fortiproxy
 
An improper neutralization of input during web page generation vulnerability (‘Cross-site Scripting’) [CWE-79] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9, version 6.4.0 through 6.4.11 and before 6.2.12 and FortiProxy version 7.2.0 through 7.2.1 and before 7.0.7 allows an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. 2023-04-11 not yet calculated CVE-2022-41330
MISC
fortinet — fortipresence
 
A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests. 2023-04-11 not yet calculated CVE-2022-41331
MISC
fortinet — fortigate
 
A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal. 2023-04-11 not yet calculated CVE-2022-42469
MISC
fortinet — forticlient_for_windows
 
A relative path traversal vulnerability in Fortinet FortiClient (Windows) 7.0.0 – 7.0.7, 6.4.0 – 6.4.9, 6.2.0 – 6.2.9 and 6.0.0 – 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe. 2023-04-11 not yet calculated CVE-2022-42470
MISC
fortinet — fortianalyzer
 
An improper input validation vulnerability [CWE-20] in FortiAnalyzer version 7.2.1 and below, version 7.0.6 and below, 6.4 all versions may allow an authenticated attacker to disclose file system information via custom dataset SQL queries. 2023-04-11 not yet calculated CVE-2022-42477
MISC
supermicro — x11sl-cf_hw
 
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. 2023-04-07 not yet calculated CVE-2022-43309
MISC
MISC
MISC
open-xchange — ox_app_suite
 
OX App Suite before 7.10.6-rev20 allows XSS via upsell ads. 2023-04-15 not yet calculated CVE-2022-43696
MISC
MISC
open-xchange — ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows XSS via an activity tracking adapter defined by jslob. 2023-04-15 not yet calculated CVE-2022-43697
MISC
MISC
open-xchange — ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows SSRF because changing a POP3 account disregards the deny-list. 2023-04-15 not yet calculated CVE-2022-43698
MISC
MISC
open-xchange — ox_app_suite
 
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain (found in the host part of an e-mail address). 2023-04-15 not yet calculated CVE-2022-43699
MISC
MISC
hitachi_vantara — pentaho_business_analytics_server
 
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.4 and 8.3.0.27 does not correctly perform an authorization check in the dashboard editor plugin API.    2023-04-11 not yet calculated CVE-2022-43770
MISC
fortinet — forticlient_for_windows
 
Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. 2023-04-11 not yet calculated CVE-2022-43946
MISC
fortinet — fortios/fortiproxy
 
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions. 2023-04-11 not yet calculated CVE-2022-43947
MISC
fortinet — fortiadc/fortiweb
 
A improper neutralization of special elements used in an os command (‘os command injection’) in Fortinet FortiWeb version 7.0.0 through 7.0.3, FortiADC version 7.1.0 through 7.1.1, FortiADC version 7.0.0 through 7.0.3, FortiADC 6.2 all versions, FortiADC 6.1 all versions, FortiADC 6.0 all versions, FortiADC 5.4 all versions, FortiADC 5.3 all versions, FortiADC 5.2 all versions, FortiADC 5.1 all versions allows attacker to execute unauthorized code or commands via specifically crafted arguments to existing commands. 2023-04-11 not yet calculated CVE-2022-43948
MISC
fortinet — fortinac
 
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below may allow an unauthenticated attacker to access sensitive information via crafted HTTP requests. 2023-04-11 not yet calculated CVE-2022-43951
MISC
fortinet — fortiadc
 
An improper neutralization of input during web page generation (‘Cross-site Scripting’) vulnerability [CWE-79] in FortiADC version 7.1.1 and below, version 7.0.3 and below, version 6.2.5 and below may allow an authenticated attacker to perform a cross-site scripting attack via crafted HTTP requests. 2023-04-11 not yet calculated CVE-2022-43952
MISC
fortinet — fortiweb
 
An improper neutralization of input during web page generation [CWE-79] in the FortiWeb web interface 7.0.0 through 7.0.3, 6.3.0 through 6.3.21, 6.4 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow an unauthenticated and remote attacker to perform a reflected cross site scripting attack (XSS) via injecting malicious payload in log entries used to build report. 2023-04-11 not yet calculated CVE-2022-43955
MISC
wordpress — wordpress
 
Auth. (admin+) Stored Cross-Site Scripting’) vulnerability in Zephilou Cyklodev WP Notify plugin <= 1.2.1 versions. 2023-04-13 not yet calculated CVE-2022-44625
MISC
rconfig — rconfig
 
A SQL injection vulnerability in rConfig 3.9.7 exists via lib/ajaxHandlers/ajaxCompareGetCmdDates.php?command= (this may interact with secure-file-priv). 2023-04-15 not yet calculated CVE-2022-45030
MISC
MISC
oracle — apache_sling_engine
 
The SlingRequestDispatcher doesn’t correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the “Check Content-Type overrides” configuration option. 2023-04-13 not yet calculated CVE-2022-45064
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim’s account, is able to decipher a file without knowing the key set by the user. 2023-04-14 not yet calculated CVE-2022-45170
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication can occur under the /api/v1/vdeskintegration/challenge endpoint. Because only the client-side verifies whether a check was successful, an attacker can modify the response, and fool the application into concluding that the TOTP was correct. 2023-04-14 not yet calculated CVE-2022-45173
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Bypass of Two-Factor Authentication for SAML Users can occur under the /login/backup_code endpoint and the /api/v1/vdeskintegration/challenge endpoint. The correctness of the TOTP is not checked properly, and can be bypassed by passing any string as the backup code. 2023-04-14 not yet calculated CVE-2022-45174
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object Reference can occur under the 5.6.5-3/doc/{ID-FILE]/c/{N]/{C]/websocket endpoint. A malicious unauthenticated user can access cached files in the OnlyOffice backend of other users by guessing the file ID of a target file. 2023-04-14 not yet calculated CVE-2022-45175
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskintegration/saml/user/createorupdate endpoint, the /settings/guest-settings endpoint, the /settings/samlusers-settings endpoint, and the /settings/users-settings endpoint. A malicious user (already logged in as a SAML User) is able to achieve privilege escalation from a low-privilege user (FGM user) to an administrative user (GGU user), including the administrator, or create new users even without an admin role. 2023-04-14 not yet calculated CVE-2022-45178
MISC
livebox — collaboration_vdesk
 
An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdesk_{DOMAIN]/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system (an operation intended to only be available to the system administrator). 2023-04-14 not yet calculated CVE-2022-45180
MISC
wordpress — wordpress
 
Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. 2023-04-13 not yet calculated CVE-2022-45358
MISC
arm — mali_kernel
 
An issue was discovered in the Arm Mali Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. 2023-04-11 not yet calculated CVE-2022-46396
MISC
servicenow — servicenow
 
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain. 2023-04-14 not yet calculated CVE-2022-46886
MISC
timmystudios — fast_typing_keyboard
 
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary files in its internal storage via a dictionary traversal vulnerability and achieve arbitrary code execution. 2023-04-14 not yet calculated CVE-2022-47027
MISC
MISC
MISC
dnn_corp — dotnetnuke
 
An arbitrary file upload vulnerability in the Digital Assets Manager module of DNN Corp DotNetNuke v7.0.0 to v9.10.2 allows attackers to execute arbitrary code via a crafted SVG file. 2023-04-12 not yet calculated CVE-2022-47053
MISC
MISC
oracle — apache_ofbiz
 
Arbitrary file reading vulnerability in Apache Software Foundation Apache OFBiz when using the Solr plugin. This is a  pre-authentication attack. This issue affects Apache OFBiz: before 18.12.07. 2023-04-14 not yet calculated CVE-2022-47501
MISC
MISC
MISC
ieee_802.11 — ieee_802.11
 
The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target’s MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target’s original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client’s pairwise encryption key. 2023-04-15 not yet calculated CVE-2022-47522
MISC
MISC
MISC
wordpress — wordpress
 
Auth. SQL Injection’) vulnerability in Kunal Nagar Custom 404 Pro plugin <= 3.7.0 versions. 2023-04-12 not yet calculated CVE-2022-47605
MISC
x2crm_open_source_sales_crm — x2crm_open_source_sales_crm
 
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the adin/importModels Import Records Model field (model parameter). This vulnerability allows attackers to create malicious JavaScript that will be executed by the victim user’s browser. 2023-04-15 not yet calculated CVE-2022-48177
MISC
MISC
x2crm_open_source_sales_crm — x2crm_open_source_sales_crm
 
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Create Action function, aka an index.php/actions/update URI. 2023-04-15 not yet calculated CVE-2022-48178
MISC
MISC
libressl/openbsd — libressl/openbsd
 
An issue was discovered in x509/x509_verify.c in LibreSSL before 3.6.1, and in OpenBSD before 7.2 errata 001. x509_verify_ctx_add_chain does not store errors that occur during leaf certificate verification, and therefore an incorrect error is returned. This behavior occurs when there is an installed verification callback that instructs the verifier to continue upon detecting an invalid certificate. 2023-04-12 not yet calculated CVE-2022-48437
MISC
MISC
MISC
protobuf-c — protobuf-c
 
protobuf-c before 1.4.1 has an unsigned integer overflow in parse_required_member. 2023-04-13 not yet calculated CVE-2022-48468
MISC
MISC
MISC
MISC
palo_alto_networks — pan-os
 
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges. These files can include logs and system components that impact the integrity and availability of PAN-OS software. 2023-04-12 not yet calculated CVE-2023-0004
MISC
palo_alto_networks — pan-os A vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to expose the plaintext values of secrets stored in the device configuration and encrypted API keys. 2023-04-12 not yet calculated CVE-2023-0005
MISC
palo_alto_networks — globalprotect
 
A local file deletion vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a user to delete system files from the endpoint with elevated privileges through a race condition. 2023-04-12 not yet calculated CVE-2023-0006
MISC
libjxl — libjxl
 
An out of bounds read exists in libjxl. An attacker using a specifically crafted file could cause an out of bounds read in the exif handler. We recommend upgrading to version 0.8.1 or past commit  https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 https://github.com/libjxl/libjxl/pull/2101/commits/d95b050c1822a5b1ede9e0dc937e43fca1b10159 2023-04-11 not yet calculated CVE-2023-0645
MISC
MISC
mitsubishi_electric_india — gc-enet-com
 
Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are “16” allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in Ethernet communication by sending a large number of specially crafted packets to any UDP port when GC-ENET-COM is configured as a Modbus TCP Server. The communication resumes only when the power of the main unit is turned off and on or when the GC-ENET-COM is hot-swapped from the main unit. 2023-04-14 not yet calculated CVE-2023-1285
MISC
MISC
canonical_ltd — apport_for_linux
 
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit. 2023-04-13 not yet calculated CVE-2023-1326
MISC
ge_gas_power — toolboxst
 
ToolboxST prior to version 7.10 is affected by a deserialization vulnerability. An attacker with local access to an HMI or who has conducted a social engineering attack on an authorized operator could execute code in a Toolbox user’s context through the deserialization of an untrusted configuration file. Two CVSS scores have been provided to capture the differences between the two aforementioned attack vectors.  Customers are advised to update to ToolboxST 7.10 which can be found in ControlST 7.10. If unable to update at this time customers should ensure they are following the guidance laid out in GE Gas Power’s Secure Deployment Guide (GEH-6839). Customers should ensure they are not running ToolboxST as an Administrative user.  2023-04-11 not yet calculated CVE-2023-1552
MISC
b&r_ industrial_automation — b&r_vc4
 
Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules).  This vulnerability may allow an unauthenticated network-based attacker to bypass the authentication mechanism of the VC4 visualization on affected devices. The impact of this vulnerability depends on the functionality provided in the visualization. This issue affects B&R VC4: from 3.* through 3.96.7, from 4.0* through 4.06.7, from 4.1* through 4.16.3, from 4.2* through 4.26.8, from 4.3* through 4.34.6, from 4.4* through 4.45.1, from 4.5* through 4.45.3, from 4.7* through 4.72.9. 2023-04-14 not yet calculated CVE-2023-1617
MISC
openvswitch — openvswitch
 
A flaw was found in openvswitch (OVS). When processing an IP packet with protocol 0, OVS will install the datapath flow without the action modifying the IP header. This issue results (for both kernel and userspace datapath) in installing a datapath flow matching all IP protocols (nw_proto is wildcarded) for this flow, but with an incorrect action, possibly causing incorrect handling of other IP packets with a != 0 IP protocol that matches this dp flow. 2023-04-10 not yet calculated CVE-2023-1668
MISC
MISC
DEBIAN
linux — kernel
 
A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. 2023-04-12 not yet calculated CVE-2023-1829
MISC
MISC
linux — kernel
 
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8. 2023-04-12 not yet calculated CVE-2023-1872
MISC
MISC
wordpress — wordpress
 
The WP Data Access plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.3.7. This is due to a lack of authorization checks on the multiple_roles_update function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the ‘wpda_role[]’ parameter during a profile update. This requires the ‘Enable role management’ setting to be enabled for the site. 2023-04-12 not yet calculated CVE-2023-1874
MISC
MISC
MISC
MISC
MISC
imagemagick — magickcore
 
A heap-based buffer overflow issue was discovered in ImageMagick’s ImportMultiSpectralQuantum() function in MagickCore/quantum-import.c. An attacker could pass specially crafted file to convert, triggering an out-of-bounds read error, allowing an application to crash, resulting in a denial of service. 2023-04-12 not yet calculated CVE-2023-1906
MISC
MISC
MISC
MISC
MISC
tiffcrop — libtiff A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds read in the extractImageSection function in tools/tiffcrop.c, resulting in a denial of service and limited information disclosure. This issue affects libtiff versions 4.x. 2023-04-10 not yet calculated CVE-2023-1916
MISC
MISC
devolutions — remote_desktop_manager
 
No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non admin users to see OTP keys via the user interface. 2023-04-11 not yet calculated CVE-2023-1939
MISC
sourcecodester — survey_application_system
 
A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1946
MISC
MISC
tao_interactive– taocms
 
A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1947
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system
 
A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. 2023-04-08 not yet calculated CVE-2023-1948
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system
 
A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336. 2023-04-08 not yet calculated CVE-2023-1949
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system
 
A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1950
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store
 
A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. 2023-04-08 not yet calculated CVE-2023-1961
MISC
MISC
MISC
sourcecodester — best_online_news_portal
 
A vulnerability classified as critical was found in SourceCodester Best Online News Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225361 was assigned to this vulnerability. 2023-04-09 not yet calculated CVE-2023-1962
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system
 
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225359. 2023-04-09 not yet calculated CVE-2023-1963
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system
 
A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. Affected is an unknown function of the file recovery.php of the component Password Reset. The manipulation of the argument uname/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225360. 2023-04-09 not yet calculated CVE-2023-1964
MISC
MISC
MISC
answerdev — answer
 
Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. 2023-04-11 not yet calculated CVE-2023-1974
MISC
CONFIRM
answerdev — answer
 
Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8. 2023-04-11 not yet calculated CVE-2023-1975
MISC
CONFIRM
answerdev — answer
 
Password Aging with Long Expiration in GitHub repository answerdev/answer prior to 1.0.6. 2023-04-11 not yet calculated CVE-2023-1976
MISC
CONFIRM
devolutions — remote_desktop_manager
 
Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open entries. 2023-04-11 not yet calculated CVE-2023-1980
MISC
sourcecodester — sales_tracker_management_system
 
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/products/manage_product.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225530 is the identifier assigned to this vulnerability. 2023-04-11 not yet calculated CVE-2023-1983
MISC
MISC
MISC
sourcecodester — complaint_management_system
 
A vulnerability classified as critical was found in SourceCodester Complaint Management System 1.0. This vulnerability affects unknown code of the file /users/check_availability.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225532. 2023-04-11 not yet calculated CVE-2023-1984
MISC
MISC
MISC
linux — kernel
 
A use-after-free flaw was found in btsdio_remove in driversbluetoothbtsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. 2023-04-11 not yet calculated CVE-2023-1989
MISC
linux — kernel
 
A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. 2023-04-12 not yet calculated CVE-2023-1990
MISC
wireshark_foundation — wireshark
 
RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12 not yet calculated CVE-2023-1992
MISC
CONFIRM
MISC
wireshark_foundation — wireshark
 
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12 not yet calculated CVE-2023-1993
MISC
CONFIRM
MISC
wireshark_foundation — wireshark
 
GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file 2023-04-12 not yet calculated CVE-2023-1994
CONFIRM
MISC
MISC
freetype — freetype
 
An integer overflow vulnerability was discovered in Freetype in tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. 2023-04-14 not yet calculated CVE-2023-2004
MISC
MISC
MISC
MISC
FEDORA
linux — kernel
 
A flaw was found in the Linux kernel’s udmabuf device driver. The specific flaw exists within a fault handler. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an array. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. 2023-04-14 not yet calculated CVE-2023-2008
MISC
MISC
MISC
cisco — small_business_routers
 
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. 2023-04-13 not yet calculated CVE-2023-20118
MISC
microweber — microweber
 
Cross-site Scripting (XSS) – Generic in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-13 not yet calculated CVE-2023-2014
CONFIRM
MISC
nilsteampassnet — teampass
 
Cross-site Scripting (XSS) – Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.3. 2023-04-13 not yet calculated CVE-2023-2021
MISC
CONFIRM
wordpress — wordpress
 
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.2. This is due to insufficient verification on the user being supplied during a Facebook login through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. 2023-04-15 not yet calculated CVE-2023-2027
MISC
MISC
google — chrome
 
Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-04-14 not yet calculated CVE-2023-2033
MISC
MISC
MISC
froxlor — froxlor
 
Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. 2023-04-14 not yet calculated CVE-2023-2034
MISC
CONFIRM
campcodes — video_sharing_website
 
A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file signup.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225913 was assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2035
MISC
MISC
MISC
campcodes — video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file upload.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225914 is the identifier assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2036
MISC
MISC
MISC
campcodes — video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been classified as critical. This affects an unknown part of the file watch.php. The manipulation of the argument code leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225915. 2023-04-14 not yet calculated CVE-2023-2037
MISC
MISC
MISC
campcodes — video_sharing_website
 
A vulnerability was found in Campcodes Video Sharing Website 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin_class.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225916. 2023-04-14 not yet calculated CVE-2023-2038
MISC
MISC
MISC
novel-plus — novel-plus
 
A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2039
MISC
MISC
MISC
novel-plus — novel-plus
 
A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2040
MISC
MISC
MISC
novel-plus — novel-plus
 
A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the file /category/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2041
MISC
MISC
MISC
datagear — datagear
 
A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2042
MISC
MISC
MISC
control_id — control_id
 
A vulnerability, which was classified as problematic, was found in Control iD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-225921 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2043
MISC
MISC
control_id – id_secure
 
A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-14 not yet calculated CVE-2023-2044
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument voter leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225932. 2023-04-14 not yet calculated CVE-2023-2047
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/voters_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225933 was assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2048
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ballot_up.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225934 is the identifier assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2049
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability was found in Campcodes Advanced Online Voting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225935. 2023-04-14 not yet calculated CVE-2023-2050
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Affected is an unknown function of the file /admin/positions_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225936. 2023-04-14 not yet calculated CVE-2023-2051
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ballot_down.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225937 was assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2052
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/candidates_row.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225938 is the identifier assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2053
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /admin/positions_delete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225939. 2023-04-14 not yet calculated CVE-2023-2054
MISC
MISC
MISC
campcodes — advanced_online_voting_system
 
A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/config_save.php. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225940. 2023-04-14 not yet calculated CVE-2023-2055
MISC
MISC
MISC
dedecms — dedecms
 
A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical. This issue affects the function GetSystemFile of the file module_main.php. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225941 was assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2056
MISC
MISC
MISC
eyoucms — eyoucms
 
A vulnerability was found in EyouCms 1.5.4. It has been classified as problematic. Affected is an unknown function of the file login.php?m=admin&c=Arctype&a=edit of the component New Picture Handler. The manipulation of the argument litpic_loca leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225942 is the identifier assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2057
MISC
MISC
MISC
eyoucms — eyoucms
 
A vulnerability was found in EyouCms up to 1.6.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /yxcms/index.php?r=admin/extendfield/mesedit&tabid=12&id=4 of the component HTTP POST Request Handler. The manipulation of the argument web_ico leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225943. 2023-04-14 not yet calculated CVE-2023-2058
MISC
MISC
MISC
dedecms — dedecms
 
A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/select_templets.php. The manipulation leads to path traversal: ‘..filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225944. 2023-04-14 not yet calculated CVE-2023-2059
MISC
MISC
MISC
campcodes — online_traffic_offense_management_system A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Login.php. The manipulation of the argument password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226051. 2023-04-14 not yet calculated CVE-2023-2073
MISC
MISC
MISC
campcodes — online_traffic_offense_management_system
 
A vulnerability was found in Campcodes Online Traffic Offense Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226052. 2023-04-14 not yet calculated CVE-2023-2074
MISC
MISC
MISC
campcodes — online_traffic_offense_management_system
 
A vulnerability classified as critical has been found in Campcodes Online Traffic Offense Management System 1.0. This affects an unknown part of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226053 was assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2075
MISC
MISC
MISC
campcodes — online_traffic_offense_management_system
 
A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0. This vulnerability affects unknown code of the file /classes/Users.phpp. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226054 is the identifier assigned to this vulnerability. 2023-04-14 not yet calculated CVE-2023-2076
MISC
MISC
MISC
campcodes — online_traffic_offense_management_system
 
A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0. This issue affects some unknown processing of the file /admin/offenses/view_details.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226055. 2023-04-14 not yet calculated CVE-2023-2077
MISC
MISC
MISC
spring — framework
 
In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition. 2023-04-13 not yet calculated CVE-2023-20863
MISC
spring — session
 
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using HeaderHttpSessionIdResolver. 2023-04-13 not yet calculated CVE-2023-20866
MISC
sourcecodester — complaint_management_system
 
A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226097 was assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2089
MISC
MISC
MISC
sourcecodester — employee_and_visitor_gate_pass_logging_system
 
A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2090
MISC
MISC
MISC
kylinsoft — youker-assistant
 
A vulnerability classified as critical was found in KylinSoft youker-assistant. Affected by this vulnerability is the function adjust_cpufreq_scaling_governer. The manipulation leads to os command injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.4.13 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226099. 2023-04-15 not yet calculated CVE-2023-2091
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability, which was classified as critical, has been found in SourceCodester Vehicle Service Management System 1.0. Affected by this issue is some unknown functionality of the file view_service.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226100. 2023-04-15 not yet calculated CVE-2023-2092
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability, which was classified as critical, was found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226101 was assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2093
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability has been found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/mechanics/manage_mechanic.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226102 is the identifier assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2094
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103. 2023-04-15 not yet calculated CVE-2023-2095
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226104. 2023-04-15 not yet calculated CVE-2023-2096
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226105 was assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2097
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /inc/topBarNav.php. The manipulation of the argument search leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226106 is the identifier assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2098
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226107. 2023-04-15 not yet calculated CVE-2023-2099
MISC
MISC
MISC
sourcecodester — vehicle_service_management_system
 
A vulnerability classified as problematic was found in SourceCodester Vehicle Service Management System 1.0. This vulnerability affects unknown code of the file /admin/report/index.php. The manipulation of the argument date_end leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226108. 2023-04-15 not yet calculated CVE-2023-2100
MISC
MISC
MISC
mogu_blog — mogu_blog
 
A vulnerability, which was classified as problematic, has been found in moxi624 Mogu Blog v2 up to 5.2. This issue affects the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226109 was assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2101
MISC
MISC
MISC
MISC
easyappointments — easyappointments
 
Cross-site Scripting (XSS) – Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. 2023-04-15 not yet calculated CVE-2023-2102
CONFIRM
MISC
easyappointments — easyappointments
 
Cross-site Scripting (XSS) – Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. 2023-04-15 not yet calculated CVE-2023-2103
MISC
CONFIRM
easyappointments — easyappointments
 
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. 2023-04-15 not yet calculated CVE-2023-2104
CONFIRM
MISC
easyappointments — easyappointments
 
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. 2023-04-15 not yet calculated CVE-2023-2105
MISC
CONFIRM
calibre-web — calibre-web
 
Weak Password Requirements in GitHub repository janeczku/calibre-web prior to 0.6.20. 2023-04-15 not yet calculated CVE-2023-2106
CONFIRM
MISC
ibos — ibos
 
A vulnerability, which was classified as critical, was found in IBOS 4.5.5. Affected is an unknown function of the file file/personal/del&op=recycle. The manipulation of the argument fids leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226110 is the identifier assigned to this vulnerability. 2023-04-15 not yet calculated CVE-2023-2107
MISC
MISC
MISC
qualcom — snapdragon
 
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal. 2023-04-13 not yet calculated CVE-2023-21630
MISC
elecom — wab-mat
 
WAB-MAT Ver.5.0.0.8 and earlier starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. 2023-04-11 not yet calculated CVE-2023-22282
MISC
MISC
wolt — wolt_delivery
 
Android App ‘Wolt Delivery: Food and more’ version 4.27.2 and earlier uses hard-coded credentials (API key for an external service), which may allow a local attacker to obtain the hard-coded API key via reverse-engineering the application binary. 2023-04-11 not yet calculated CVE-2023-22429
MISC
MISC
insyde — insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. A malicious host OS can invoke an Insyde SMI handler with malformed arguments, resulting in memory corruption in SMM. 2023-04-11 not yet calculated CVE-2023-22612
MISC
MISC
MISC
insyde — insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. It is possible to write to an attacker-controlled address. An attacker could invoke an SMI handler with a malformed pointer in RCX that overlaps SMRAM, resulting in SMM memory corruption. 2023-04-11 not yet calculated CVE-2023-22613
MISC
MISC
MISC
insyde — insydeh2o
 
An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler. 2023-04-11 not yet calculated CVE-2023-22614
MISC
MISC
MISC
insyde — insydeh2o
 
An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI subfunction execution may corrupt SMRAM. An attacker can pass an address in the RCX save state register that overlaps SMRAM, thereby coercing an IHISI subfunction handler to overwrite private SMRAM. 2023-04-11 not yet calculated CVE-2023-22615
MISC
MISC
insyde — insydeh2o
 
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register is not checked before use. The IhisiSmm driver does not check the value of a save state register before use. Due to insufficient input validation, an attacker can corrupt SMRAM. 2023-04-12 not yet calculated CVE-2023-22616
MISC
MISC
MISC
securepoint — utm
 
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall’s endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device’s authentication and get access to the administrative interface. 2023-04-12 not yet calculated CVE-2023-22620
MISC
MISC
fortinet — forticlientmac
 
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0.0 through 7.0.7, 6.4 all versions, 6.2 all versions, 6.0 all versions, 5.6 all versions, 5.4 all versions, 5.2 all versions, 5.0 all versions and 4.0 all versions may allow a local attacker to escalate their privileges via modifying the installer upon upgrade. 2023-04-11 not yet calculated CVE-2023-22635
MISC
fortinet — fortios/fortiproxy
 
A url redirection to untrusted site (‘open redirect’) in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specially crafted requests. 2023-04-11 not yet calculated CVE-2023-22641
MISC
fortinet — fortianalyzer/fortimanager
 
An improper certificate validation vulnerability [CWE-295] in FortiAnalyzer and FortiManager 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4.8 through 6.4.10 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and the remote FortiGuard server hosting outbreakalert ressources. 2023-04-11 not yet calculated CVE-2023-22642
MISC
open_design_alliance — drawings_sdk
 
Parsing of DWG files in Open Design Alliance Drawings SDK before 2023.6 lacks proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2023-04-15 not yet calculated CVE-2023-22669
MISC
open_design_alliance — drawings_sdk
 
A heap-based buffer overflow exists in the DXF file reading procedure in Open Design Alliance Drawings SDK before 2023.6. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of the length of user-supplied XRecord data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. 2023-04-15 not yet calculated CVE-2023-22670
MISC
arm — mali_gpu_kernel
 
An issue was discovered in the Arm Android Gralloc Module. A non-privileged user can read a small portion of the allocator process memory. This affects Bifrost r24p0 through r41p0 before r42p0, Valhall r24p0 through r41p0 before r42p0, and Avalon r41p0 before r42p0. 2023-04-11 not yet calculated CVE-2023-22808
MISC
securepoint — utm
 
An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall’s endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used. 2023-04-12 not yet calculated CVE-2023-22897
MISC
MISC
tigergraph — enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster. 2023-04-13 not yet calculated CVE-2023-22948
MISC
MISC
tigergraph — enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is logging of user credentials. All authenticated GSQL access requests are logged by TigerGraph in multiple places. Each request includes both the username and password of the user in an easily decodable base64 form. That could allow a TigerGraph administrator to effectively harvest usernames/passwords. 2023-04-14 not yet calculated CVE-2023-22949
MISC
MISC
tigergraph — enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations. 2023-04-13 not yet calculated CVE-2023-22950
MISC
MISC
tigergraph — enterprise_free_edition
 
An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints. 2023-04-13 not yet calculated CVE-2023-22951
MISC
MISC
snippet_box — snippet_box
 
Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote attackers can render arbitrary web script or HTML from the “Snippet code” form field. 2023-04-11 not yet calculated CVE-2023-23277
MISC
MISC
MISC
seiko_espon — multiple_products
 
Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. 2023-04-11 not yet calculated CVE-2023-23572
MISC
MISC
contec –conprosys_iot_gateway_products
 
Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in obtaining the network information of the product. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). 2023-04-11 not yet calculated CVE-2023-23575
MISC
MISC
MISC
MISC
MISC
terminalfour — terminalfour
 
The Logback component in Terminalfour before 8.3.14.1 allows OS administrators to obtain sensitive information from application server logs when debug logging is enabled. The fixed versions are 8.2.18.7, 8.2.18.2.2, 8.3.11.1, and 8.3.14.1. 2023-04-12 not yet calculated CVE-2023-23591
MISC
MISC
lucl  — lucl 
 
LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. 2023-04-11 not yet calculated CVE-2023-24182
MISC
MISC
MISC
MISC
buffalo — bs_gs_series
 
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user’s web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier 2023-04-11 not yet calculated CVE-2023-24464
MISC
MISC
arista — eos
 
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability. 2023-04-13 not yet calculated CVE-2023-24509
MISC
arista — eos
 
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system. 2023-04-12 not yet calculated CVE-2023-24511
MISC
arista — cloudeos
 
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. 2023-04-12 not yet calculated CVE-2023-24513
MISC
buffalo — bs_gs_series
 
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier 2023-04-11 not yet calculated CVE-2023-24544
MISC
MISC
arista — cloudeos
 
On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic. 2023-04-12 not yet calculated CVE-2023-24545
MISC
qt — qt
 
Qt before 6.4.3 allows a denial of service via a crafted string when the SQL ODBC driver plugin is used and the size of SQLTCHAR is 4. The affected versions are 5.x before 5.15.13, 6.x before 6.2.8, and 6.3.x before 6.4.3. 2023-04-15 not yet calculated CVE-2023-24607
MISC
MISC
MISC
MISC
MISC
MISC
MISC
aten — pe8108
 
Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have access to other users’ outlets. 2023-04-11 not yet calculated CVE-2023-25409
MISC
mitel — micollab
 
A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request – including the exact path and filename – due to improper authentication control. A successful exploit could allow access to sensitive information. 2023-04-14 not yet calculated CVE-2023-25597
CONFIRM
jtekt_electronics_corporation — screen_creator_advance_2
 
Screen Creator Advance 2 Ver.0.1.1.4 Build01A and earlier is vulnerable to improper restriction of operations within the bounds of a memory buffer (CWE-119) due to improper check of its data size when processing a project file. If a user of Screen Creator Advance 2 opens a specially crafted project file, information may be disclosed and/or arbitrary code may be executed. 2023-04-11 not yet calculated CVE-2023-25755
MISC
MISC
haproxy — haproxy
 
HTTP request/response smuggling vulnerability in HAProxy version 2.7.0, and 2.6.1 to 2.6.7 allows a remote attacker to alter a legitimate user’s request. As a result, the attacker may obtain sensitive information or cause a denial-of-service (DoS) condition. 2023-04-11 not yet calculated CVE-2023-25950
MISC
MISC
MISC
kyocera — mobile_print
 
KYOCERA Mobile Print’ v3.2.0.230119 and earlier, ‘UTAX/TA MobilePrint’ v3.2.0.230119 and earlier, and ‘Olivetti Mobile Print’ v3.2.0.230119 and earlier are vulnerable to improper intent handling. When a malicious app is installed on the victim user’s Android device, the app may send an intent and direct the affected app to download malicious files or apps to the device without notification. 2023-04-13 not yet calculated CVE-2023-25954
MISC
MISC
MISC
MISC
MISC
ministry_of land_infrastructure_transport_and_tourism_japan — national_land_numerical _information_data_conversion
 
National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the PC may be accessed by an attacker. 2023-04-11 not yet calculated CVE-2023-25955
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. 2023-04-10 not yet calculated CVE-2023-26063
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. 2023-04-10 not yet calculated CVE-2023-26064
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 have an Integer Overflow. 2023-04-10 not yet calculated CVE-2023-26065
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. 2023-04-10 not yet calculated CVE-2023-26066
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). 2023-04-10 not yet calculated CVE-2023-26067
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). 2023-04-10 not yet calculated CVE-2023-26068
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). 2023-04-10 not yet calculated CVE-2023-26069
MISC
MISC
lexmark — multiple_products
 
Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). 2023-04-10 not yet calculated CVE-2023-26070
MISC
MISC
xxl-job-admin — xxl-job-admin
 
This affects all versions of the package com.xuxueli:xxl-job. HTML uploaded payload executed successfully through /xxl-job-admin/user/add and /xxl-job-admin/user/update. 2023-04-10 not yet calculated CVE-2023-26120
MISC
safe-eval — safe-eval
 
All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution (“RCE”). **Vulnerable functions:** __defineGetter__, stack(), toLocaleString(), propertyIsEnumerable.call(), valueOf(). 2023-04-11 not yet calculated CVE-2023-26122
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
raylib_for_web_platform  — raylib_for_web_platform 
 
Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ‘ character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscripten_run_script function. **Note:** This vulnerability is present only when compiling raylib for PLATFORM_WEB. All the other Desktop/Mobile/Embedded platforms are not affected. 2023-04-14 not yet calculated CVE-2023-26123
MISC
MISC
MISC
MISC
oxid_esales — eshop
 
OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer’s account by an attacker, due to an improper check of the user agent. 2023-04-11 not yet calculated CVE-2023-26260
MISC
talend — data_catalog
 
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. 2023-04-13 not yet calculated CVE-2023-26263
MISC
MISC
talend — data_catalog
 
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. 2023-04-13 not yet calculated CVE-2023-26264
MISC
MISC
strongswan — strongswan
 
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named “public” for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereference. One attack vector is sending an untrusted client certificate during EAP-TLS. A server is affected only if it loads plugins that implement TLS-based EAP methods (EAP-TLS, EAP-TTLS, EAP-PEAP, or EAP-TNC). This is fixed in 5.9.10. 2023-04-15 not yet calculated CVE-2023-26463
MISC
MISC
pegasystems — rpa_synchronization_engine
 
A man in the middle can redirect traffic to a malicious server in a compromised configuration. 2023-04-10 not yet calculated CVE-2023-26467
MISC
libntp/mstolfp.c — libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. 2023-04-11 not yet calculated CVE-2023-26551
MISC
MISC
libntp/mstolfp.c — libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. 2023-04-11 not yet calculated CVE-2023-26552
MISC
MISC
libntp/mstolfp.c — libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. 2023-04-11 not yet calculated CVE-2023-26553
MISC
MISC
libntp/mstolfp.c — libntp/mstolfp.c
 
mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a ‘’ character. An adversary may be able to attack a client ntpq process, but cannot attack ntpd. 2023-04-11 not yet calculated CVE-2023-26554
MISC
MISC
ntpd/refclock_palisade.c — ntpd/refclock_palisade.c
 
praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver. 2023-04-11 not yet calculated CVE-2023-26555
MISC
MISC
oxygen — xml_web_author
 
A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. (XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build 2023021715 are also fixed versions.) 2023-04-14 not yet calculated CVE-2023-26559
MISC
MISC
buffalo — bs_gsl_and _bs_gs_series
 
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier 2023-04-11 not yet calculated CVE-2023-26588
MISC
MISC
yokogawa_electric_corporation — centun_series
 
CENTUM series provided by Yokogawa Electric Corporation are vulnerable to cleartext storage of sensitive information. If an attacker who can login or access the computer where the affected product is installed tampers the password file stored in the computer, the user privilege which CENTUM managed may be escalated. As a result, the control system may be operated with the escalated user privilege. To exploit this vulnerability, the following prerequisites must be met: (1)An attacker has obtained user credentials where the affected product is installed, (2)CENTUM Authentication Mode is used for user authentication when CENTUM VP is used. The affected products and versions are as follows: CENTUM CS 1000, CENTUM CS 3000 (Including CENTUM CS 3000 Entry Class) R2.01.00 to R3.09.50, CENTUM VP (Including CENTUM VP Entry Class) R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, and R6.01.00 and later, B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R7.04.51 and R8.01.01 and later 2023-04-11 not yet calculated CVE-2023-26593
MISC
MISC
revive — adserver
 
The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. 2023-04-14 not yet calculated CVE-2023-26756
MISC
MISC
sourcecodester — sales_tracker_management_system
 
An issue found in Sales Tracker Management System v.1.0 allows a remote attacker to access sensitive information via sales.php component of the admin/reports endpoint. 2023-04-10 not yet calculated CVE-2023-26774
MISC
MISC
MISC
MISC
textpattern — textpattern
 
An arbitrary file upload vulnerability in the upload plugin of Textpattern v4.8.8 and below allows attackers to execute arbitrary code by uploading a crafted PHP file. 2023-04-12 not yet calculated CVE-2023-26852
MISC
MISC
MISC
libyang — libyang
 
libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lysp_stmt_validate_value at lys_parse_mem.c. 2023-04-11 not yet calculated CVE-2023-26917
MISC
diasoft — file_replication_pro
 
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%FileReplicationPro allows Everyone:(F) access. 2023-04-14 not yet calculated CVE-2023-26918
MISC
MISC
hyper_http2_rst_stream_frames — hyper_http2_rst_stream_frames
 
An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). 2023-04-11 not yet calculated CVE-2023-26964
MISC
atropim — atropim
 
Atropim 1.5.26 is vulnerable to Directory Traversal. 2023-04-14 not yet calculated CVE-2023-26969
MISC
pax_technology –pax_a920_prodroid
 
PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot process. 2023-04-14 not yet calculated CVE-2023-26980
MISC
MISC
MISC
pretashop — advancedpopupcreator
 
Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups(). 2023-04-12 not yet calculated CVE-2023-27032
MISC
MISC
gdidees — cms
 
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. 2023-04-11 not yet calculated CVE-2023-27179
MISC
MISC
MISC
dualspace — super_security
 
An issue found in DUALSPACE Super Security v.2.3.7 allows an attacker to cause a denial of service via the key_wifi_safe_net_check_url, KEY_Cirus_scan_whitelist and KEY_AD_NEW_USER_AVOID_TIME parameters. 2023-04-11 not yet calculated CVE-2023-27192
MISC
MISC
MISC
dualspace — dualspace
 
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field. 2023-04-14 not yet calculated CVE-2023-27193
MISC
MISC
MISC
d-link — dsl-3782
 
An issue found in D-Link DSL-3782 v.1.03 allows remote authenticated users to execute arbitrary code as root via the network settings page. 2023-04-12 not yet calculated CVE-2023-27216
MISC
MISC
MISC
contec –conprosys_iot_gateway_products
 
Inadequate encryption strength vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker with an administrative privilege to apply a specially crafted Firmware update file, alter the information, cause a denial-of-service (DoS) condition, and/or execute arbitrary code. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). 2023-04-11 not yet calculated CVE-2023-27389
MISC
MISC
MISC
MISC
MISC
sap — solution_manager_diagnostics_agent
 
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent – version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system. 2023-04-11 not yet calculated CVE-2023-27497
MISC
MISC
sap — gui_for_html
 
SAP GUI for HTML – versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could craft a malicious URL and lure the victim to click, the script supplied by the attacker will execute in the victim user’s browser. The information from the victim’s web browser can either be modified or read and sent to the attacker. 2023-04-11 not yet calculated CVE-2023-27499
MISC
MISC
seiko_epson — multiple_products
 
Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended operations by having a logged-in user view a malicious page. [Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers/network interface via a web browser. According to SEIKO EPSON CORPORATION, it is also called as Remote Manager in some products. Web Config is pre-installed in some printers/network interface provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor. 2023-04-11 not yet calculated CVE-2023-27520
MISC
MISC
commscope_arris — dg3450
 
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. 2023-04-15 not yet calculated CVE-2023-27571
MISC
MISC
MISC
commscope_arris — dg3450
 
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. 2023-04-15 not yet calculated CVE-2023-27572
MISC
MISC
MISC
poweramp — audioplayer
 
An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library 2023-04-14 not yet calculated CVE-2023-27643
MISC
MISC
MISC
poweramp — audioplayer
 
An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters. 2023-04-11 not yet calculated CVE-2023-27645
MISC
MISC
MISC
dualspace — lock_master
 
An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the com.ludashi.superlock.util.pref.SharedPrefProviderEntryMethod: insert of the android.net.Uri.insert method. 2023-04-14 not yet calculated CVE-2023-27647
MISC
MISC
MISC
t-me studios — change_color_of_keypad
 
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. 2023-04-14 not yet calculated CVE-2023-27648
MISC
MISC
MISC
trusted_tools — free_music
 
SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table 2023-04-14 not yet calculated CVE-2023-27649
MISC
MISC
MISC
ego_studio — superclean
 
An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. 2023-04-14 not yet calculated CVE-2023-27651
MISC
MISC
MISC
who_app — who_app
 
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. 2023-04-14 not yet calculated CVE-2023-27653
MISC
MISC
MISC
who_app — who_app
 
An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. 2023-04-14 not yet calculated CVE-2023-27654
MISC
MISC
MISC
sourcecodester — auto_dealer_management_system
 
Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. 2023-04-14 not yet calculated CVE-2023-27666
MISC
MISC
MISC
sourcecodester — auto_dealer_management_system
 
Auto Dealer Management System v1.0 was discovered to contain a SQL injection vulnerability. 2023-04-13 not yet calculated CVE-2023-27667
MISC
MISC
MISC
pikpak_for_android — pikpak_for_android
 
The Android version of pikpak v1.29.2 was discovered to contain an information leak via the debug interface. 2023-04-12 not yet calculated CVE-2023-27703
MISC
MISC
void_tools — void_tools
 
Void Tools Everything lower than v1.4.1.1022 was discovered to contain a Regular Expression Denial of Service (ReDoS). 2023-04-12 not yet calculated CVE-2023-27704
MISC
MISC
MISC
d-link — dir878
 
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_498308 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-09 not yet calculated CVE-2023-27718
MISC
MISC
d-link — dir878
 
D-Link DIR878 1.30B08 was discovered to contain a stack overflow in the sub_478360 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-09 not yet calculated CVE-2023-27719
MISC
MISC
nginx — njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_function_frame at src/njs_function.h. 2023-04-09 not yet calculated CVE-2023-27727
MISC
nginx — njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_dump_is_recursive at src/njs_vmcode.c. 2023-04-09 not yet calculated CVE-2023-27728
MISC
nginx — njs
 
Nginx NJS v0.7.10 was discovered to contain an illegal memcpy via the function njs_vmcode_return at src/njs_vmcode.c. 2023-04-09 not yet calculated CVE-2023-27729
MISC
nginx — njs
 
Nginx NJS v0.7.10 was discovered to contain a segmentation violation via the function njs_lvlhsh_find at src/njs_lvlhsh.c. 2023-04-09 not yet calculated CVE-2023-27730
MISC
blackvue — dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 was discovered to contain a weak default passphrase which can be easily cracked via a brute force attack if the WPA2 handshake is intercepted. 2023-04-13 not yet calculated CVE-2023-27746
MISC
MISC
MISC
MISC
blackvue — dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authentication in its web server. This vulnerability allows attackers to access sensitive information such as configurations and recordings. 2023-04-13 not yet calculated CVE-2023-27747
MISC
MISC
MISC
MISC
blackvue — dr750-2ch
 
BlackVue DR750-2CH LTE v.1.012_2022.10.26 does not employ authenticity check for uploaded firmware. This can allow attackers to upload crafted firmware which contains backdoors and enables arbitrary code execution. 2023-04-13 not yet calculated CVE-2023-27748
MISC
MISC
MISC
MISC
libiec61850 — libiec61850
 
libiec61850 v1.5.1 was discovered to contain a segmentation violation via the function ControlObjectClient_setOrigin() at /client/client_control.c. 2023-04-13 not yet calculated CVE-2023-27772
MISC
MISC
liveaction — livesp
 
A stored HTML injection vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary code via a crafted payload. 2023-04-12 not yet calculated CVE-2023-27775
MISC
MISC
MISC
alo — am_presencia
 
AM Presencia v3.7.3 was discovered to contain a SQL injection vulnerability via the user parameter in the login form. 2023-04-13 not yet calculated CVE-2023-27779
MISC
MISC
MISC
MISC
bloofox — bloofox
 
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the delete_file() function. 2023-04-13 not yet calculated CVE-2023-27812
MISC
MISC
MISC
MISC
seowonintech — multiple_products
 
SeowonIntech SWC 5100W WIMAX Bootloader 1.18.19.0, HW 0.0.7.0, and FW 1.11.0.1, 1.9.9.4 are vulnerable to OS Command Injection. which allows attackers to take over the system with root privilege by abusing doSystem() function. 2023-04-12 not yet calculated CVE-2023-27826
MISC
MISC
MISC
tightvnc — tightvnc
 
TightVNC before v2.8.75 allows attackers to escalate privileges on the host operating system via replacing legitimate files with crafted files when executing a file transfer. This is due to the fact that TightVNC runs in the backend as a high-privileges account. 2023-04-12 not yet calculated CVE-2023-27830
MISC
MISC
MISC
autodesk — autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. 2023-04-14 not yet calculated CVE-2023-27912
MISC
autodesk — autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data, or execute arbitrary code in the context of the current process. 2023-04-14 not yet calculated CVE-2023-27913
MISC
autodesk — autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process. 2023-04-14 not yet calculated CVE-2023-27914
MISC
autodesk — autocad
 
A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2023-04-14 not yet calculated CVE-2023-27915
MISC
contec –conprosys_iot_gateway_products
 
OS command injection vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker who can access Network Maintenance page to execute arbitrary OS commands with a root privilege. The affected products and versions are as follows: M2M Gateway with the firmware Ver.3.7.10 and earlier (CPS-MG341-ADSC1-111, CPS-MG341-ADSC1-931, CPS-MG341G-ADSC1-111, CPS-MG341G-ADSC1-930, and CPS-MG341G5-ADSC1-931), M2M Controller Integrated Type with firmware Ver.3.7.6 and earlier versions (CPS-MC341-ADSC1-111, CPS-MC341-ADSC1-931, CPS-MC341-ADSC2-111, CPS-MC341G-ADSC1-110, CPS-MC341Q-ADSC1-111, CPS-MC341-DS1-111, CPS-MC341-DS11-111, CPS-MC341-DS2-911, and CPS-MC341-A1-111), and M2M Controller Configurable Type with firmware Ver.3.8.8 and earlier versions (CPS-MCS341-DS1-111, CPS-MCS341-DS1-131, CPS-MCS341G-DS1-130, CPS-MCS341G5-DS1-130, and CPS-MCS341Q-DS1-131). 2023-04-11 not yet calculated CVE-2023-27917
MISC
MISC
MISC
MISC
MISC
fortinet — fortisoar
 
A improper neutralization of special elements used in a template engine vulnerability in Fortinet FortiSOAR 7.3.0 through 7.3.1 allows an authenticated, remote attacker to execute arbitrary code via a crafted payload. 2023-04-11 not yet calculated CVE-2023-27995
MISC
dell — ppdm
 
Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions. 2023-04-11 not yet calculated CVE-2023-28062
MISC
hewlett_packard_enterprise — oneview_global_dashboard
 
An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials 2023-04-14 not yet calculated CVE-2023-28085
MISC
hewlett_packard_enterprise — oneview_virtual_appliance
 
HPE OneView virtual appliance “Migrate server hardware” option may expose sensitive information in an HPE OneView support dump 2023-04-14 not yet calculated CVE-2023-28091
MISC
pegasystems — rpa:_synchronization_engine
 
A user with a compromised configuration can start an unsigned binary as a service. 2023-04-10 not yet calculated CVE-2023-28093
MISC
wordpress — wordpress
 
An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated. 2023-04-12 not yet calculated CVE-2023-28121
MISC
tp-link_corporation_limited — t2600g-28sq
 
TP-Link L2 switch T2600G-28SQ firmware versions prior to ‘T2600G-28SQ(UN)_V1_1.0.6 Build 20230227’ uses vulnerable SSH host keys. A fake device may be prepared to spoof the affected device with the vulnerable host key.If the administrator may be tricked to login to the fake device, the credential information for the affected device may be obtained. 2023-04-11 not yet calculated CVE-2023-28368
MISC
MISC
connman — connman
 
client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers (operating a crafted DHCP server) to cause a stack-based buffer overflow and denial of service, terminating the connman process. 2023-04-12 not yet calculated CVE-2023-28488
MISC
MISC
hikvision — hybrid_san/cluster_storage_products
 
Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the admin permission. The attacker can exploit the vulnerability by sending crafted messages to the affected devices. 2023-04-11 not yet calculated CVE-2023-28808
MISC
flask-appbuilder — flask-appbuilder
 
Flask-AppBuilder versions before 4.3.0 lack rate limiting which can allow an attacker to brute-force user credentials. Version 4.3.0 includes the ability to enable rate limiting using `AUTH_RATE_LIMITED = True`, `RATELIMIT_ENABLED = True`, and setting an `AUTH_RATE_LIMIT`. 2023-04-10 not yet calculated CVE-2023-29005
MISC
MISC
go — go
 
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. This issue has been patched in versions 2.9.10 and 2.10.0-rc2. 2023-04-14 not yet calculated CVE-2023-29013
MISC
MISC
MISC
MISC
open-feature — open-feature-operator
 
The OpenFeature Operator allows users to expose feature flags to applications. Assuming the pre-existence of a vulnerability that allows for arbitrary code execution, an attacker could leverage the lax permissions configured on `open-feature-operator-controller-manager` to escalate the privileges of any SA in the cluster. The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets. Version 0.2.32 mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify. 2023-04-14 not yet calculated CVE-2023-29018
MISC
MISC
autodesk — autocad A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. 2023-04-14 not yet calculated CVE-2023-29067
MISC
zoho — manageengine_admanager_plus
 
Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings. 2023-04-13 not yet calculated CVE-2023-29084
MISC
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP status line. 2023-04-14 not yet calculated CVE-2023-29085
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Min-SE header. 2023-04-14 not yet calculated CVE-2023-29086
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Retry-After header. 2023-04-14 not yet calculated CVE-2023-29087
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Session-Expires header. 2023-04-14 not yet calculated CVE-2023-29088
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding SIP multipart messages. 2023-04-14 not yet calculated CVE-2023-29089
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP Via header. 2023-04-14 not yet calculated CVE-2023-29090
MISC
exynos — multiple_products
 
An issue was discovered in Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding an SIP URI. 2023-04-14 not yet calculated CVE-2023-29091
MISC
sap — abap_platform/sap_web_dispatcher
 
The IP filter in ABAP Platform and SAP Web Dispatcher – versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. This may enable access to backend applications from unwanted sources. 2023-04-11 not yet calculated CVE-2023-29108
MISC
MISC
sap — application_interface_framework
 
The SAP Application Interface Framework (Message Dashboard) – versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. An authorized attacker can inject arbitrary Excel formulas into fields like the Tooltip of the Custom Hints List. Once the victim opens the downloaded Excel document, the formula will be executed. As a result, an attacker can cause limited impact on the confidentiality and integrity of the application. 2023-04-11 not yet calculated CVE-2023-29109
MISC
MISC
sap — application_interface_framework
 
The SAP Application Interface (Message Dashboard) – versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. An authorized attacker can use some of the basic HTML codes such as heading, basic formatting and lists, then an attacker can inject images from the foreign domains. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application. 2023-04-11 not yet calculated CVE-2023-29110
MISC
MISC
sap — application_interface_framework
 
The SAP AIF (ODATA service) – versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application. 2023-04-11 not yet calculated CVE-2023-29111
MISC
MISC
sap — application_interface_framework
 
The SAP Application Interface (Message Monitoring) – versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. The comment will render links and custom CSS classes as HTML objects. After successful exploitations, an attacker can cause limited impact on the confidentiality and integrity of the application. 2023-04-11 not yet calculated CVE-2023-29112
MISC
MISC
irssi — irssi
 
Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. 2023-04-14 not yet calculated CVE-2023-29132
MISC
MISC
sap — netweaver_as_for_abap
 
SAP NetWeaver AS for ABAP (Business Server Pages) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server’s resources sufficiently to make it unavailable over the network without any user interaction. 2023-04-11 not yet calculated CVE-2023-29185
MISC
MISC
sap — netweaver
 
In SAP NetWeaver (BI CONT ADDON) – versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Data cannot be read but if a remote attacker has sufficient (administrative) privileges then potentially critical OS files can be overwritten making the system unavailable. 2023-04-11 not yet calculated CVE-2023-29186
MISC
MISC
sap — sapsetup
 
A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) – version 9.0, resulting in a privilege escalation running code as administrator of the very same Windows PC. A successful attack depends on various preconditions beyond the attacker’s control. 2023-04-11 not yet calculated CVE-2023-29187
MISC
MISC
sap — crm
 
SAP CRM (WebClient UI) – versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to the web server. This application is exposed over the network and successful exploitation can lead to exposure of form fields 2023-04-11 not yet calculated CVE-2023-29189
MISC
MISC
spicedb — spicedb
 
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. The `spicedb serve` command contains a flag named `–grpc-preshared-key` which is used to protect the gRPC API from being accessed by unauthorized requests. The values of this flag are to be considered sensitive, secret data. The `/debug/pprof/cmdline` endpoint served by the metrics service (defaulting running on port `9090`) reveals the command-line flags provided for debugging purposes. If a password is set via the `–grpc-preshared-key` then the key is revealed by this endpoint along with any other flags provided to the SpiceDB binary. This issue has been fixed in version 1.19.1. ### Impact All deployments abiding by the recommended best practices for production usage are **NOT affected**: – Authzed’s SpiceDB Serverless – Authzed’s SpiceDB Dedicated – SpiceDB Operator Users configuring SpiceDB via environment variables are **NOT affected**. Users **MAY be affected** if they expose their metrics port to an untrusted network and are configuring `–grpc-preshared-key` via command-line flag. ### Patches TODO ### Workarounds To workaround this issue you can do one of the following: – Configure the preshared key via an environment variable (e.g. `SPICEDB_GRPC_PRESHARED_KEY=yoursecret spicedb serve`) – Reconfigure the `–metrics-addr` flag to bind to a trusted network (e.g. `–metrics-addr=localhost:9090`) – Disable the metrics service via the flag (e.g. `–metrics-enabled=false`) – Adopt one of the recommended deployment models: [Authzed’s managed services](https://authzed.com/pricing) or the [SpiceDB Operator](https://github.com/authzed/spicedb-operator) ### References – [GitHub Security Advisory issued for SpiceDB](https://github.com/authzed/spicedb/security/advisories/GHSA-cjr9-mr35-7xh6) – [Go issue #22085](https://github.com/golang/go/issues/22085) for documenting the risks of exposing pprof to the internet – [Go issue #42834](https://github.com/golang/go/issues/42834) discusses preventing pprof registration to the default serve mux – [semgrep rule go.lang.security.audit.net.pprof.pprof-debug-exposure](https://semgrep.dev/r?q=go.lang.security.audit.net.pprof) checks for a variation of this issue ### Credit We’d like to thank Amit Laish, a security researcher at GE Vernova for responsibly disclosing this vulnerability. 2023-04-14 not yet calculated CVE-2023-29193
MISC
MISC
MISC
vitessio — vitess
 
Vitess is a database clustering system for horizontal scaling of MySQL. Users can either intentionally or inadvertently create a keyspace containing `/` characters such that from that point on, anyone who tries to view keyspaces from VTAdmin will receive an error. Trying to list all the keyspaces using `vtctldclient GetKeyspaces` will also return an error. Note that all other keyspaces can still be administered using the CLI (vtctldclient). This issue is fixed in version 16.0.1. As a workaround, delete the offending keyspace using a CLI client (vtctldclient). 2023-04-14 not yet calculated CVE-2023-29194
MISC
MISC
MISC
vm2_project — vm2
 
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version `3.9.16` of `vm2`. 2023-04-14 not yet calculated CVE-2023-29199
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The “restricted” mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1, only escaped `<script>` and `<style>`-tags but neither attributes that can be used to inject scripts nor other dangerous HTML tags like `<iframe>`. As a consequence, any code relying on this “restricted” mode for security is vulnerable to JavaScript injection (“cross-site scripting”/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.6 RC1 with the introduction of a filter with allowed HTML elements and attributes that is enabled in restricted mode. There are no known workarounds apart from upgrading to a version including the fix. 2023-04-15 not yet calculated CVE-2023-29201
MISC
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn’t used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki’s version, in the web application’s directory. 2023-04-15 not yet calculated CVE-2023-29202
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. It’s possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1. 2023-04-15 not yet calculated CVE-2023-29203
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1. 2023-04-15 not yet calculated CVE-2023-29204
MISC
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct. 2023-04-15 not yet calculated CVE-2023-29205
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights. 2023-04-15 not yet calculated CVE-2023-29206
MISC
MISC
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn’t properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn’t require script rights, this can be demonstrated with the syntax `{{documents id=”example” count=”5″ actions=”false” columns=”doc.title, before<script>alert(1)</script>after”/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. 2023-04-15 not yet calculated CVE-2023-29207
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it’s deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it. 2023-04-15 not yet calculated CVE-2023-29208
MISC
MISC
MISC
xwiki — xwiki_platform XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user’s profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10. 2023-04-15 not yet calculated CVE-2023-29209
MISC
MISC
MISC
xwiki — xwiki_platform
 
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10. 2023-04-15 not yet calculated CVE-2023-29210
MISC
MISC
MISC
shadow — shadow
 
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that “cat /etc/passwd” shows a rogue user account. 2023-04-14 not yet calculated CVE-2023-29383
MISC
MISC
MISC
MISC
ncurses — ncurses
 
ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable. 2023-04-14 not yet calculated CVE-2023-29491
MISC
MISC
MISC
novi_survey — novi_survey
 
Novi Survey before 8.9.43676 allows remote attackers to execute arbitrary code on the server in the context of the service account. This does not provide access to stored survey or response data. 2023-04-11 not yet calculated CVE-2023-29492
CONFIRM
matrix_org — matrix_js_sdk
 
matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker will not appear to be participating in the call. This attack is possible because matrix-js-sdk’s group call implementation accepts incoming direct calls from other users, even if they have not yet declared intent to participate in the group call, as a means of resolving a race condition in call setup. Affected versions do not restrict access to the user’s outbound media in this case. Legacy 1:1 calls are unaffected. This is fixed in matrix-js-sdk 24.1.0. As a workaround, users may hold group calls in private rooms where only the exact users who are expected to participate in the call are present. 2023-04-14 not yet calculated CVE-2023-29529
MISC
MISC
MISC
cesanta_mjs — cesanta_mjs
 
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). 2023-04-14 not yet calculated CVE-2023-29569
MISC
MISC
cesanta_mjs — cesanta_mjs
 
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via gc_sweep at src/mjs_gc.c. This vulnerability can lead to a Denial of Service (DoS). 2023-04-12 not yet calculated CVE-2023-29571
MISC
MISC
bento — bento
 
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp4info component. 2023-04-13 not yet calculated CVE-2023-29573
MISC
MISC
bento — bento
 
Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42avc component. 2023-04-12 not yet calculated CVE-2023-29574
MISC
MISC
bento — bento
 
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h. 2023-04-11 not yet calculated CVE-2023-29576
MISC
MISC
yasm — yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the component yasm_expr_create at /libyasm/expr.c. 2023-04-12 not yet calculated CVE-2023-29580
MISC
MISC
yasm — yasm
 
yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c. 2023-04-12 not yet calculated CVE-2023-29581
MISC
MISC
mp4v2 — mp4v2
 
mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. 2023-04-14 not yet calculated CVE-2023-29584
MISC
MISC
bloofox — bloofox
 
bloofox v0.5.2 was discovered to contain a SQL injection vulnerability via the component /index.php?mode=content&page=pages&action=edit&eid=1. 2023-04-13 not yet calculated CVE-2023-29597
MISC
lmxcms — lmxcms
 
lmxcms v1.4.1 was discovered to contain a SQL injection vulnerability via the setbook parameter at index.php. 2023-04-13 not yet calculated CVE-2023-29598
MISC
purchase_order_management — purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. 2023-04-14 not yet calculated CVE-2023-29621
MISC
MISC
purchase_order_management — purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. 2023-04-14 not yet calculated CVE-2023-29622
MISC
MISC
purchase_order_management — purchase_order_management
 
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. 2023-04-14 not yet calculated CVE-2023-29623
MISC
MISC
employee_performance_evaluation_system — employee_performance_evaluation_system
 
Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. 2023-04-14 not yet calculated CVE-2023-29625
MISC
sourcecodester — yoga_class_registration_system
 
Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. 2023-04-14 not yet calculated CVE-2023-29626
MISC
sourcecodester — online_pizza_ordering Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. 2023-04-14 not yet calculated CVE-2023-29627
MISC
MISC
totolink — x18 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. 2023-04-14 not yet calculated CVE-2023-29798
MISC
totolink — x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. 2023-04-14 not yet calculated CVE-2023-29799
MISC
totolink — x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. 2023-04-14 not yet calculated CVE-2023-29800
MISC
totolink — x18 TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. 2023-04-14 not yet calculated CVE-2023-29801
MISC
totolink — x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. 2023-04-14 not yet calculated CVE-2023-29802
MISC
totolink — x18
 
TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. 2023-04-14 not yet calculated CVE-2023-29803
MISC
iodata — wfs-sr03 WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. 2023-04-14 not yet calculated CVE-2023-29804
MISC
iodata — wfs-sr03
 
WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. 2023-04-14 not yet calculated CVE-2023-29805
MISC
aerocms — aerocms AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. 2023-04-14 not yet calculated CVE-2023-29847
MISC
slims — bulian
 
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user’s geolocation and device information. 2023-04-14 not yet calculated CVE-2023-29850
MISC
redpanda — rpk rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. 2023-04-08 not yet calculated CVE-2023-30450
MISC
MISC
MISC
MISC
MISC
smartptt — scada
 
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default). 2023-04-14 not yet calculated CVE-2023-30459
MISC
MISC
apache — inlong Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the “orderType” parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the   user with ID 1 from the “user” table, one character at a time.  Users are advised to upgrade to Apache InLong’s 1.6.0 or cherry-pick [1] to solve it. https://programmer.help/blogs/jdbc-deserialization-vulnerability-learning.html [1] https://github.com/apache/inlong/issues/7529 https://github.com/apache/inlong/issues/7529 2023-04-11 not yet calculated CVE-2023-30465
MISC
MISC
cubefs — cubefs
 
CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret. 2023-04-12 not yet calculated CVE-2023-30512
MISC
jenkins — kubernetes_plugin
 
Jenkins Kubernetes Plugin 3909.v1f2c633e8590 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. 2023-04-12 not yet calculated CVE-2023-30513
MISC
MISC
jenkins — azure_key_vault_plugin
 
Jenkins Azure Key Vault Plugin 187.va_cd5fecd198a_ and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. 2023-04-12 not yet calculated CVE-2023-30514
MISC
MISC
jenkins — thycotic_devops_secrets_vault_plugin
 
Jenkins Thycotic DevOps Secrets Vault Plugin 1.0.0 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. 2023-04-12 not yet calculated CVE-2023-30515
MISC
MISC
jenkins — image_tag_parameter_plugin Jenkins Image Tag Parameter Plugin 2.0 improperly introduces an option to opt out of SSL/TLS certificate validation when connecting to Docker registries, resulting in job configurations using Image Tag Parameters that were created before 2.0 having SSL/TLS certificate validation disabled by default. 2023-04-12 not yet calculated CVE-2023-30516
MISC
MISC
jenkins — neuvector_vulnerability_scanner_plugin
 
Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier unconditionally disables SSL/TLS certificate and hostname validation when connecting to a configured NeuVector Vulnerability Scanner server. 2023-04-12 not yet calculated CVE-2023-30517
MISC
MISC
jenkins — thycotic_secret_server_plugin
 
A missing permission check in Jenkins Thycotic Secret Server Plugin 1.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2023-04-12 not yet calculated CVE-2023-30518
MISC
MISC
jenkins — quay.io_trigger_plugin A missing permission check in Jenkins Quay.io trigger Plugin 0.1 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. 2023-04-12 not yet calculated CVE-2023-30519
MISC
MISC
jenkins — quay.io_trigger_plugin Jenkins Quay.io trigger Plugin 0.1 and earlier does not limit URL schemes for repository homepage URLs submitted via Quay.io trigger webhooks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Quay.io trigger webhook payloads. 2023-04-12 not yet calculated CVE-2023-30520
MISC
MISC
jenkins — assembla_merge_request_builder_plugin A missing permission check in Jenkins Assembla merge request builder Plugin 1.1.13 and earlier allows unauthenticated attackers to trigger builds of jobs corresponding to the attacker-specified repository. 2023-04-12 not yet calculated CVE-2023-30521
MISC
MISC
jenkins — fogbugz_plugin A missing permission check in Jenkins Fogbugz Plugin 2.2.17 and earlier allows attackers with Item/Read permission to trigger builds of jobs specified in a ‘jobname’ request parameter. 2023-04-12 not yet calculated CVE-2023-30522
MISC
MISC
jenkins — report_portal_plugin Jenkins Report Portal Plugin 0.5 and earlier stores ReportPortal access tokens unencrypted in job config.xml files on the Jenkins controller as part of its configuration where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system. 2023-04-12 not yet calculated CVE-2023-30523
MISC
MISC
jenkins — report_portal_plugin Jenkins Report Portal Plugin 0.5 and earlier does not mask ReportPortal access tokens displayed on the configuration form, increasing the potential for attackers to observe and capture them. 2023-04-12 not yet calculated CVE-2023-30524
MISC
MISC
jenkins — report_portal_plugin A cross-site request forgery (CSRF) vulnerability in Jenkins Report Portal Plugin 0.5 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified bearer token authentication. 2023-04-12 not yet calculated CVE-2023-30525
MISC
MISC
jenkins — report_portal_plugin A missing permission check in Jenkins Report Portal Plugin 0.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified bearer token authentication. 2023-04-12 not yet calculated CVE-2023-30526
MISC
MISC
jenkins — wso2_oauth_plugin
 
Jenkins WSO2 Oauth Plugin 1.0 and earlier stores the WSO2 Oauth client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2023-04-12 not yet calculated CVE-2023-30527
MISC
MISC
jenkins — wso2_oauth_plugin
 
Jenkins WSO2 Oauth Plugin 1.0 and earlier does not mask the WSO2 Oauth client secret on the global configuration form, increasing the potential for attackers to observe and capture it. 2023-04-12 not yet calculated CVE-2023-30528
MISC
MISC
jenkins — lucene_serach_plugin
 
Jenkins Lucene-Search Plugin 387.v938a_ecb_f7fe9 and earlier does not require POST requests for an HTTP endpoint, allowing attackers to reindex the database. 2023-04-12 not yet calculated CVE-2023-30529
MISC
MISC
jenkins — consul_kv_builder_plugin Jenkins Consul KV Builder Plugin 2.0.13 and earlier stores the HashiCorp Consul ACL Token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. 2023-04-12 not yet calculated CVE-2023-30530
MISC
MISC
jenkins — consul_kv_builder_plugin Jenkins Consul KV Builder Plugin 2.0.13 and earlier does not mask the HashiCorp Consul ACL Token on the global configuration form, increasing the potential for attackers to observe and capture it. 2023-04-12 not yet calculated CVE-2023-30531
MISC
MISC
jenkins — turboscript_plugin
 
A missing permission check in Jenkins TurboScript Plugin 1.3 and earlier allows attackers with Item/Read permission to trigger builds of jobs corresponding to the attacker-specified repository. 2023-04-12 not yet calculated CVE-2023-30532
MISC
MISC
snowflake_jdbc — snowflake_jdbc
 
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to the SSO URL with an attack payload. If the attacker then tricked a user into visiting the maliciously crafted connection URL, the user’s local machine would render the malicious payload, leading to a remote code execution. The vulnerability was patched on March 17, 2023 as part of Snowflake JDBC driver Version 3.13.29. All users should immediately upgrade the Snowflake JDBC driver to the latest version: 3.13.29. 2023-04-14 not yet calculated CVE-2023-30535
MISC
MISC
dmidecode — dmidecode
 
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. 2023-04-13 not yet calculated CVE-2023-30630
MISC
MISC
MISC
MISC
tikv — tikv
 
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error) upon an attempt to get a timestamp from the Placement Driver. 2023-04-13 not yet calculated CVE-2023-30635
MISC
tikv — tikv
 
TiKV 6.1.2 allows remote attackers to cause a denial of service (fatal error, with RpcStatus UNAVAILABLE for “not leader”) upon an attempt to start a node in a situation where the context deadline is exceeded 2023-04-13 not yet calculated CVE-2023-30636
MISC
baidu — braft
 
Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomic_server. NOTE: installations with brpc-0.14.0 and later are unaffected. 2023-04-13 not yet calculated CVE-2023-30637
MISC
atos — unify_openscape_sbc
 
Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. 2023-04-14 not yet calculated CVE-2023-30638
MISC
MISC

Back to top

Categories
alerts

Vulnerability Summary for the Week of April 3, 2023

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
mingsoft — mcms SQL Injection vulnerability found in Ming-Soft MCMS v.4.7.2 allows a remote attacker to execute arbitrary code via basic_title parameter. 2023-04-04 9.8 CVE-2020-20913
MISC
publiccms — publiccms SQL Injection vulnerability found in San Luan PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via the sql parameter. 2023-04-04 9.8 CVE-2020-20914
MISC
publiccms — publiccms SQL Injection vulnerability found in PublicCMS v.4.0 allows a remote attacker to execute arbitrary code via sql parameter of the the SysSiteAdminControl. 2023-04-04 9.8 CVE-2020-20915
MISC
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a webshell that could allow him to execute arbitrary code as root. 2023-03-31 9.8 CVE-2022-47190
CONFIRM
CONFIRM
CONFIRM
fernus — learning_management_systems Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.This issue affects LMS: before 23.04.03. 2023-04-04 9.8 CVE-2023-1728
MISC
phpmyfaq — phpmyfaq Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 9.8 CVE-2023-1753
MISC
CONFIRM
akbim — panon Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Akbim Computer Panon allows SQL Injection.This issue affects Panon: before 1.0.2. 2023-04-03 9.8 CVE-2023-1765
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671. 2023-03-31 9.8 CVE-2023-1770
MISC
MISC
MISC
rockoa — rockoa A vulnerability was found in Rockoa 2.3.2. It has been declared as critical. This vulnerability affects unknown code of the file webmainConfig.php of the component Configuration File Handler. The manipulation leads to code injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224674 is the identifier assigned to this vulnerability. 2023-03-31 9.8 CVE-2023-1773
MISC
MISC
MISC
jeecg — jeecg_boot A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. This issue affects some unknown processing of the component API Documentation. The manipulation leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224699. 2023-03-31 9.8 CVE-2023-1784
MISC
MISC
MISC
sourcecodester — earnings_and_expense_tracker_app A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-224700. 2023-03-31 9.8 CVE-2023-1785
MISC
MISC
MISC
firefly-iii — firefly_iii Improper Input Validation in GitHub repository firefly-iii/firefly-iii prior to 6.0.0. 2023-04-01 9.8 CVE-2023-1789
MISC
CONFIRM
sourcecodester — simple_task_allocation_system A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224743. 2023-04-02 9.8 CVE-2023-1791
MISC
MISC
MISC
sourcecodester — simple_mobile_comparison_website A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/manage_field.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224744. 2023-04-02 9.8 CVE-2023-1792
MISC
MISC
MISC
sourcecodester — police_crime_record_management_system A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability. 2023-04-02 9.8 CVE-2023-1793
MISC
MISC
MISC
otcms — otcms A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224749 was assigned to this vulnerability. 2023-04-02 9.8 CVE-2023-1797
MISC
MISC
MISC
go-fastdfs_project — go-fastdfs A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Affected by this issue is the function upload of the file /group1/uploa of the component File Upload Handler. The manipulation leads to path traversal: ‘../filedir’. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224768. 2023-04-02 9.8 CVE-2023-1800
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-oclsadminsystem_infoindex.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. 2023-04-04 9.8 CVE-2023-1826
MISC
MISC
htmlunit_project — htmlunit Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. 2023-04-03 9.8 CVE-2023-26119
MISC
MISC
MISC
dlink — go-rt-ac750_firmware D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at soapcgi.main. 2023-04-01 9.8 CVE-2023-26822
MISC
MISC
gladinet — centrestack An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without needing the previous known password, resulting in a full authentication bypass. 2023-03-31 9.8 CVE-2023-26829
MISC
myprestamodules — frequently_asked_questions_page SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. 2023-03-31 9.8 CVE-2023-26858
MISC
MISC
ibm — aspera_cargo/aspera_connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. 2023-04-02 9.8 CVE-2023-27284
MISC
MISC
ibm — aspera_cargo/aspera_connect IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248616. 2023-04-02 9.8 CVE-2023-27286
MISC
MISC
jenkins — role-based_authorization_strategy Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they’ve been disabled. 2023-04-02 9.8 CVE-2023-28668
MISC
jenkins — convert_to_pipeline Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects’ Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline step invocations, allowing attackers able to configure Freestyle projects to prepare a crafted configuration that injects Pipeline script code into the (unsandboxed) Pipeline resulting from a convertion by Jenkins Convert To Pipeline Plugin. 2023-04-02 9.8 CVE-2023-28677
MISC
202-ecommerce — paypal PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. A SQL injection vulnerability found in the PrestaShop paypal module from release from 3.12.0 to and including 3.16.3 allow a remote attacker to gain privileges, modify data, and potentially affect system availability. The cause of this issue is that SQL queries were being constructed with user input which had not been properly filtered. Only deployments on PrestaShop 1.6 are affected. Users are advised to upgrade to module version 3.16.4. There are no known workarounds for this vulnerability. 2023-03-31 9.8 CVE-2023-28843
MISC
MISC
artifex — ghostscript In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written. 2023-03-31 9.8 CVE-2023-28879
MISC
MISC
MISC
MLIST
DEBIAN
generex — cs141_firmware Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device. 2023-03-31 9.1 CVE-2022-47189
CONFIRM
CONFIRM
CONFIRM
openapi-generator — openapi_generator openapi-generator up to v6.4.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/gen/clients/{language}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 2023-03-31 9.1 CVE-2023-27162
MISC
MISC
MISC
MISC
deltaww — dx-2100l1-cn_firmware The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system (OS) from the device in the context of the user “root.” If the attacker has credentials for the web service, then the device could be fully compromised. 2023-03-31 9 CVE-2023-0432
MISC
phpmywind — phpmywind SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. 2023-04-04 8.8 CVE-2020-21060
MISC
admesh_project — admesh An improper array index validation vulnerability exists in the stl_fix_normal_directions functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-03 8.8 CVE-2022-38072
MISC
MISC
hcltech — hcl_compass HCL Compass is vulnerable to Cross-Origin Resource Sharing (CORS). This vulnerability can allow an unprivileged remote attacker to trick a legitimate user into accessing a special resource and executing a malicious request. 2023-04-02 8.8 CVE-2022-42447
MISC
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a firmware file containing a file with modified permissions, allowing him to escalate privileges. 2023-03-31 8.8 CVE-2022-47191
CONFIRM
CONFIRM
CONFIRM
generex — cs141_firmware Generex UPS CS141 below 2.06 version, could allow a remote attacker to upload a backup file containing a modified “users.json” to the web server of the device, allowing him to replace the administrator password. 2023-03-31 8.8 CVE-2022-47192
CONFIRM
CONFIRM
CONFIRM
bestwebsoft — user_role The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. 2023-04-03 8.8 CVE-2023-0820
MISC
ibos — ibos A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.5.5 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-224635. 2023-03-31 8.8 CVE-2023-1747
MISC
MISC
MISC
phpmyfaq — phpmyfaq Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 8.8 CVE-2023-1762
MISC
CONFIRM
jenkins — octoperf_load_testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. 2023-04-02 8.8 CVE-2023-28674
MISC
jenkins — convert_to_pipeline A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to remote code execution (RCE). 2023-04-02 8.8 CVE-2023-28676
MISC
panasonic — aiseg2_firmware Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. 2023-03-31 8.8 CVE-2023-28726
MISC
panasonic — aiseg2_firmware Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. 2023-03-31 8.8 CVE-2023-28727
MISC
jenkins — visual_studio_code_metrics Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28681
MISC
jenkins — performance_publisher Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28682
MISC
jenkins — phabricator_differential Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 8.2 CVE-2023-28683
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. 2023-04-01 7.8 CVE-2023-0189
MISC
gnu — binutils Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. 2023-04-03 7.8 CVE-2023-1579
MISC
linux — kernel hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. 2023-03-31 7.8 CVE-2023-28464
MISC
MISC
MISC
x-man_project — x-man X-Man 1.0 has a SQL injection vulnerability, which can cause data leakage. 2023-03-31 7.5 CVE-2022-46021
MISC
MISC
generex — cs141_firmware There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. 2023-03-31 7.5 CVE-2022-47188
CONFIRM
CONFIRM
CONFIRM
facebook — zstandard A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun. 2023-03-31 7.5 CVE-2022-4899
MISC
akuvox — e11_firmware Akuvox E11 contains a function that encrypts messages which are then forwarded. The IV vector and the key are static, and this may allow an attacker to decrypt messages. 2023-03-31 7.5 CVE-2023-0343
MISC
akuvox — e11_firmware Akuvox E11 appears to be using a custom version of dropbear SSH server. This server allows an insecure option that by default is not in the official dropbear SSH server. 2023-03-31 7.5 CVE-2023-0344
MISC
devolutions — devolutions_gateway Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system unusable. 2023-04-02 7.5 CVE-2023-1580
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page with the input php://filter/read=convert.base64-encode/resource=grade_table leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224670 is the identifier assigned to this vulnerability. 2023-03-31 7.5 CVE-2023-1769
MISC
MISC
MISC
sourcecodester — simple_task_allocation_system A vulnerability, which was classified as problematic, was found in SourceCodester Simple Task Allocation System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224724. 2023-04-01 7.5 CVE-2023-1790
MISC
MISC
MISC
cesnet — libyang libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. 2023-04-03 7.5 CVE-2023-26916
MISC
dlink — dir-882_firmware An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. A specially crafted network request can lead to the disclosure of sensitive information. 2023-03-31 7.5 CVE-2023-26925
MISC
MISC
tenda — ac6_firmware Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. 2023-04-04 7.5 CVE-2023-26976
MISC
ruoyi — ruoyi An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. 2023-04-02 7.5 CVE-2023-27025
MISC
MISC
appwrite — appwrite Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. 2023-03-31 7.5 CVE-2023-27159
MISC
MISC
MISC
MISC
MISC
jenkins — crap4j Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 7.5 CVE-2023-28680
MISC
ruby-lang — uri A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. The URI parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to URI objects. The fixed versions are 0.12.1, 0.11.1, 0.10.2 and 0.10.0.1. 2023-03-31 7.5 CVE-2023-28755
MISC
MISC
CONFIRM
MISC
ruby-lang — time A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. The Time parser mishandles invalid URLs that have specific characters. It causes an increase in execution time for parsing strings to Time objects. The fixed versions are 0.1.1 and 0.2.2. 2023-03-31 7.5 CVE-2023-28756
MISC
CONFIRM
MISC
MISC
vtex — apps-graphql The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. (apps-graphql@3.x is unaffected by this issue.) 2023-03-31 7.5 CVE-2023-28877
MISC
sophos — web_appliance A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. 2023-04-04 7.2 CVE-2022-4934
CONFIRM
wpeasycart — wp_easycart The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. 2023-04-03 7.2 CVE-2023-1124
MISC
gladinet — centrestack An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by uploading malicious files to the server. 2023-03-31 7.2 CVE-2023-26830
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0183
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0186
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. 2023-04-01 7.1 CVE-2023-0191
MISC
nvidia — data_center_gpu_manager NVIDIA DCGM for Linux contains a vulnerability in HostEngine (server component) where a user may cause a heap-based buffer overflow through the bound socket. A successful exploit of this vulnerability may lead to denial of service and data tampering. 2023-04-01 7.1 CVE-2023-0208
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
monospace — directus An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. 2023-04-04 6.5 CVE-2020-19850
MISC
devolutions — remote_desktop_manager Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry permission via id collision. 2023-04-02 6.5 CVE-2023-1202
MISC
inisev — redirection The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. 2023-04-03 6.5 CVE-2023-1330
MISC
devolutions — remote_desktop_manager Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text. 2023-04-02 6.5 CVE-2023-1574
MISC
devolutions — devolutions_server Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id collision. 2023-04-02 6.5 CVE-2023-1603
MISC
mattermost — mattermost_server When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients. 2023-03-31 6.5 CVE-2023-1775
MISC
rbaskets — request_baskets request-baskets up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /api/baskets/{name}. This vulnerability allows attackers to access network resources and sensitive information via a crafted API request. 2023-03-31 6.5 CVE-2023-27163
MISC
MISC
MISC
MISC
nextcloud — richdocuments Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app (richdocuments) is upgraded to 8.0.0-beta.1, 7.0.2 or 6.3.2. Users unable to upgrade may mitigate the issue by taking steps to restrict the ability to download documents. This includes ensuring that the `WOPI configuration` is configured to only serve documents between Nextcloud and Collabora. It is highly recommended to define the list of Collabora server IPs as the allow list within the Office admin settings of Nextcloud. 2023-03-31 6.5 CVE-2023-28645
MISC
MISC
MISC
jenkins — octoperf_load_testing Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-04-02 6.5 CVE-2023-28672
MISC
jenkins — remote-jobs-view Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. 2023-04-02 6.5 CVE-2023-28684
MISC
nextcloud — nextcloud_server Nextcloud server is an open source home cloud implementation. In affected versions users that should not be able to download a file can still download an older version and use that for uncontrolled distribution. This issue has been addressed in versions 24.0.10 and 25.0.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-03-31 6.5 CVE-2023-28844
MISC
MISC
linux — kernel A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea 2023-04-03 6.3 CVE-2023-1611
MISC
MISC
FEDORA
FEDORA
editor.md — editor.md Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script in the <iframe>src parameter. 2023-04-04 6.1 CVE-2020-19697
MISC
editor.md — editor.md Cross Site Scripting vulnerability found in Pandao Editor.md v.1.5.0 allows a remote attacker to execute arbitrary code via a crafted script to the editor parameter. 2023-04-04 6.1 CVE-2020-19698
MISC
kiftd_project — kiftd Cross Site Scripting vulnerability found in KOHGYLW Kiftd v.1.0.18 allows a remote attacker to execute arbitrary code via the <ifram> tag in the upload file page. 2023-04-04 6.1 CVE-2020-19699
MISC
MISC
kitecms — kitecms Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the comment parameter. 2023-04-04 6.1 CVE-2020-20521
MISC
kitecms — kitecms Cross Site Scripting vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the registering user parameter. 2023-04-04 6.1 CVE-2020-20522
MISC
progress — ipswitch_ws_ftp_server Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. 2023-04-03 6.1 CVE-2022-27665
MISC
MISC
ykmbilisim — ykm_crm Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in YKM YKM CRM allows Reflected XSS.This issue affects YKM CRM: before 23.03.30. 2023-03-31 6.1 CVE-2023-1060
MISC
solidres — solidres The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-03 6.1 CVE-2023-1377
MISC
akbim — panon Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Akbim Computer Panon allows Reflected XSS.This issue affects Panon: before 1.0.2. 2023-04-03 6.1 CVE-2023-1766
MISC
sourcecodester — grade_point_average_(gpa)_calculator A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Affected by this issue is the function get_scale of the file Master.php. The manipulation of the argument perc leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224672. 2023-03-31 6.1 CVE-2023-1771
MISC
MISC
MISC
sourcecodester — police_crime_record_management_system A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/casedetails.php of the component GET Parameter Handler. The manipulation of the argument id with the input “><script>alert(233)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224746 is the identifier assigned to this vulnerability. 2023-04-02 6.1 CVE-2023-1794
MISC
MISC
MISC
sourcecodester — gadget_works_online_ordering_system A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/products/index.php of the component GET Parameter Handler. The manipulation of the argument view with the input <script>alert(666)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224747. 2023-04-02 6.1 CVE-2023-1795
MISC
MISC
MISC
samba — samba The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. 2023-04-03 5.9 CVE-2023-0922
MISC
CONFIRM
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. 2023-04-01 5.5 CVE-2023-0187
MISC
nvidia — virtual_gpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. 2023-04-01 5.5 CVE-2023-0188
MISC
sophos — web_appliance A reflected XSS via POST vulnerability in report scheduler of Sophos Web Appliance versions older than 4.3.10.4 allows execution of JavaScript code in the victim browser via a malicious form that must be manually submitted by the victim while logged in to SWA. 2023-04-04 5.4 CVE-2020-36692
CONFIRM
hcltechsw — hcl_launch HCL Launch is vulnerable to HTML injection. HTML code is stored and included without being sanitized. This can lead to further attacks such as XSS and Open Redirections. 2023-04-02 5.4 CVE-2022-42452
MISC
wordpress — wordpress The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-04-03 5.4 CVE-2023-0399
MISC
proliz_obs — proliz_obs
 
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before 23.04.01. 2023-04-07 5.4 CVE-2023-1726
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 5.4 CVE-2023-1755
CONFIRM
MISC
phpmyfaq — phpmyfaq Code Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 5.4 CVE-2023-1761
MISC
CONFIRM
mattermost — mattermost_server When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter’s permission to that channel, allowing an attacker to invite themselves to a private channel. 2023-03-31 5.4 CVE-2023-1774
MISC
mattermost — mattermost_server Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. 2023-03-31 5.4 CVE-2023-1776
MISC
sourcecodester — employee_payslip_generator_system A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Affected is an unknown function of the file /classes/Master.php?f=save_position of the component Create News Handler. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224748. 2023-04-02 5.4 CVE-2023-1796
MISC
MISC
MISC
eyoucms — eyoucms A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument typename leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224750 is the identifier assigned to this vulnerability. 2023-04-02 5.4 CVE-2023-1798
MISC
MISC
MISC
eyoucms — eyoucms A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. This affects an unknown part of the file login.php. The manipulation of the argument tag_tag leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224751. 2023-04-02 5.4 CVE-2023-1799
MISC
MISC
MISC
ibm — websphere_application_server IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248416. 2023-04-02 5.4 CVE-2023-26283
MISC
MISC
jenkins — jacoco Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control input files for the ‘Record JaCoCo coverage report’ post-build action. 2023-04-02 5.4 CVE-2023-28669
MISC
jenkins — pipeline_aggregator_view Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view’s URL in inline JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. 2023-04-02 5.4 CVE-2023-28670
MISC
jenkins — cppcheck Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control report file contents. 2023-04-02 5.4 CVE-2023-28678
MISC
jenkins — mashup_portlets Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the “Generic JS Portlet” feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by authenticated attackers with Overall/Read permission. 2023-04-02 5.4 CVE-2023-28679
MISC
abb — flow-x/m_firmware Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0. 2023-03-31 5.3 CVE-2023-1258
MISC
mattermost — mattermost_server Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. 2023-03-31 5.3 CVE-2023-1777
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.8 CVE-2023-1759
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.8 CVE-2023-1760
MISC
CONFIRM
datagear — datagear A vulnerability was found in DataGear up to 4.5.1. It has been classified as problematic. This affects an unknown part of the component Diagram Type Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224673 was assigned to this vulnerability. 2023-03-31 4.8 CVE-2023-1772
MISC
MISC
MISC
dupeoff_project — dupeoff Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DupeOff.Com DupeOff plugin <= 1.6 versions. 2023-04-03 4.8 CVE-2023-26529
MISC
phpmyfaq — phpmyfaq Improper Input Validation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-03-31 4.7 CVE-2023-1754
MISC
CONFIRM
samba — samba A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory. 2023-04-03 4.3 CVE-2023-0225
MISC
CONFIRM
jenkins — octoperf_load_testing A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 2023-04-02 4.3 CVE-2023-28671
MISC
jenkins — octoperf_load_testing A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. 2023-04-02 4.3 CVE-2023-28673
MISC
jenkins — octoperf_load_testing A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. 2023-04-02 4.3 CVE-2023-28675
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
nextcloud — talk Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use this vulnerability to gain information about the members of a Talk conversation, even if they themselves are not members. It is recommended that the Nextcloud Talk is upgraded to 14.0.9 or 15.0.4. There are no known workarounds for this vulnerability. 2023-03-31 3.5 CVE-2023-28845
MISC
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordpress — wordpress A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The name of the patch is 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2013-10022
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151. 2023-04-08 not yet calculated CVE-2013-10023
MISC
MISC
MISC
MISC
wordpress — wordpress A vulnerability has been found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file exitpage.php. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. The identifier VDB-225265 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10024
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Exit Strategy Plugin 1.55 and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The name of the patch is d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2013-10025
MISC
MISC
MISC
phpminiadmin — phpminiadmin A vulnerability classified as problematic was found in phpMiniAdmin up to 1.8.120510. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.140405 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-225001 was assigned to this vulnerability. 2023-04-06 not yet calculated CVE-2014-125094
MISC
MISC
MISC
wordpress — wordpress A vulnerability was found in Broken Link Checker Plugin up to 1.10.5. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. 2023-04-08 not yet calculated CVE-2015-10098
MISC
MISC
MISC
MISC
ubuntu — linux_kernel It was discovered that aufs improperly managed inode reference counts in the vfsub_dentry_open() method. A local attacker could use this vulnerability to cause a denial of service attack. 2023-04-07 not yet calculated CVE-2020-11935
UBUNTU
UBUNTU
mm-wiki — mm-wiki Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor. 2023-04-04 not yet calculated CVE-2020-19277
MISC
mm-wiki — mm-wiki Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter. 2023-04-04 not yet calculated CVE-2020-19278
MISC
MISC
b3log_wide — b3log_wide Directory Traversal vulnerability found in B3log Wide allows an attacker to escalate privileges via symbolic links. 2023-04-04 not yet calculated CVE-2020-19279
MISC
netgate — pfsense/pfsense_suricata Directory Traversal vulnerability found in Pfsense v.2.1.3 and Pfsense Suricata v.1.4.6 pkg v.1.0.1 allows a remote attacker to obtain sensitive information via the file parameter to suricata/suricata_logs_browser.php. 2023-04-06 not yet calculated CVE-2020-19678
MISC
MISC
MISC
nginx — njs Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file. 2023-04-04 not yet calculated CVE-2020-19692
MISC
espruino — espruino An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint. 2023-04-04 not yet calculated CVE-2020-19693
MISC
nginx — njs Buffer Overflow found in Nginx NJS allows a remote attacker to execute arbitrary code via the njs_object_property parameter of the njs/njs_vm.c function. 2023-04-04 not yet calculated CVE-2020-19695
MISC
netgate —- pfsense/acme Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows attackers to execute arbitrary code via the RootFolder field of acme_certificates.php. 2023-04-04 not yet calculated CVE-2020-21487
MISC
MISC
fluent — fluentd An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escilated privlidges and execute arbitrary code due to a default password. 2023-04-04 not yet calculated CVE-2020-21514
MISC
zentao — zentao Cross Site Scripting vulnerability found in Zentao allows a remote attacker to execute arbitrary code via the lang parameter 2023-04-04 not yet calculated CVE-2020-22533
MISC
espruino — espruino Buffer Overflow vulnerability found in Espruino 2v05.41 allows an attacker to cause a denial of service via the function jsvGarbageCollectMarkUsed in file src/jsvar.c. 2023-04-04 not yet calculated CVE-2020-23257
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. 2023-04-04 not yet calculated CVE-2020-23258
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. 2023-04-04 not yet calculated CVE-2020-23259
MISC
MISC
jsish — jsish An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. 2023-04-04 not yet calculated CVE-2020-23260
MISC
MISC
zblogphp — zblogphp Cross Site Scripting vulnerability found in ZblogCN ZblogPHP v.1.0 allows a local attacker to execute arbitrary code via a crafted payload in title parameter of the module management model. 2023-04-04 not yet calculated CVE-2020-23327
MISC
zend — framework An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. 2023-04-04 not yet calculated CVE-2020-29312
MISC
MISC
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. 2023-04-06 not yet calculated CVE-2020-36071
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter. 2023-04-06 not yet calculated CVE-2020-36072
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page. 2023-04-06 not yet calculated CVE-2020-36073
MISC
tailor_management_system — tailor_management_system SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. 2023-04-06 not yet calculated CVE-2020-36074
MISC
etcd — etcd-io Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. 2023-04-04 not yet calculated CVE-2021-28235
MISC
MISC
MISC
MISC
kitecms — kitecms Permissions vulnerability found in KiteCMS allows a remote attacker to execute arbitrary code via the upload file type. 2023-04-04 not yet calculated CVE-2021-31707
MISC
kitecms — kitecms File Upload vulnerability found in KiteCMS v.1.1 allows a remote attacker to execute arbitrary code via the uploadFile function. 2023-04-04 not yet calculated CVE-2021-3267
MISC
osticket — osticket Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2. 2023-04-05 not yet calculated CVE-2022-31888
MISC
MISC
MISC
osticket — osticket Cross Site Scripting (XSS) vulnerability in audit/templates/auditlogs.tmpl.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae. 2023-04-05 not yet calculated CVE-2022-31889
MISC
MISC
osticket — osticket SQL Injection vulnerability in audit/class.audit.php in osTicket osTicket-plugins before commit a7842d494889fd5533d13deb3c6a7789768795ae via the order parameter to the getOrder function. 2023-04-05 not yet calculated CVE-2022-31890
MISC
MISC
mediatek — multiple_products In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07460390. 2023-04-06 not yet calculated CVE-2022-32599
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 11.10 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible to disclose the branch names when attacker has a fork of a project that was switched to private. 2023-04-05 not yet calculated CVE-2022-3375
MISC
CONFIRM
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. 2023-04-07 not yet calculated CVE-2022-33959
MISC
MISC
ibm — sterling_order_management IBM Sterling Order Management 10.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 229698. 2023-04-07 not yet calculated CVE-2022-34333
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A specially crafted payload could lead to a reflected XSS on the client side which allows attackers to perform arbitrary actions on behalf of victims on self-hosted instances running without strict CSP. 2023-04-05 not yet calculated CVE-2022-3513
MISC
MISC
CONFIRM
frrouting_frr-bgpd — frrouting_frr-bgpd A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. 2023-04-03 not yet calculated CVE-2022-36440
MISC
MISC
bluepage_cms — bluepage_cms BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the ‘users-cookie-settings’ token using a Time-based blind SLEEP payload. 2023-04-03 not yet calculated CVE-2022-38922
MISC
MISC
MISC
bluepage_cms — bluepage_cms BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the ‘User-Agent’ field using a Time-based blind SLEEP payload. 2023-04-03 not yet calculated CVE-2022-38923
MISC
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of the Community Dashboard Editor (CDE) plugin. 2023-04-03 not yet calculated CVE-2022-3960
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin <= 6.0.2.0 versions. 2023-04-04 not yet calculated CVE-2022-41633
MISC
supermicro — x11ssl-cf_hw Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. 2023-04-07 not yet calculated CVE-2022-43309
MISC
MISC
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A use-after-free vulnerability exists within the way Ichitaro Word Processor 2022, version 1.0.1.57600, processes protected documents. A specially crafted document can trigger reuse of freed memory, which can lead to further memory corruption and potentially result in arbitrary code execution. An attacker can provide a malicious document to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2022-43664
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow certain web services to set property values which contain Spring templates that are interpreted downstream. 2023-04-03 not yet calculated CVE-2022-43769
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x, using the Pentaho Data Access plugin exposes a service endpoint for CSV import which allows a user supplied path to access resources that are out of bounds. 2023-04-03 not yet calculated CVE-2022-43771
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.0 and 9.3.0.1, including 8.3.x with the Big Data Plugin expose the username and password of clusters in clear text into system logs. 2023-04-03 not yet calculated CVE-2022-43772
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. 2023-04-03 not yet calculated CVE-2022-43773
MISC
ibm — tririga_application_platform IBM TRIRIGA Application Platform 4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 241036. 2023-04-07 not yet calculated CVE-2022-43914
MISC
MISC
ibm — toolbox_for_java The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. 2023-04-07 not yet calculated CVE-2022-43928
MISC
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x cannot allow a system administrator to disable scripting capabilities of Pentaho Reports (*.prpt) through the JVM script manager. 2023-04-03 not yet calculated CVE-2022-43938
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. 2023-04-03 not yet calculated CVE-2022-43939
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service. 2023-04-03 not yet calculated CVE-2022-43940
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly protect the Post Analysis service endpoint of the data access plugin against out-of-band XML External Entity Reference. 2023-04-03 not yet calculated CVE-2022-43941
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2022-45115
MISC
MISC
arm_developer — mali_gpu_kernel_driver An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU memory processing operations to access a limited amount outside of buffer bounds. This affects Valhall r29p0 through r41p0 before r42p0 and Avalon r41p0 before r42p0. 2023-04-06 not yet calculated CVE-2022-46781
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions. 2023-04-06 not yet calculated CVE-2022-46793
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name. 2023-04-03 not yet calculated CVE-2022-4769
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report (*.prpt). 2023-04-03 not yet calculated CVE-2022-4770
MISC
hitachi — vantara_pentaho_business_analytics_server Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x allow a malicious URL to inject content into the Pentaho User Console through session variables. 2023-04-03 not yet calculated CVE-2022-4771
MISC
redgate — sql_monitor A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter. 2023-04-04 not yet calculated CVE-2022-47870
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. Multiple MSI’s get executed out of a standard-user writable directory. Through a race condition and OpLock manipulation, these files can be overwritten by a standard user. They then get executed by the elevated installer. This gives a standard user full SYSTEM code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48221
MISC
MISC
acuant — acufill_sdk
 
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48222
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. 2023-04-04 not yet calculated CVE-2022-48223
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). 2023-04-04 not yet calculated CVE-2022-48224
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. 2023-04-04 not yet calculated CVE-2022-48225
MISC
MISC
acuant — acufill_sdk An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:WindowsTemp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation. 2023-04-04 not yet calculated CVE-2022-48226
MISC
MISC
acuant — assureid_sentinel An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. 2023-04-04 not yet calculated CVE-2022-48227
MISC
MISC
acuant — assureid_sentinel An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It uses the root of the C: drive for the i-Dentify and Sentinel Installer log files, aka CORE-7362. 2023-04-04 not yet calculated CVE-2022-48228
MISC
MISC
jetbrains — phpstorm In JetBrains PhpStorm before 2023.1 source code could be logged in the local idea.log file 2023-04-04 not yet calculated CVE-2022-48435
MISC
wordpress — wordpress The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and privilege escalation (via the wp_ajax_wcfm_vendor_store_online AJAX action). 2023-04-05 not yet calculated CVE-2022-4935
MISC
MISC
wordpress — wordpress The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping method details, modifying products, deleting arbitrary posts, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2022-4936
MISC
MISC
wordpress — wordpress The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected. 2023-04-05 not yet calculated CVE-2022-4937
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. There were hundreds of AJAX endpoints affected. 2023-04-05 not yet calculated CVE-2022-4938
MISC
MISC
wordpress — wordpress THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller AJAX action that controls membership settings. This makes it possible for unauthenticated attackers to modify the membership registration form in a way that allows them to set the role for registration to that of any user including administrators. Once configured, the attacker can then register as an administrator. 2023-04-05 not yet calculated CVE-2022-4939
MISC
MISC
wordpress — wordpress The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more. 2023-04-05 not yet calculated CVE-2022-4940
MISC
MISC
MISC
MISC
wordpress — wordpress The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership details, changing renewal information, controlling membership approvals, and more, via a forged request granted they can trick a site’s administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2022-4941
MISC
MISC
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. 2023-04-01 not yet calculated CVE-2023-0180
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. 2023-04-01 not yet calculated CVE-2023-0181
MISC
nvidia — vgpu
 
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an out-of-bounds write can lead to denial of service, information disclosure, and data tampering. 2023-04-01 not yet calculated CVE-2023-0182
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. 2023-04-01 not yet calculated CVE-2023-0185
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer handler, where improper privilege management can lead to escalation of privileges and information disclosure. 2023-04-01 not yet calculated CVE-2023-0192
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. 2023-04-01 not yet calculated CVE-2023-0194
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284, which may lead to hypothetical Information leak of unimportant data such as local variable data of the driver 2023-04-01 not yet calculated CVE-2023-0195
MISC
nvidia — vgpu NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious user in a guest VM can cause a NULL-pointer dereference, which may lead to denial of service. 2023-04-01 not yet calculated CVE-2023-0197
MISC
nvidia — vgpu NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. 2023-04-01 not yet calculated CVE-2023-0198
MISC
uvdesk — uvdesk Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. This is possible because the application does not properly validate profile pictures uploaded by customers. 2023-04-04 not yet calculated CVE-2023-0265
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1, allowing to read environment names supposed to be restricted to project memebers only. 2023-04-05 not yet calculated CVE-2023-0319
MISC
CONFIRM
MISC
uvdesk — uvdesk Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket. 2023-04-04 not yet calculated CVE-2023-0325
MISC
MISC
helpy — helpy Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. This is possible because the application does not correctly validate the attachments sent by customers in the ticket. 2023-04-04 not yet calculated CVE-2023-0357
MISC
MISC
m-files — server User-controlled operations could have allowed Denial of Service in M-Files Server before 23.4.12528.1 due to uncontrolled memory consumption. 2023-04-05 not yet calculated CVE-2023-0382
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. It was possible to add a branch with an ambiguous name that could be used to social engineer users. 2023-04-05 not yet calculated CVE-2023-0450
MISC
MISC
CONFIRM
vitalpbx — vitalpbx VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator’s account. This is possible because the application is vulnerable to CSRF. 2023-04-04 not yet calculated CVE-2023-0480
MISC
MISC
vitalpbx — vitalpbx VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance’s administrator account via a malicious link. This is possible because the application is vulnerable to XSS. 2023-04-04 not yet calculated CVE-2023-0486
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.6 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. An XSS was possible via a malicious email address for certain instances. 2023-04-05 not yet calculated CVE-2023-0523
MISC
CONFIRM
MISC
abb — my_control_system Insecure Storage of Sensitive Information vulnerability in ABB My Control System (on-premise) allows an attacker who successfully exploited this vulnerability to gain access to the secure application data or take control of the application. Of the services that make up the My Control System (on-premise) application, the following ones are affected by this vulnerability: User Interface System Monitoring1 Asset Inventory This issue affects My Control System (on-premise): from 5.0;0 through 5.13. 2023-04-06 not yet calculated CVE-2023-0580
MISC
samba — ad_dc The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC. 2023-04-03 not yet calculated CVE-2023-0614
MISC
CONFIRM
cloudflare — warp Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. 2023-04-06 not yet calculated CVE-2023-0652
MISC
MISC
MISC
ulearn — ulearn Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. This occurs because the application does not validate that the uploaded image is actually an image. 2023-04-05 not yet calculated CVE-2023-0670
MISC
orangescrum — orangescrum OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. 2023-04-04 not yet calculated CVE-2023-0738
MISC
MISC
lynx_technik_ag — yellobrik Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : – Change the password, resulting in a DOS of the users – Change the streaming source, compromising the integrity of the stream – Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued. 2023-04-06 not yet calculated CVE-2023-0750
MISC
markdown-pdf — markdown-pdf markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user. 2023-04-04 not yet calculated CVE-2023-0835
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. A maintainer could modify a webhook URL to leak masked webhook secrets by adding a new parameter to the url. This addresses an incomplete fix for CVE-2022-4342. 2023-04-05 not yet calculated CVE-2023-0838
CONFIRM
MISC
MISC
xml2js– xml2js xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the __proto__ property to be edited. 2023-04-05 not yet calculated CVE-2023-0842
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain actions that can be performed by the user. 2023-04-05 not yet calculated CVE-2023-0944
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF. 2023-04-05 not yet calculated CVE-2023-0959
MISC
MISC
bhima — bhima Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. This is possible because the application is vulnerable to IDOR, it does not properly validate user permissions with respect to certain actions the user can perform. 2023-04-05 not yet calculated CVE-2023-0967
MISC
MISC
trellix — agent_for_windows A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be executed. This allows the user to elevate their permissions. 2023-04-03 not yet calculated CVE-2023-0975
MISC
trellix — agent A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the service becoming unavailable. 2023-04-03 not yet calculated CVE-2023-0977
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic. 2023-04-05 not yet calculated CVE-2023-1071
CONFIRM
MISC
gitlab — gitlab An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 will allow an admin to leak password from repository mirror configuration. 2023-04-05 not yet calculated CVE-2023-1098
MISC
CONFIRM
MISC
gitlab — gitlab Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. 2023-04-05 not yet calculated CVE-2023-1167
CONFIRM
MISC
cloudflare — warp An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:WindowsInstaller. The vulnerability lies in the repair function of this MSI. ImpactAn unprivileged (non-admin) user can exploit this vulnerability to perform privileged operations with SYSTEM context, including deleting arbitrary files and reading arbitrary file content. This can lead to a variety of attacks, including the manipulation of system files and privilege escalation. PatchesA new installer with a fix that addresses this vulnerability was released in version 2023.3.381.0. While the WARP Client itself is not vulnerable (only the installer), users are encouraged to upgrade to the latest version and delete any older installers present in their systems. 2023-04-05 not yet calculated CVE-2023-1412
MISC
MISC
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible for an unauthorised user to add child epics linked to victim’s epic in an unrelated group. 2023-04-05 not yet calculated CVE-2023-1417
MISC
CONFIRM
MISC
genetec – security_center SQL Injection in the Hardware Inventory report of Security Center 5.11.2. 2023-04-05 not yet calculated CVE-2023-1522
MISC
linux — kernel A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. This issue may allow a local attacker with user privilege to cause a denial of service. 2023-04-05 not yet calculated CVE-2023-1582
MISC
sophos — web_appliance A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. 2023-04-04 not yet calculated CVE-2023-1671
CONFIRM
gitlab — gitlab An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim machine. 2023-04-05 not yet calculated CVE-2023-1708
CONFIRM
MISC
MISC
gitlab — gitlab A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue. 2023-04-05 not yet calculated CVE-2023-1710
MISC
MISC
CONFIRM
gitlab — gitlab A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. 2023-04-05 not yet calculated CVE-2023-1733
MISC
MISC
CONFIRM
nexx — multiple_products The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server (MQTT) server and the ability to remotely control garage doors or smart plugs for any customer. 2023-04-04 not yet calculated CVE-2023-1748
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could send API requests that the affected devices would execute. 2023-04-04 not yet calculated CVE-2023-1749
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. An attacker with a valid NexxHome deviceId could retrieve device history, set device settings, and retrieve device information. 2023-04-04 not yet calculated CVE-2023-1750
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId. 2023-04-04 not yet calculated CVE-2023-1751
MISC
nexx — multiple_products The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. 2023-04-04 not yet calculated CVE-2023-1752
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1756
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1757
MISC
CONFIRM
phpmyfaq — phpmyfaq Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1758
MISC
CONFIRM
tribe29 — checkmk Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and transmit the data in plaintext in certain configurations. 2023-04-04 not yet calculated CVE-2023-1768
MISC
hashicorp — multiple_products HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3. 2023-04-05 not yet calculated CVE-2023-1782
MISC
gitlab — gitlab An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. A search timeout could be triggered if a specific HTML payload was used in the issue description. 2023-04-05 not yet calculated CVE-2023-1787
MISC
CONFIRM
firefly-iii — firefly-iii Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. 2023-04-05 not yet calculated CVE-2023-1788
CONFIRM
MISC
the_tcpdump_group — tcpdump The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. 2023-04-07 not yet calculated CVE-2023-1801
MISC
MISC
docker — docker_desktop In Docker Desktop 4.17.x the Artifactory Integration falls back to sending registry credentials over plain HTTP if the HTTPS health check has failed. A targeted network sniffing attack can lead to a disclosure of sensitive information. Only users who have Access Experimental Features enabled and have logged in to a private registry are affected. 2023-04-06 not yet calculated CVE-2023-1802
MISC
MISC
google — chrome Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-04-04 not yet calculated CVE-2023-1810
MISC
MISC
MISC
google — chrome Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-04-04 not yet calculated CVE-2023-1811
MISC
MISC
MISC
google — chrome Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1812
MISC
MISC
MISC
google — chrome Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1813
MISC
MISC
MISC
google — chrome Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1814
MISC
MISC
MISC
google — chrome Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1815
MISC
MISC
MISC
google — chrome Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1816
MISC
MISC
MISC
google — chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1817
MISC
MISC
MISC
google — chrome Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1818
MISC
MISC
MISC
google — chrome Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1819
MISC
MISC
MISC
google — chrome Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-04-04 not yet calculated CVE-2023-1820
MISC
MISC
MISC
google — chrome Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1821
MISC
MISC
MISC
google — chrome Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1822
MISC
MISC
MISC
google — chrome Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) 2023-04-04 not yet calculated CVE-2023-1823
MISC
MISC
MISC
sourcecodester — centralized_covid_vaccination_records_system A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. This vulnerability affects unknown code of the file /vaccinated/admin/maintenance/manage_location.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224842 is the identifier assigned to this vulnerability. 2023-04-04 not yet calculated CVE-2023-1827
MISC
MISC
MISC
linux — kernel A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. This flaw could allow a local attacker to crash the system, and could even lead to a kernel information leak problem. 2023-04-05 not yet calculated CVE-2023-1838
MISC
wordpress — wordpress The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-04 not yet calculated CVE-2023-1840
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_row.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224985 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1845
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/deduction_row.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-224986 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1846
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical. This issue affects some unknown processing of the file attendance.php. The manipulation of the argument employee leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224987. 2023-04-05 not yet calculated CVE-2023-1847
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/attendance_row.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224988. 2023-04-05 not yet calculated CVE-2023-1848
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cashadvance_row.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224989 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1849
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability was found in SourceCodester Online Payroll System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-224990 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1850
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. This affects an unknown part of the file /admin/employee_add.php. The manipulation of the argument of leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224991. 2023-04-05 not yet calculated CVE-2023-1851
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. This vulnerability affects unknown code of the file /admin/deduction_edit.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-224992. 2023-04-05 not yet calculated CVE-2023-1852
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0. This issue affects some unknown processing of the file /admin/employee_edit.php. The manipulation of the argument of leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224993 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1853
MISC
MISC
MISC
sourcecodester — online_payroll_system A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Affected is an unknown function of the file admin/. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-224994 is the identifier assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1854
MISC
MISC
MISC
linux — kernel A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. 2023-04-05 not yet calculated CVE-2023-1855
MISC
sourcecodester — air_cargo_management_system A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/transactions/track_shipment.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224995. 2023-04-05 not yet calculated CVE-2023-1856
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996. 2023-04-05 not yet calculated CVE-2023-1857
MISC
MISC
MISC
sourcecodester — earnings_and_expense_tracker_app A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. It has been classified as problematic. This affects an unknown part of the file index.php. The manipulation of the argument page leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-224997 was assigned to this vulnerability. 2023-04-05 not yet calculated CVE-2023-1858
MISC
MISC
keysight — ixia_hawkeye A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. It has been declared as problematic. This vulnerability affects unknown code of the file /licenses. The manipulation of the argument view with the input teste”><script>alert(%27c4ng4c3ir0%27)</script> leads to cross site scripting. The attack can be initiated remotely. VDB-224998 is the identifier assigned to this vulnerability. NOTE: Vendor did not respond if and how they may handle this issue. 2023-04-05 not yet calculated CVE-2023-1860
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when resetting plugin settings via the yrc_nuke GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to delete YouTube channels from the plugin. 2023-04-05 not yet calculated CVE-2023-1865
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin’s channel settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1866
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin’s settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1867
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check when clearing the plugin cache via the yrc_clear_cache GET parameter in versions up to, and including, 1.2.3. This makes it possible for unauthenticated attackers to clear the plugin’s cache. 2023-04-05 not yet calculated CVE-2023-1868
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrative-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-05 not yet calculated CVE-2023-1869
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the saveLang function. This makes it possible for unauthenticated attackers to change the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1870
MISC
MISC
MISC
wordpress — wordpress The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the deleteLang function. This makes it possible for unauthenticated attackers to reset the plugin’s quick language translation settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-05 not yet calculated CVE-2023-1871
MISC
MISC
MISC
microweber — microweber Deserialization of Untrusted Data in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1876
CONFIRM
MISC
microweber — microweber Command Injection in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1877
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1878
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1879
CONFIRM
MISC
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1880
CONFIRM
MISC
microweber — microweber Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.3.3. 2023-04-05 not yet calculated CVE-2023-1881
CONFIRM
MISC
phpmyfaq — phpmyfaq
 
Cross-site Scripting (XSS) – DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1882
MISC
CONFIRM
phpmyfaq — phpmyfaq Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1883
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1884
MISC
CONFIRM
phpmyfaq — phpmyfaq Cross-site Scripting (XSS) – Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1885
MISC
CONFIRM
phpmyfaq — phpmyfaq Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1886
CONFIRM
MISC
phpmyfaq — phpmyfaq Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. 2023-04-05 not yet calculated CVE-2023-1887
MISC
CONFIRM
sourcecodester — simple_mobile_comparison_website A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability. 2023-04-06 not yet calculated CVE-2023-1908
MISC
MISC
MISC
phpgugurukul — bp_monitoring_management_system A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file profile.php of the component User Profile Update Handler. The manipulation of the argument name/mobno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225318 is the identifier assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1909
MISC
MISC
MISC
wordpress — wordpress The Limit Login Attempts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lock logging feature in versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrator accesses the plugin’s settings page. This only works when the plugin prioritizes use of the X-FORWARDED-FOR header, which can be configured in its settings. 2023-04-06 not yet calculated CVE-2023-1912
MISC
MISC
wordpress — wordpress The Maps Widget for Google Maps for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in versions up to, and including, 4.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. 2023-04-06 not yet calculated CVE-2023-1913
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1918
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1919
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_purgecache_varnish_callback function. This makes it possible for unauthenticated attackers to purge the varnish cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1920
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1921
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_pause_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1922
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_remove_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1923
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_toolbar_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1924
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1925
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1926
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-04-06 not yet calculated CVE-2023-1927
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_preload_single_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to initiate cache creation. 2023-04-06 not yet calculated CVE-2023-1928
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the wpfc_purgecache_varnish_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to purge the varnish cache. 2023-04-06 not yet calculated CVE-2023-1929
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data deletion due to a missing capability check on the wpfc_clear_cache_of_allsites_callback function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to delete caches. 2023-04-06 not yet calculated CVE-2023-1930
MISC
MISC
wordpress — wordpress The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the deleteCssAndJsCacheToolbar function in versions up to, and including, 1.1.2. This makes it possible for authenticated attackers with subscriber-level access to perform cache deletion. 2023-04-06 not yet calculated CVE-2023-1931
MISC
MISC
my-blog — my-blog A vulnerability, which was classified as problematic, was found in zhenfeng13 My-Blog. Affected is an unknown function of the file /admin/configurations/userInfo. The manipulation of the argument yourAvatar/yourName/yourEmail leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-225264. 2023-04-07 not yet calculated CVE-2023-1937
MISC
MISC
MISC
sourcecodester — simple_and_beautiful_shopping_cart_system A vulnerability classified as critical was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This vulnerability affects unknown code of the file delete_user_query.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225316. 2023-04-07 not yet calculated CVE-2023-1940
MISC
MISC
MISC
sourcecodester — simple_and_beautiful_shopping_cart_system A vulnerability, which was classified as critical, has been found in SourceCodester Simple and Beautiful Shopping Cart System 1.0. This issue affects some unknown processing of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225317 was assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1941
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. 2023-04-07 not yet calculated CVE-2023-1942
MISC
MISC
MISC
sourcecodester — survey_application_system A vulnerability was found in SourceCodester Survey Application System 1.0 and classified as problematic. This issue affects some unknown processing of the component Add New Handler. The manipulation of the argument Title with the input <script>prompt(document.domain)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225329 was assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1946
MISC
MISC
taocms — taocms A vulnerability was found in taoCMS 3.0.2. It has been classified as critical. Affected is an unknown function of the file /admin/admin.php. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225330 is the identifier assigned to this vulnerability. 2023-04-07 not yet calculated CVE-2023-1947
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability, which was classified as problematic, has been found in PHPGurukul BP Monitoring Management System 1.0. This issue affects some unknown processing of the file add-family-member.php of the component Add New Family Member Handler. The manipulation of the argument Member Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225335. 2023-04-08 not yet calculated CVE-2023-1948
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability, which was classified as critical, was found in PHPGurukul BP Monitoring Management System 1.0. Affected is an unknown function of the file change-password.php of the component Change Password Handler. The manipulation of the argument password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225336. 2023-04-08 not yet calculated CVE-2023-1949
MISC
MISC
MISC
phpgurukul — bp_monitoring_management_system A vulnerability has been found in PHPGurukul BP Monitoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file password-recovery.php of the component Password Recovery. The manipulation of the argument emailid/contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225337 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1950
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1951
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. 2023-04-08 not yet calculated CVE-2023-1952
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. 2023-04-08 not yet calculated CVE-2023-1953
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1954
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1955
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. 2023-04-08 not yet calculated CVE-2023-1956
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. 2023-04-08 not yet calculated CVE-2023-1957
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1958
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. 2023-04-08 not yet calculated CVE-2023-1959
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. 2023-04-08 not yet calculated CVE-2023-1960
MISC
MISC
MISC
sourcecodester — online_computer_and_laptop_store A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. 2023-04-08 not yet calculated CVE-2023-1961
MISC
MISC
MISC
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20021
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20022
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20023
CISCO
cisco — identity_services_engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side request forgery (SSRF) attack through an affected device, or negatively impact the responsiveness of the web-based management interface itself. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of confidential information. A successful exploit could also cause the web application to perform arbitrary HTTP requests on behalf of the attacker or consume memory resources to reduce the availability of the web-based management interface. To successfully exploit this vulnerability, an attacker would need valid Super Admin or Policy Admin credentials. 2023-04-05 not yet calculated CVE-2023-20030
CISCO
cisco — packet_data_network_gateway A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec connection. This vulnerability is due to the VPP improperly handling a malformed packet. An attacker could exploit this vulnerability by sending a malformed Encapsulating Security Payload (ESP) packet over an IPsec connection. A successful exploit could allow the attacker to stop ICMP traffic over an IPsec connection and cause a denial of service (DoS). 2023-04-05 not yet calculated CVE-2023-20051
CISCO
cisco — prime_infrastructure_software A vulnerability in the web-based management interface of Cisco Prime Infrastructure Software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the web-based management interface on an affected device to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. 2023-04-05 not yet calculated CVE-2023-20068
CISCO
cisco — small_business_routers A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device. 2023-04-05 not yet calculated CVE-2023-20073
CISCO
cisco — unified_contact_center_express A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. This vulnerability is due to insufficient input validation of user-supplied data. An attacker could exploit this vulnerability by entering crafted text into various input fields within the web-based management interface. A successful exploit could allow the attacker to perform a stored XSS attack, which could allow the execution of scripts within the context of other users of the interface. 2023-04-05 not yet calculated CVE-2023-20096
CISCO
cisco — secure_network_analytics A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into system memory. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system as the administrator user. 2023-04-05 not yet calculated CVE-2023-20102
CISCO
cisco — secure_network_analytics A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. This vulnerability is due to insufficient validation of user input to the web interface. An attacker could exploit this vulnerability by uploading a crafted file to an affected device. A successful exploit could allow the attacker to execute code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. 2023-04-05 not yet calculated CVE-2023-20103
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20117
CISCO
cisco — multiple_products Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20121
CISCO
cisco — multiple_products Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an authenticated, local attacker to escape the restricted shell and gain root privileges on the underlying operating system. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20122
CISCO
cisco — duo_two-factor_authentication A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to replay valid user session credentials and gain unauthorized access to an affected macOS or Windows device. This vulnerability exists because session credentials do not properly expire. An attacker could exploit this vulnerability by replaying previously used multifactor authentication (MFA) codes to bypass MFA protection. A successful exploit could allow the attacker to gain unauthorized access to the affected device. 2023-04-05 not yet calculated CVE-2023-20123
CISCO
cisco — small_business_routers A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not released software updates that address this vulnerability. 2023-04-05 not yet calculated CVE-2023-20124
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20127
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands as the root user on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. Cisco has not released software updates to address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20128
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20129
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20130
CISCO
cisco — multiple_products Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged information and conduct cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20131
CISCO
cisco — webex_meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20132
CISCO
cisco — webex_meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as recordings. For more information about these vulnerabilities, see the Details section of this advisory. 2023-04-05 not yet calculated CVE-2023-20134
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20137
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20138
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20139
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20140
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20141
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20142
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20143
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20144
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20145
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20146
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20147
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20148
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20149
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20150
CISCO
cisco — small_business_routers Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. 2023-04-05 not yet calculated CVE-2023-20151
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20152
CISCO
cisco — identity_services_engine Multiple vulnerabilities in specific Cisco Identity Services Engine (ISE) CLI commands could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid Administrator privileges on the affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. 2023-04-05 not yet calculated CVE-2023-20153
CISCO
amd — multiple_products Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. 2023-04-02 not yet calculated CVE-2023-20558
MISC
amd — multiple_products Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. 2023-04-02 not yet calculated CVE-2023-20559
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589135. 2023-04-06 not yet calculated CVE-2023-20652
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144. 2023-04-06 not yet calculated CVE-2023-20653
MISC
mediatek — keyinstall In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148. 2023-04-06 not yet calculated CVE-2023-20654
MISC
mediatek — mmsdk In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. 2023-04-06 not yet calculated CVE-2023-20655
MISC
mediatek — geniezone In geniezone, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571494; Issue ID: ALPS07571494. 2023-04-06 not yet calculated CVE-2023-20656
MISC
mediatek — mtee In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485. 2023-04-06 not yet calculated CVE-2023-20657
MISC
mediatek — isp In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396. 2023-04-06 not yet calculated CVE-2023-20658
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588413. 2023-04-06 not yet calculated CVE-2023-20659
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588383; Issue ID: ALPS07588383. 2023-04-06 not yet calculated CVE-2023-20660
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560782; Issue ID: ALPS07560782. 2023-04-06 not yet calculated CVE-2023-20661
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560765; Issue ID: ALPS07560765. 2023-04-06 not yet calculated CVE-2023-20662
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560741; Issue ID: ALPS07560741. 2023-04-06 not yet calculated CVE-2023-20663
MISC
mediatek — gz In gz, there is a possible double free due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07505952; Issue ID: ALPS07505952. 2023-04-06 not yet calculated CVE-2023-20664
MISC
mediatek — ril In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604. 2023-04-06 not yet calculated CVE-2023-20665
MISC
mediatek — display_drm In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310651; Issue ID: ALPS07292173. 2023-04-06 not yet calculated CVE-2023-20666
MISC
mediatek — audio In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648710; Issue ID: ALPS07648710. 2023-04-06 not yet calculated CVE-2023-20670
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588552. 2023-04-06 not yet calculated CVE-2023-20674
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07588569. 2023-04-06 not yet calculated CVE-2023-20675
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518. 2023-04-06 not yet calculated CVE-2023-20676
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436. 2023-04-06 not yet calculated CVE-2023-20677
MISC
mediatek — wlan In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588453. 2023-04-06 not yet calculated CVE-2023-20679
MISC
mediatek — adsp In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785. 2023-04-06 not yet calculated CVE-2023-20680
MISC
mediatek — adsp In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134. 2023-04-06 not yet calculated CVE-2023-20681
MISC
mediatek — wlan In wlan, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441605; Issue ID: ALPS07441605. 2023-04-06 not yet calculated CVE-2023-20682
MISC
mediatek — vdec In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069. 2023-04-06 not yet calculated CVE-2023-20684
MISC
mediatek — vdec In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575. 2023-04-06 not yet calculated CVE-2023-20685
MISC
mediatek — display_drm In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570826; Issue ID: ALPS07570826. 2023-04-06 not yet calculated CVE-2023-20686
MISC
mediatek — display_drm In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772. 2023-04-06 not yet calculated CVE-2023-20687
MISC
mediatek — power In power, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07441821; Issue ID: ALPS07441821. 2023-04-06 not yet calculated CVE-2023-20688
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to an attempt to free a stack pointer, which causes memory corruption. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-05 not yet calculated CVE-2023-22291
MISC
MISC
cisco_talos_intelligence_group — ichitaro_word_processor_2022 A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. A specially crafted document can cause a buffer overflow, leading to memory corruption, which can result in arbitrary code execution.To trigger this vulnerability, the victim would need to open a malicious, attacker-created document. 2023-04-05 not yet calculated CVE-2023-22660
MISC
MISC
sourcecodester — simple_guestbook_management_system Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments. 2023-04-06 not yet calculated CVE-2023-22985
MISC
MISC
sato – cl4nx_plus_printer An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute commands intended only for valid/authenticated users, such as file uploads and configuration changes. 2023-03-31 not yet calculated CVE-2023-23594
MISC
MISC
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in RadiusTheme Portfolio – WordPress Portfolio plugin <= 2.8.10 versions. 2023-04-04 not yet calculated CVE-2023-23685
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.2 versions. 2023-04-04 not yet calculated CVE-2023-23686
MISC
github — enterprise_server An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed an unauthorized actor to modify other users’ secret gists by authenticating through an SSH certificate authority. To do so, a user had to know the secret gist’s URL. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 not yet calculated CVE-2023-23761
MISC
MISC
MISC
MISC
MISC
github — enterprise_server An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff. To do so, an attacker would need write access to the repository and be able to correctly guess the target branch before it’s created by the code maintainer. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.9 and was fixed in versions 3.4.18, 3.5.15, 3.6.11, 3.7.8, and 3.8.1. This vulnerability was reported via the GitHub Bug Bounty program. 2023-04-07 not yet calculated CVE-2023-23762
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Leonardo Giacone Easy Panorama plugin <= 1.1.4 versions. 2023-04-07 not yet calculated CVE-2023-23799
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions. 2023-04-06 not yet calculated CVE-2023-23801
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Alan Jackson Multi-column Tag Map plugin <= 17.0.24 versions. 2023-04-06 not yet calculated CVE-2023-23815
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcin Pietrzak Interactive Polish Map plugin <= 1.2 versions. 2023-04-04 not yet calculated CVE-2023-23821
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 versions. 2023-04-04 not yet calculated CVE-2023-23870
MISC
wordpress — wordpress Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS plugin <= 4.3.9 versions. 2023-04-04 not yet calculated CVE-2023-23878
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Contact Form plugin <= 8.0.3.1 versions. 2023-04-07 not yet calculated CVE-2023-23885
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated. 2023-04-06 not yet calculated CVE-2023-23891
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions. 2023-04-06 not yet calculated CVE-2023-23898
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CodePeople WP Time Slots Booking Form plugin <= 1.1.81 versions. 2023-04-06 not yet calculated CVE-2023-23971
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Smplug-in Social Like Box and Page by WpDevArt plugin <= 0.8.39 versions. 2023-04-06 not yet calculated CVE-2023-23972
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Team Heateor WordPress Social Comments Plugin for Vkontakte Comments and Disqus Comments plugin <= 1.6.1 versions. 2023-04-04 not yet calculated CVE-2023-23977
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 versions. 2023-04-06 not yet calculated CVE-2023-23979
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MailOptin Popup Builder Team MailOptin plugin <= 1.2.54.0 versions. 2023-04-06 not yet calculated CVE-2023-23980
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in QuantumCloud Conversational Forms for ChatBot plugin <= 1.1.6 versions. 2023-04-06 not yet calculated CVE-2023-23981
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGear.Pro WPFrom Email plugin <= 1.8.8 versions. 2023-04-06 not yet calculated CVE-2023-23982
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPEverest User Registration plugin <= 2.3.0 versions. 2023-04-06 not yet calculated CVE-2023-23987
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcel Bootsman Auto Hide Admin Bar plugin <= 1.6.1 versions. 2023-04-07 not yet calculated CVE-2023-23994
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.3 versions. 2023-04-06 not yet calculated CVE-2023-23996
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikRentCar Car Rental Management System plugin <= 1.3.0 versions. 2023-04-06 not yet calculated CVE-2023-23998
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yannick Lefebvre Modal Dialog plugin <= 3.5.9 versions. 2023-04-06 not yet calculated CVE-2023-24001
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart YouTube Embed, Playlist and Popup by WpDevArt plugin <= 2.6.3 versions. 2023-04-06 not yet calculated CVE-2023-24002
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Timersys WP Popups – WordPress Popup plugin <= 2.1.4.8 versions. 2023-04-06 not yet calculated CVE-2023-24003
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Image and Video Lightbox, Image PopUp plugin <= 2.1.5 versions. 2023-04-06 not yet calculated CVE-2023-24004
MISC
wordpress — wordpress Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Link Software LLC WP Terms Popup plugin <= 2.6.0 versions. 2023-04-06 not yet calculated CVE-2023-24006
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions. 2023-04-06 not yet calculated CVE-2023-24374
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Codeat Glossary plugin <= 2.1.27 versions. 2023-04-06 not yet calculated CVE-2023-24378
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions. 2023-04-06 not yet calculated CVE-2023-24383
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions. 2023-04-06 not yet calculated CVE-2023-24387
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions. 2023-04-06 not yet calculated CVE-2023-24396
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Snap Creek Software EZP Coming Soon Page plugin <= 1.0.7.3 versions. 2023-04-07 not yet calculated CVE-2023-24398
MISC
wordpress — wordpress Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Veribo, Roland Murg WP Booking System – Booking Calendar plugin <= 2.0.18 versions. 2023-04-07 not yet calculated CVE-2023-24402
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP For The Win bbPress Voting plugin <= 2.1.11.0 versions. 2023-04-06 not yet calculated CVE-2023-24403
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions. 2023-04-06 not yet calculated CVE-2023-24411
MISC
go — go HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers. 2023-04-06 not yet calculated CVE-2023-24534
MISC
MISC
MISC
MISC
go — go Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=. 2023-04-06 not yet calculated CVE-2023-24536
MISC
MISC
MISC
MISC
MISC
MISC
go — go Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. 2023-04-06 not yet calculated CVE-2023-24537
MISC
MISC
MISC
MISC
go — go Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. “var a = {{.}}”), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution. 2023-04-06 not yet calculated CVE-2023-24538
MISC
MISC
MISC
MISC
gnu_screen — gnu_screen socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal to any PID, causing a denial of service or disruption of the target process. 2023-04-08 not yet calculated CVE-2023-24626
CONFIRM
MISC
MISC
readium_js — readium_js An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. 2023-04-05 not yet calculated CVE-2023-24720
MISC
sas — sasadmin A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the user creation and editing form fields. The product name is SAS Web Administration interface (SASAdmin). For the product release, the reported version is 9.4_M2 and the fixed version is 9.4_M3. For the SAS release, the reported version is 9.4 TS1M2 and the fixed version is 9.4 TS1M3. 2023-04-03 not yet calculated CVE-2023-24724
MISC
MISC
CONFIRM
jfinal_cms — jfinal_cms Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. 2023-04-05 not yet calculated CVE-2023-24747
MISC
d_link — dir878_dir_878_fw120b05 D-Link DIR882 DIR882A1_FW110B02 was discovered to contain a stack overflow in the sub_48AC20 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24797
MISC
MISC
d_link — dir878_dir_878_fw120b05 D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_475FB0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24798
MISC
MISC
d_link — dir878_dir_878_fw120b05
 
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_48AF78 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24799
MISC
MISC
d_link — dir878_dir_878_fw120b05
 
D-Link DIR878 DIR_878_FW120B05 was discovered to contain a stack overflow in the sub_495220 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-24800
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. 2023-04-07 not yet calculated CVE-2023-25020
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Watu Quiz plugin <= 3.3.8 versions. 2023-04-07 not yet calculated CVE-2023-25022
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saleswonder.Biz Webinar ignition plugin <= 2.14.2 versions. 2023-04-07 not yet calculated CVE-2023-25023
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Icegram Icegram Collect plugin <= 1.3.8 versions. 2023-04-07 not yet calculated CVE-2023-25024
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Chained Quiz plugin <= 1.3.2.5 versions. 2023-04-07 not yet calculated CVE-2023-25027
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1 versions. 2023-04-07 not yet calculated CVE-2023-25031
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions. 2023-04-07 not yet calculated CVE-2023-25041
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.2 versions. 2023-04-07 not yet calculated CVE-2023-25046
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.4 versions. 2023-04-07 not yet calculated CVE-2023-25049
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in avalex GmbH avalex – Automatically secure legal texts plugin <= 3.0.3 versions. 2023-04-07 not yet calculated CVE-2023-25059
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Arigato Autoresponder and Newsletter plugin <= 2.7.1.1 versions. 2023-04-07 not yet calculated CVE-2023-25061
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions. 2023-04-06 not yet calculated CVE-2023-25062
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25210
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25211
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetWirelessRepeat function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25212
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the check_param_changed function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25213
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25214
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25215
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25216
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25217
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25218
MISC
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25219
MISC
tenda — ac5 Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-25220
MISC
MISC
atlauncher — atlauncher ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. 2023-04-04 not yet calculated CVE-2023-25303
MISC
MISC
polymc_launcher — polymc_launcher PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. A mrpack file can be maliciously crafted to create arbitrary files outside of the installation directory. 2023-04-04 not yet calculated CVE-2023-25305
MISC
MISC
mybatis_plus — mybaties_plus A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. 2023-04-05 not yet calculated CVE-2023-25330
MISC
coredial — sipxcom CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. 2023-04-04 not yet calculated CVE-2023-25355
MISC
coredial — sipxcom CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. XMPP users are able to inject arbitrary arguments into a system command, which can be used to read files from, and write files to, the sipXcom server. This can also be leveraged to gain remote command execution. 2023-04-04 not yet calculated CVE-2023-25356
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Marcel Pol Zeno Font Resizer plugin <= 1.7.9 versions. 2023-04-07 not yet calculated CVE-2023-25442
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in StreamWeasels Twitch Player plugin <= 2.1.0 versions. 2023-04-07 not yet calculated CVE-2023-25464
MISC
dell — trusted_device_agent Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. 2023-04-06 not yet calculated CVE-2023-25542
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. 2023-04-07 not yet calculated CVE-2023-25702
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Go Prayer WP Prayer plugin <= 1.9.6 versions. 2023-04-07 not yet calculated CVE-2023-25705
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPGlobus WPGlobus Translate Options plugin <= 2.1.0 versions. 2023-04-07 not yet calculated CVE-2023-25711
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-Buddy Google Analytics Opt-Out plugin <= 2.3.4 versions. 2023-04-07 not yet calculated CVE-2023-25712
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Fullworks Quick Paypal Payments plugin <= 5.7.25 versions. 2023-04-07 not yet calculated CVE-2023-25713
MISC
wordpress — wordpress Auth (admin+) Stored Cross-Site Scripting (XSS) vulnerability in gqevu6bsiz Announce from the Dashboard plugin <= 1.5.1 versions. 2023-04-07 not yet calculated CVE-2023-25716
MISC
dell — powerscale_onefs Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. 2023-04-04 not yet calculated CVE-2023-25940
MISC
dell — powerscale_onefs Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. 2023-04-04 not yet calculated CVE-2023-25941
MISC
dell — powerscale_onefs Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB, leading to a potential denial of service. 2023-04-04 not yet calculated CVE-2023-25942
MISC
arm_developer — mali_gpu_kernel_driver Memory leak vulnerability in Mali GPU Kernel Driver in Midgard GPU Kernel Driver all versions from r6p0 – r32p0, Bifrost GPU Kernel Driver all versions from r0p0 – r42p0, Valhall GPU Kernel Driver all versions from r19p0 – r42p0, and Avalon GPU Kernel Driver all versions from r41p0 – r42p0 allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. 2023-04-06 not yet calculated CVE-2023-26083
MISC
MISC
CONFIRM
configobj — configobj All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)((.*)). **Note:** This is only exploitable in the case of a developer, putting the offending value in a server side configuration file. 2023-04-03 not yet calculated CVE-2023-26112
MISC
MISC
apache — james_server
 
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX password automatically for Guice users. 2023-04-03 not yet calculated CVE-2023-26269
MISC
powerdns — recursor Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3. 2023-04-04 not yet calculated CVE-2023-26437
MISC
wordpress — wordpress Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.05 versions. 2023-04-05 not yet calculated CVE-2023-26536
MISC
tinytiff – tinytiffreader Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. 2023-04-04 not yet calculated CVE-2023-26733
MISC
MISC
yiisoft — yii_framework SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows a remote attacker to execute arbitrary code via the runAction function. 2023-04-04 not yet calculated CVE-2023-26750
MISC
monitorr — monitorr
 
File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. 2023-04-04 not yet calculated CVE-2023-26775
MISC
MISC
MISC
MISC
monitorr — monitorr Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. 2023-04-04 not yet calculated CVE-2023-26776
MISC
MISC
MISC
MISC
MISC
uptime_kuma — uptime_kuma Cross Site Scripting vulnerability found in :ouislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation parameter of the status_page.js endpoint. 2023-04-04 not yet calculated CVE-2023-26777
MISC
MISC
veritas — netbackup_opscenter Veritas NetBackUp OpsCenter Version 9.1.0.1 is vulnerable to Reflected Cross-site scripting (XSS). The Web App fails to adequately sanitize special characters. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user’s browser. 2023-04-05 not yet calculated CVE-2023-26789
MISC
MISC
codefever — codefever codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. 2023-04-07 not yet calculated CVE-2023-26817
MISC
siteproxy — siteproxy siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. 2023-04-07 not yet calculated CVE-2023-26820
MISC
totolink — a7100ru TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. 2023-04-07 not yet calculated CVE-2023-26848
MISC
churchcrm — churchcrm The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. 2023-04-04 not yet calculated CVE-2023-26855
MISC
sourcecodester — dynamic_transaction_queuing_system Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. 2023-04-05 not yet calculated CVE-2023-26856
MISC
sourcecodester — dynamic_transaction_queuing_system An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2023-04-05 not yet calculated CVE-2023-26857
MISC
greenpacket — oh736 GreenPacket OH736’s WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Commands are executed using pre-login execution and executed with root privileges allowing complete takeover. 2023-04-04 not yet calculated CVE-2023-26866
MISC
quectel — ag550qcn OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. 2023-04-04 not yet calculated CVE-2023-26921
MISC
infranview — infranview Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. 2023-04-04 not yet calculated CVE-2023-26974
MISC
totolink — a7100ru TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. 2023-04-07 not yet calculated CVE-2023-26978
MISC
swftools — swftools SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. 2023-04-04 not yet calculated CVE-2023-26991
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27012
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27013
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27014
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27015
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27016
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27017
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27018
MISC
tenda — ac10
 
Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27019
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27020
MISC
tenda — ac10 Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27021
MISC
prestashop — cdesigner Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). 2023-04-07 not yet calculated CVE-2023-27033
MISC
MISC
ehuacui — bbs Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. 2023-04-04 not yet calculated CVE-2023-27089
MISC
MISC
xiaobingby — teacms An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). 2023-04-04 not yet calculated CVE-2023-27091
MISC
MISC
gdidees — cms GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. 2023-04-07 not yet calculated CVE-2023-27180
MISC
MISC
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the client may bypass JSON Web Token (JWT) checks and forge fake original paths. The header `x-envoy-original-path` should be an internal header, but Envoy does not remove this header from the request at the beginning of request processing when it is sent from an untrusted client. The faked header would then be used for trace logs and grpc logs, as well as used in the URL used for `jwt_authn` checks if the `jwt_authn` filter is used, and any other upstream use of the x-envoy-original-path header. Attackers may forge a trusted `x-envoy-original-path` header. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 have patches for this issue. 2023-04-04 not yet calculated CVE-2023-27487
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, escalation of privileges is possible when `failure_mode_allow: true` is configured for `ext_authz` filter. For affected components that are used for logging and/or visibility, requests may not be logged by the receiving service. When Envoy was configured to use ext_authz, ext_proc, tap, ratelimit filters, and grpc access log service and an http header with non-UTF-8 data was received, Envoy would generate an invalid protobuf message and send it to the configured service. The receiving service would typically generate an error when decoding the protobuf message. For ext_authz that was configured with “failure_mode_allow: true“, the request would have been allowed in this case. For the other services, this could have resulted in other unforeseen errors such as a lack of visibility into requests. As of versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy by default sanitizes the values sent in gRPC service calls to be valid UTF-8, replacing data that is not valid UTF-8 with a `!` character. This behavioral change can be temporarily reverted by setting runtime guard `envoy.reloadable_features.service_sanitize_non_utf8_strings` to false. As a workaround, one may set `failure_mode_allow: false` for `ext_authz`. 2023-04-04 not yet calculated CVE-2023-27488
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Compliant HTTP/1 service should reject malformed request lines. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, There is a possibility that non compliant HTTP/1 service may allow malformed requests, potentially leading to a bypass of security policies. This issue is fixed in versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9. 2023-04-04 not yet calculated CVE-2023-27491
MISC
MISC
MISC
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the Lua filter is vulnerable to denial of service. Attackers can send large request bodies for routes that have Lua filter enabled and trigger crashes. As of versions versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy no longer invokes the Lua coroutine if the filter has been reset. As a workaround for those whose Lua filter is buffering all requests/ responses, mitigate by using the buffer filter to avoid triggering the local reply in the Lua filter. 2023-04-04 not yet calculated CVE-2023-27492
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, Envoy does not sanitize or escape request properties when generating request headers. This can lead to characters that are illegal in header values to be sent to the upstream service. In the worst case, it can cause upstream service to interpret the original request as two pipelined requests, possibly bypassing the intent of Envoy’s security policy. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. As a workaround, disable adding request headers based on the downstream request properties, such as downstream certificate properties. 2023-04-04 not yet calculated CVE-2023-27493
MISC
envoyproxy — envoy Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9, the OAuth filter assumes that a `state` query param is present on any response that looks like an OAuth redirect response. Sending it a request with the URI path equivalent to the redirect path, without the `state` parameter, will lead to abnormal termination of Envoy process. Versions 1.26.0, 1.25.3, 1.24.4, 1.23.6, and 1.22.9 contain a patch. The issue can also be mitigated by locking down OAuth traffic, disabling the filter, or by filtering traffic before it reaches the OAuth filter (e.g. via a lua script). 2023-04-04 not yet calculated CVE-2023-27496
MISC
wordpress — wordpress Auth. (contributor+) Stored Cross-site Scripting (XSS) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.12 versions. 2023-04-07 not yet calculated CVE-2023-27620
MISC
edb-debugger — edb-debugger An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. 2023-04-04 not yet calculated CVE-2023-27734
MISC
wondershare_technology — edrawmind An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. 2023-04-04 not yet calculated CVE-2023-27759
MISC
wondershare_technology — filmora An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. 2023-04-04 not yet calculated CVE-2023-27760
MISC
wondershare_technology — uniconverter An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. 2023-04-04 not yet calculated CVE-2023-27761
MISC
wondershare_technology — democreator An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. 2023-04-04 not yet calculated CVE-2023-27762
MISC
wondershare_technology — mobiletrans An issue found in Wondershare Technology Co., Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. 2023-04-04 not yet calculated CVE-2023-27763
MISC
wondershare_technology — repairit An issue found in Wondershare Technology Co., Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. 2023-04-04 not yet calculated CVE-2023-27764
MISC
wondershare_technology — recoverit An issue found in Wondershare Technology Co., Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. 2023-04-04 not yet calculated CVE-2023-27765
MISC
wondershare_technology — anireel An issue found in Wondershare Technology Co., Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. 2023-04-04 not yet calculated CVE-2023-27766
MISC
wondershare_technology — dr.fone An issue found in Wondershare Technology Co., Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. 2023-04-04 not yet calculated CVE-2023-27767
MISC
wondershare_technology — pdfelement An issue found in Wondershare Technology Co., Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. 2023-04-04 not yet calculated CVE-2023-27768
MISC
wondershare_technology — pdf_reader An issue found in Wondershare Technology Co., Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. 2023-04-04 not yet calculated CVE-2023-27769
MISC
wondershare_technology — edraw-max An issue found in Wondershare Technology Co., Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. 2023-04-04 not yet calculated CVE-2023-27770
MISC
wondershare_technology — creative_centerr An issue found in Wondershare Technology Co., Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. 2023-04-04 not yet calculated CVE-2023-27771
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27801
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27802
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27803
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27804
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27805
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27806
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27807
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27808
MISC
phicomm — h3c_magic_r100 H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted payload. 2023-04-07 not yet calculated CVE-2023-27810
MISC
ibm — tritiga_application_platform IBM TRIRIGA 4.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 249975. 2023-04-07 not yet calculated CVE-2023-27876
MISC
MISC
dell — diplay_manager Dell Display Manager, versions 2.1.0 and prior, contains an arbitrary file or folder deletion vulnerability during uninstallation A local low privilege attacker could potentially exploit this vulnerability, leading to the deletion of arbitrary files on the operating system with high privileges. 2023-04-06 not yet calculated CVE-2023-28046
MISC
dell — power_manager Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. 2023-04-07 not yet calculated CVE-2023-28051
MISC
dell — streaming_data_platform Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. An attacker with privileges same as a legitimate user can phish the legitimate the user to redirect to malicious website leading to information disclosure and launch of phishing attacks. 2023-04-05 not yet calculated CVE-2023-28069
MISC
zoho — manageengine Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. 2023-04-05 not yet calculated CVE-2023-28342
MISC
MISC
samsung — multiple_products An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. 2023-04-04 not yet calculated CVE-2023-28613
MISC
MISC
MISC
openidc — mod_auth_openidc mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using `OIDCStripCookies`. 2023-04-03 not yet calculated CVE-2023-28625
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the “forgotten password” feature. By modifying emails, the user can also receive sensitive data through GLPI notifications. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, account takeover can be prevented by deactivating all notifications related to `Forgotten password?` event. However, it will not prevent unauthorized modification of any user emails. 2023-04-05 not yet calculated CVE-2023-28632
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.84 and prior to versions 9.5.13 and 10.0.7, usage of RSS feeds is subject to server-side request forgery (SSRF). In case the remote address is not a valid RSS feed, an RSS autodiscovery feature is triggered. This feature does not check safety or URLs. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28633
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28634
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.60 and prior to versions 9.5.13 and 10.0.7, a vulnerability allows an administrator to create a malicious external link. This issue is fixed in versions 9.5.13 and 10.0.7. 2023-04-05 not yet calculated CVE-2023-28636
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.85 and prior to versions 9.5.13 and 10.0.7, a malicious link can be crafted by an unauthenticated user. It will be able to exploit a reflected XSS in case any authenticated user opens the crafted link. This issue is fixed in versions 9.5.13 and 10.0.7. 2023-04-05 not yet calculated CVE-2023-28639
MISC
CONFIRM
MISC
apache — airflow_hive_provider Improper Control of Generation of Code (‘Code Injection’) vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider: before 6.0.0. 2023-04-07 not yet calculated CVE-2023-28706
MISC
MISC
MISC
apache — airflow_drill_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. This issue affects Apache Airflow Drill Provider: before 2.3.2. 2023-04-07 not yet calculated CVE-2023-28707
MISC
MISC
MISC
apache — airflow_spark_provider Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider. This issue affects Apache Airflow Spark Provider: before 4.0.1. 2023-04-07 not yet calculated CVE-2023-28710
MISC
MISC
MISC
wordpress — wordpress Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. 2023-04-07 not yet calculated CVE-2023-28781
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.5.4 versions. 2023-04-07 not yet calculated CVE-2023-28789
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. 2023-04-07 not yet calculated CVE-2023-28792
MISC
nextcloud — server/enterprise_server Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get the full data directory path of the Nextcloud server from an API endpoint. By itself this information is not problematic as it can also be guessed for most common setups, but it could speed up other unknown attacks in the future if the information is known. Nextcloud Server 24.0.6 and 25.0.4 and Nextcloud Enterprise Server 23.0.11, 24.0.6, and 25.0.4 contain patches for this issue. There are no known workarounds. 2023-04-03 not yet calculated CVE-2023-28834
MISC
MISC
MISC
MISC
wagtail — wagtail Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user’s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the “Choose a parent page” ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality. 2023-04-03 not yet calculated CVE-2023-28836
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
wagtail — wagtail Wagtail is an open source content management system built on Django. Prior to versions 4.1.4 and 4.2.2, a memory exhaustion bug exists in Wagtail’s handling of uploaded images and documents. For both images and documents, files are loaded into memory during upload for additional processing. A user with access to upload images or documents through the Wagtail admin interface could upload a file so large that it results in a crash of denial of service. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. It can only be exploited by admin users with permission to upload images or documents. Image uploads are restricted to 10MB by default, however this validation only happens on the frontend and on the backend after the vulnerable code. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2). Site owners who are unable to upgrade to the new versions are encouraged to add extra protections outside of Wagtail to limit the size of uploaded files. 2023-04-03 not yet calculated CVE-2023-28837
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 0.50 and prior to versions 9.5.13 and 10.0.7, a SQL Injection vulnerability allow users with access rights to statistics or reports to extract all data from database and, in some cases, write a webshell on the server. Versions 9.5.13 and 10.0.7 contain a patch for this issue. As a workaround, remove `Assistance > Statistics` and `Tools > Reports` read rights from every user. 2023-04-05 not yet calculated CVE-2023-28838
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. Two iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded. The injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network. Patches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. 2023-04-04 not yet calculated CVE-2023-28840
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. An iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation. Encrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees. It is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster. 2023-04-04 not yet calculated CVE-2023-28841
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
moby — moby Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*. Swarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code. The `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes. Encrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption. When setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet’s VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN. The `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate. Encrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration. Patches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime’s 20.10 releases are numbered differently, users of that platform should update to 20.10.16. Some workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec. 2023-04-04 not yet calculated CVE-2023-28842
MISC
MISC
MISC
MISC
MISC
nextcloud — nextcloud user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28848
MISC
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform XSS attack. By default, GLPI inventory endpoint requires no authentication. Version 10.0.7 contains a patch for this issue. As a workaround, disable native inventory. 2023-04-05 not yet calculated CVE-2023-28849
MISC
MISC
pimcore — pimcore Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. This vulnerability has the potential to steal a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie or redirect users to other malicious sites. Version 1.5.1 has a patch. As a workaround, one may apply the patch manually. 2023-04-03 not yet calculated CVE-2023-28850
MISC
MISC
MISC
silverstripe — silverstripe Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Starting in version 0.2.0 and prior to versions 1.0.2, 1.1.0, 2.2.5, and 3.1.1, improper escaping when presenting stored form submissions allowed for an attacker to perform a Cross-Site Scripting attack. The vulnerability was initially patched in version 1.0.2, and version 1.1.0 includes this patch. The bug was then accidentally re-introduced during a merge error, and has been re-patched in versions 2.2.5 and 3.1.1. There are no known workarounds for this vulnerability. 2023-04-03 not yet calculated CVE-2023-28851
MISC
MISC
glpi-project — glpi GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to versions 9.5.13 and 10.0.7, a user with dashboard administration rights may hack the dashboard form to store malicious code that will be executed when other users will use the related dashboard. Versions 9.5.13 and 10.0.7 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28852
MISC
MISC
MISC
mastodon — mastodon Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection attack to leak arbitrary attributes from LDAP database. This issue is fixed in versions 3.5.8, 4.0.4, and 4.1.2. 2023-04-04 not yet calculated CVE-2023-28853
MISC
MISC
MISC
MISC
MISC
MISC
MISC
nophp — nophp nophp is a PHP web framework. Prior to version 0.0.1, nophp is vulnerable to shell command injection on httpd user. A patch was made available at commit e5409aa2d441789cbb35f6b119bef97ecc3986aa on 2023-03-30. Users should update index.php to 2023-03-30 or later or, as a workaround, add a function such as `env_patchsample230330.php` to env.php. 2023-04-03 not yet calculated CVE-2023-28854
MISC
MISC
MISC
glpi-project — glpi Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to versions 1.13.1 and 1.20.4, lack of access control check allows any authenticated user to write data to any fields container, including those to which they have no configured access. Versions 1.13.1 and 1.20.4 contain a patch for this issue. 2023-04-05 not yet calculated CVE-2023-28855
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ignazio Scimone Albo Pretorio On Line plugin <= 4.6.1 versions. 2023-04-07 not yet calculated CVE-2023-28993
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28997
MISC
MISC
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28998
MISC
MISC
MISC
nextcloud — desktop_client Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-28999
MISC
MISC
MISC
nextcloud — desktop_client The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. 2023-04-04 not yet calculated CVE-2023-29000
MISC
MISC
MISC
sveltekit — sveltekit SvelteKit is a web development framework. The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. While the implementation does a sufficient job in mitigating common CSRF attacks, prior to version 1.15.1, the protection can be bypassed by simply specifying a different `Content-Type` header value. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. SvelteKit 1.15.1 updates the `is_form_content_type` function call in the CSRF protection logic to include `text/plain`. As additional hardening of the CSRF protection mechanism against potential method overrides, SvelteKit 1.15.1 is now performing validation on `PUT`, `PATCH` and `DELETE` methods as well. This latter hardening is only needed to protect users who have put in some sort of `?_method= override` feature themselves in their `handle` hook, so that the request that resolve sees could be `PUT`/`PATCH`/`DELETE` when the browser issues a `POST` request. 2023-04-04 not yet calculated CVE-2023-29003
MISC
MISC
MISC
glpi-project — glpi The Order GLPI plugin allows users to manage order management within GLPI. Starting with version 1.8.0 and prior to versions 2.7.7 and 2.10.1, an authenticated user that has access to standard interface can craft an URL that can be used to execute a system command. Versions 2.7.7 and 2.10.1 contain a patch for this issue. As a workaround, delete the `ajax/dropdownContact.php` file from the plugin. 2023-04-05 not yet calculated CVE-2023-29006
MISC
MISC
sveltekit — sveltekit The SvelteKit framework offers developers an option to create simple REST APIs. This is done by defining a `+server.js` file, containing endpoint handlers for different HTTP methods. SvelteKit provides out-of-the-box cross-site request forgery (CSRF) protection to its users. The protection is implemented at `kit/src/runtime/server/respond.js`. While the implementation does a sufficient job of mitigating common CSRF attacks, the protection can be bypassed in versions prior to 1.15.2 by simply specifying an upper-cased `Content-Type` header value. The browser will not send uppercase characters, but this check does not block all expected CORS requests. If abused, this issue will allow malicious requests to be submitted from third-party domains, which can allow execution of operations within the context of the victim’s session, and in extreme scenarios can lead to unauthorized access to users’ accounts. This may lead to all POST operations requiring authentication being allowed in the following cases: If the target site sets `SameSite=None` on its auth cookie and the user visits a malicious site in a Chromium-based browser; if the target site doesn’t set the `SameSite` attribute explicitly and the user visits a malicious site with Firefox/Safari with tracking protections turned off; and/or if the user is visiting a malicious site with a very outdated browser. SvelteKit 1.15.2 contains a patch for this issue. It is also recommended to explicitly set `SameSite` to a value other than `None` on authentication cookies especially if the upgrade cannot be done in a timely manner. 2023-04-06 not yet calculated CVE-2023-29008
MISC
MISC
budibase — budibase Budibase is a low code platform for creating internal tools, workflows, and admin panels. Versions prior to 2.4.3 (07 March 2023) are vulnerable to Server-Side Request Forgery. This can lead to an attacker gaining access to a Budibase AWS secret key. Users of Budibase cloud need to take no action. Self-host users who run Budibase on the public internet and are using a cloud provider that allows HTTP access to metadata information should ensure that when they deploy Budibase live, their internal metadata endpoint is not exposed. 2023-04-06 not yet calculated CVE-2023-29010
MISC
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A reflected cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when evaluating the LOGID parameter. An attacker could trick a user into following a specially crafted link to a Goobi viewer installation, resulting in the execution of malicious script code in the user’s browser. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29014
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in the user comment feature of Goobi viewer core prior to version 23.03. An attacker could create a specially crafted comment, resulting in the execution of malicious script code in the user’s browser when displaying the comment. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29015
MISC
MISC
goobi_viewer — goobi_viewer The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. A cross-site scripting vulnerability has been identified in Goobi viewer core prior to version 23.03 when using nicknames. An attacker could create a user account and enter malicious scripts into their profile’s nickname, resulting in the execution in the user’s browser when displaying the nickname on certain pages. The vulnerability has been fixed in version 23.03. 2023-04-06 not yet calculated CVE-2023-29016
MISC
MISC
vm2_sandbox — vm2_sandbox vm2 is a sandbox that can run untrusted code with whitelisted Node’s built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. This vulnerability was patched in the release of version 3.9.15 of vm2. There are no known workarounds. 2023-04-06 not yet calculated CVE-2023-29017
MISC
MISC
MISC
MISC
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product page shipping calculator for WooCommerce plugin <= 1.3.20 versions. 2023-04-07 not yet calculated CVE-2023-29094
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. 2023-03-31 not yet calculated CVE-2023-29141
MISC
MISC
FEDORA
wordpress — wordpress Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in PI Websolution Product Enquiry for WooCommerce, WooCommerce product catalog plugin <= 2.2.12 versions. 2023-04-07 not yet calculated CVE-2023-29170
MISC
wordpress — wordpress Unauth. Reflected Cross-site Scripting (XSS) vulnerability in Magic Post Thumbnail plugin <= 4.1.10 versions. 2023-04-07 not yet calculated CVE-2023-29171
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PropertyHive plugin <= 1.5.46 versions. 2023-04-07 not yet calculated CVE-2023-29172
MISC
twitter — twitter_recommendation_algorithm The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative signals regarding a target account, such as unfollowing, muting, blocking, and reporting, as exploited in the wild in March and April 2023. 2023-04-03 not yet calculated CVE-2023-29218
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions. 2023-04-07 not yet calculated CVE-2023-29236
MISC
openbsd — openbsd ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address. 2023-04-04 not yet calculated CVE-2023-29323
MISC
MISC
MISC
MISC
MISC
MISC
MISC
langchain — langchain In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. 2023-04-05 not yet calculated CVE-2023-29374
MISC
MISC
MISC
MISC
wordpress — wordpress Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in impleCode Product Catalog Simple plugin <= 1.6.17 versions. 2023-04-07 not yet calculated CVE-2023-29388
MISC
toyota — rav4_2021 Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged “Key is validated” messages via CAN Injection, as exploited in the wild in (for example) July 2022. 2023-04-05 not yet calculated CVE-2023-29389
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A denial of service (process hang) can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. 2023-04-06 not yet calculated CVE-2023-29415
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.3.0. A bz3_decode_block out-of-bounds write can occur with a crafted archive because bzip3 does not follow the required procedure for interacting with libsais. 2023-04-06 not yet calculated CVE-2023-29416
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an xwrite out-of-bounds read. 2023-04-06 not yet calculated CVE-2023-29418
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a bz3_decode_block out-of-bounds read. 2023-04-06 not yet calculated CVE-2023-29419
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is a crash caused by an invalid memmove in bz3_decode_block. 2023-04-06 not yet calculated CVE-2023-29420
MISC
MISC
MISC
bzip3 — bzip3 An issue was discovered in libbzip3.a in bzip3 before 1.2.3. There is an out-of-bounds write in bz3_decode_block. 2023-04-06 not yet calculated CVE-2023-29421
MISC
MISC
sagemath — flintqs SageMath FlintQS 1.0 relies on pathnames under TMPDIR (typically world-writable), which (for example) allows a local user to overwrite files with the privileges of a different user (who is running FlintQS). 2023-04-06 not yet calculated CVE-2023-29465
MISC
MISC
atos_unify — openscape_4000_platform webservice in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23710. 2023-04-06 not yet calculated CVE-2023-29473
MISC
MISC
atos_unify — openscape_4000_platform inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23552. 2023-04-06 not yet calculated CVE-2023-29474
MISC
MISC
atos_unify — openscape_4000_platform inventory in Atos Unify OpenScape 4000 Platform and OpenScape 4000 Manager Platform 10 R1 before 10 R1.34.4 allows an unauthenticated attacker to run arbitrary commands on the platform operating system and achieve administrative access, aka OSFOURK-23543. 2023-04-06 not yet calculated CVE-2023-29475
MISC
MISC
bibliocraft — bibliocraft BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code execution. 2023-04-07 not yet calculated CVE-2023-29478
MISC
redpanda — redpanda rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure (while a cluster is turned off) in order to have TLS on broker RPC ports. NOTE: the fix was also backported to the 22.2 and 22.3 branches. 2023-04-08 not yet calculated CVE-2023-30450
MISC
MISC
MISC
MISC
MISC

Back to top

Categories
alerts

Mozilla Releases Security Advisories for Multiple Products

Mozilla has released security advisories to address vulnerabilities in Firefox and Firefox ESR. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. 

CISA encourages users and administrators to review the following advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities, see the Mozilla Foundation Security Advisories page.

Categories
alerts

CISA and Partners Disclose Snake Malware Threat From Russian Cyber Actors

Today, CISA and partners released a joint advisory for a sophisticated cyber espionage tool used by Russian cyber actors. Hunting Russian Intelligence “Snake” Malware provides technical descriptions of the malware’s host architecture and network communications, and mitigations to help detect and defend against this threat.

CISA urges organizations to review the advisory for more information and apply the recommended mitigations and detection guidance. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.

Categories
alerts

Hunting Russian Intelligence “Snake” Malware

SUMMARY

The Snake implant is considered the most sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets. To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes which route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets. Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts.

We have identified Snake infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself. Although Snake uses infrastructure across all industries, its targeting is purposeful and tactical in nature. Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets, such as government networks, research facilities, and journalists. As one example, FSB actors used Snake to access and exfiltrate sensitive international relations documents, as well as other diplomatic communications, from a victim in a North Atlantic Treaty Organization (NATO) country. Within the United States, the FSB has victimized industries including education, small businesses, and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing, and communications.

This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications. This CSA also addresses a recent Snake variant that has not yet been widely disclosed. The technical information and mitigation recommendations in this CSA are provided to assist network defenders in detecting Snake and associated activity. For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage.

Download the PDF version of this report: 

AA23-129A Snake Malware
(PDF, 4.11 MB
)

INTRODUCTION

What is Snake?

We consider Snake to be the most sophisticated cyber espionage tool in the FSB’s arsenal. The sophistication of Snake stems from three principal areas. First, Snake employs means to achieve a rare level of stealth in its host components and network communications. Second, Snake’s internal technical architecture allows for easy incorporation of new or replacement components. This design also facilitates the development and interoperability of Snake instances running on different host operating systems. We have observed interoperable Snake implants for Windows, MacOS, and Linux operating systems. Lastly, Snake demonstrates careful software engineering design and implementation, with the implant containing surprisingly few bugs given its complexity.

Following open source reporting by cybersecurity and threat intelligence companies on Snake tactics, techniques, and procedures (TTPs), the FSB implemented new techniques to evade detection. The modifications to the implant enhanced challenges in identifying and collecting Snake and related artifacts, directly hampering detection from both host- and network-based defensive tools.

The effectiveness of this type of cyber espionage implant depends entirely on its long-term stealth, since the objective of an extended espionage operation involves remaining on the target for months or years to provide consistent access to important intelligence. The uniquely sophisticated aspects of Snake represent significant effort by the FSB over many years to enable this type of covert access.

Background

The FSB began developing Snake as “Uroburos” in late 2003. Development of the initial versions of the implant appeared to be completed around early 2004, with cyber operations first conducted using the implant shortly thereafter. The name Uroburos is appropriate, as the FSB cycled it through nearly constant stages of upgrade and redevelopment, even after public disclosures, instead of abandoning it. The name appears throughout early versions of the code, and the FSB developers also left other unique strings, including “Ur0bUr()sGoTyOu#”, which have publicly come back to haunt them.

Unique features in early versions of Uroburos included a low resolution image of a portion of a historical illustration of an uroboros by the German philosopher and theologian Jakob Böhme. One approach to a tertiary backdoor used this image as the key. The same image had also been embedded in other Snake-related components. The image, blown up to a higher resolution, is shown below.

Image of an uroburos

In addition, early FSB developers of the Snake implant left portions of unique code throughout the implant which reveal inside jokes, personal interests, and taunts directed at security researchers. For instance, the “Ur0bUr()sGoTyOu#” string referenced above was replaced with “gLASs D1cK” in 2014 following some of the public cybersecurity reporting.

Attribution

We attribute Snake operations to a known unit within Center 16 of the FSB.  This unit more broadly operates the numerous elements of the Turla  toolset, and has subunits spread throughout Russia in a reflection of historical KGB signals intelligence operations in the Soviet Union. Snake has been a core component of this unit’s operations for almost as long as Center 16 has been part of the FSB.  The extensive influence of Snake across the Turla toolset demonstrates its impact on practically every aspect of the unit’s modern era of cyber operations.

Daily operations using Snake have been carried out from an FSB facility in Ryazan, Russia, with an increase in Snake activity during FSB working hours in Ryazan, approximately 7:00 AM to 8:00 PM, Moscow Standard Time (GMT+3). The main developers were Ryazan-based FSB officers known by monikers included in the code of some versions of Snake. In addition to developing Snake, Ryazan-based FSB officers used it to conduct worldwide operations; these operations were different from others launched from Moscow or other FSB sites based on infrastructure and techniques.

While the development and re-tooling of Snake has historically been done by Ryazan-based FSB officers, Snake operations were also launched from an FSB Center 16-occupied building in Moscow. Our investigations have identified examples of FSB operators using Snake to its full potential, as well as FSB operators who appeared to be unfamiliar with Snake’s more advanced capabilities. These observations serve to illustrate the difficulty in using such an advanced toolset across the various geographically dispersed teams comprising this unit within FSB Center 16.

We have been collectively investigating Snake and Snake-related tools for almost 20 years, as well as other operations by this unit since the 1990s. During that time, the FSB has used Snake in many different operations, and they have demonstrated the value placed in this tool by making numerous adjustments and revisions to keep it viable after repeated public disclosures and other mitigations. Snake’s code and multiple Snake-related tools have been either a starting point or a key influence factor for a diverse range of other highly prolific implants and operational tools in the Turla family. Most notably, this has included Carbon (aka Cobra)—derived from Snake’s code base—and the similarly Snake-adjacent implant Chinch (currently known in open sources as ComRAT).

Victimization

We have identified Snake infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, to include the United States and Russia itself. Although Snake leverages infrastructure across all industries, its targeting is purposeful and tactical in nature. For instance, if an infected system did not respond to Snake communications, the FSB actors would strategically re-infect it within days. Globally, the FSB has used Snake to collect sensitive intelligence from high priority targets, such as government networks, research facilities, and journalists. As one example, FSB actors used Snake to access and exfiltrate sensitive international relations documents, as well as other diplomatic communications, from a victim in a NATO country. Within the United States, the FSB has victimized industries including education, small businesses, and media organizations, as well as critical infrastructure sectors including government facilities, financial services, critical manufacturing, and communications.

Other Tools and TTPs Employed with Snake

The FSB typically deploys Snake to external-facing infrastructure nodes on a network, and from there uses other tools and TTPs on the internal network to conduct additional exploitation operations. Upon gaining and cementing ingress into a target network, the FSB typically enumerates the network and works to obtain administrator credentials and access domain controllers. A wide array of mechanisms has been employed to gather user and administrator credentials in order to expand laterally across the network, to include keyloggers, network sniffers, and open source tools. 

Typically, after FSB operators map out a network and obtain administrator credentials for various domains in the network, regular collection operations begin. In most instances with Snake, further heavyweight implants are not deployed, and they rely on credentials and lightweight remote-access tools internally within a network. FSB operators sometimes deploy a small remote reverse shell along with Snake to enable interactive operations. This triggerable reverse shell, which the FSB has used for around 20 years, can be used as a backup access vector, or to maintain a minimal presence in a network and avoid detection while moving laterally. 

Snake Architecture

Snake’s architectural design reflects professional software engineering practices. Critical pathways within the implant are made of stacks of loosely coupled components that implement well-designed interfaces. In addition to facilitating software development and debugging, this construction allows Snake to use multiple different components for the same purpose, choosing the specific component based on environmental considerations. For example, Snake’s custom network communications protocols function as a stack. All implementations use an encryption layer and a transport layer, such as Snake’s custom HTTP or raw TCP socket protocol. Each layer of the Snake network protocol stack solely implements a specified interface for operability with the two adjacent layers. The encryption layer and underlying transport layer thus function independently, so any custom Snake network protocol can employ an encryption overlay without any change to the encryption layer code. 

This modularity allows Snake operators to choose the most logical network transport for the given environment without affecting Snake’s other functionality. When using a compromised HTTP server as part of the Snake P2P network, the operators can ensure that all traffic to this machine follows the Snake custom HTTP protocol and thereby blends effectively with legitimate traffic. In the context of a compromised machine that legitimately allows secure shell (SSH) connections, Snake can utilize its custom raw TCP socket protocol instead of its custom HTTP protocol. All other layers of the Snake protocol stack, from the immediately adjacent transport encryption layer to the distant command processing layer, can and do remain entirely agnostic to the transport layer as long as it implements its interface correctly. This architecture also allows the Snake developers to easily substitute a new communications protocol when they believe one has been compromised, without necessitating any downstream changes in the code base. Lastly, this design facilitates the development of fully interoperable Snake implants running on different host operating systems.

Snake’s technical sophistication extends from the software architecture into the lower-level software implementation. Original versions of Snake were developed as early as 2003, before many of the modern programming languages and frameworks that facilitate this type of modular development were available. Snake is written entirely in C, which provides significant advantages in low-level control and efficiency, but which does not provide direct support for objects or interfaces at the language level and provides no assistance with memory management. The developers of Snake successfully implemented the implant’s complex design in C with very few bugs, including careful avoidance of the common pitfalls associated with null-terminated strings and the mixing of signed and unsigned integers. Additionally, the developers demonstrate an understanding of computer science principles throughout the implant’s implementation. This includes selecting and correctly coding asymptotically optimal algorithms, designing and utilizing efficient custom encoding methodologies that closely resemble common encoding schemes, and handling the numerous possible errors associated with systems-level programming in a secure manner.

Capitalizing on Mistakes

Although the Snake implant as a whole is a highly sophisticated espionage tool, it does not escape human error. A tool like Snake requires more familiarity and expertise to use correctly, and in several instances Snake operators neglected to use it as designed. Various mistakes in its development and operation provided us with a foothold into the inner workings of Snake and were key factors in the development of capabilities that have allowed for tracking Snake and the manipulation of its data.

The FSB used the OpenSSL library to handle its Diffie-Hellman key exchange. The Diffie-Hellman key-set created by Snake during the key exchange is too short to be secure. The FSB provided the function DH_generate_parameters with a prime length of only 128 bits, which is inadequate for asymmetric key systems. Also, in some instances of what appeared to be rushed deployments of Snake, the operators neglected to strip the Snake binary. This led to the discovery of numerous function names, cleartext strings, and developer comments as seen in the following figure.

Non-Stripped Function and Command Names

SNAKE HOST-BASED TECHNICAL DETAILS

The FSB has quickly adapted Snake when its capabilities have been publicly disclosed by private industry. Snake therefore exists in several variants, as it has evolved over almost 20 years. This CSA focuses on one of the more recent variants of Snake that up until now has not been widely disclosed. Older variants of Snake will be discussed briefly where applicable, but not discussed in depth, as many details of earlier Snake variants already exist in the public domain.

Installer

The Snake installer has gone by various names throughout Snake’s existence (e.g., “jpinst.exe”). This advisory will describe the version of the installer which regularly used the name “jpsetup.exe”. This executable is packed using a customized obfuscation methodology. The developers appear to have added the unpacking functionality from an open source project for viewing JPEG files. This technique serves to obfuscate the unpacking code within an otherwise legitimate code base.  The unpacking code extracts an executable, herein referred to as the “Png Exe”, and it extracts an AES encrypted blob from the Png Exe’s resources, which herein will be referred to as the “Png Resource”. 

The jpsetup.exe installer requires two arguments to be passed via the command line for execution. The first argument is a wide character string hashed with SHA-256 twice, and the resulting value of these computations becomes the AES key that decrypts the Png Resource. The AES initialization vector (IV) consists of the first 16 bytes of the second argument to jpsetup.exe after prepending the argument with a wide character “1” string. Once decrypted, the Png Resource becomes an executable that will be referred to herein as “Stage 2”. 

When unpacked, many components are extracted from Stage 2’s resources. Several of the resources are executables with additional resources of their own. Stage 2 creates structures from its resources, which ultimately become the host artifacts of Snake.

On-Disk Components

As Windows has been the most prevalent operating system targeted by Snake, this document will only discuss the Windows-based artifacts; however, Snake can be cross-compiled and is capable of running on other operating systems.

On-Disk Obfuscation

Snake’s host architecture and network communications allow an unusual level of stealth. Snake makes inventive use of its kernel module in both of these contexts. All known Windows versions of Snake have used a concealed storage mechanism to hide host componentry. In addition to using the kernel module to remove the relevant components from any listing returned by the operating system, Snake utilizes the kernel module to mediate any requests between Snake’s user mode components and the concealed storage mechanism, which itself is encrypted with a unique per-implant key. This unique keying creates detection difficulties even for tools that are independent of the compromised operating system, since simple signatures targeting Snake host components would be ineffective. 

Persistence Mechanism

The Snake version primarily discussed in this advisory registers a service to maintain persistence on a system. Typically, this service is named “WerFaultSvc,” which we assess was used to blend in with the legitimate Windows service WerSvc. On boot, this service will execute Snake’s WerFault.exe, which Snake developers chose to hide among the numerous valid Windows “WerFault.exe” files in the %windows%WinSxS directory. Executing WerFault.exe will start the process of decrypting Snake’s components and loading them into memory. 

Snake Boot Cycle
Encrypted Registry Key Data

Upon execution, Snake’s WerFault.exe will attempt to decrypt an encrypted blob within the Windows registry that is typically found at HKLM:SOFTWAREClasses.wavOpenWithProgIds. The encrypted data includes the AES key, IV, and path that is used to find and decrypt the file containing Snake’s kernel driver and kernel driver loader. The registry object’s structure can be seen on the right side of the following figure. Snake uses Microsoft Windows Cryptography API: Next Generation (CNG) key store to store the AES key needed to decrypt the registry object.

Driver Decryption Routine
Kernel Driver and Custom Loader

Snake’s installer drops the kernel driver and a custom DLL which is used to load the driver into a single AES encrypted file on disk. Typically, this file is named “comadmin.dat” and is stored in the %windows%system32Com directory. The structure of this file can be seen on the left side of the figure above. The key, IV, and path to comadmin.dat are stored in the encrypted registry blob. 

The Queue File

The last host-based artifact to discuss is the Queue File. Typically, this file has been found within the %windows%Registration directory with the format of ..crmlog, and is decrypted by Snake’s kernel driver. Due to the complexity and importance of the Queue File, its details are discussed at length in the following subsection. 

The Queue

The Queue is a Snake structure that contains various pieces of information, including key material, communication channels, modes of operation, the principal user mode component, etc., that Snake requires for successful operation. It should be noted that this is a name used by the developers and is not equivalent to a “queue” in the normal context of computer science. The Queue data is saved on disk in the Queue File, which is a flat file with a substructure that includes a 0x2c-byte file header followed by data blocks. Each data block corresponds to exactly one Queue Item, which could be, for example, a simple configuration parameter, a Snake command, or an entire embedded executable. Each Queue Item is associated with a specific Queue Container.

Queue Containers and Items

Each Container is identified by its Type and Instance values. Each Container Type holds the same type of information used by the Snake implant for a specific purpose. The following table shows the various Container Types and their functions. A Queue can have multiple Containers of the same Type, but each of these Containers will have different Instance values.

Queue File Containers

The data in each Container in the Queue is separated into Queue Items with the 0x40-byte metadata structure shown in the following table. The data content of the Queue Item immediately follows this structure. The Queue Items in each Container are distinguished by their corresponding Item Number as well as their Item Type identifier. The Item Number is assigned by the Snake implant itself, while Snake operators generally refer to the Item Type value when trying to reference a specific item.

Queue Item Structure
Queue File Encryption

In previous versions of Snake, the Queue File existed within an encrypted covert store. The data belonging to the Queue Items themselves were also CAST-128 encrypted. In more recent versions, the covert store was removed, and the Queue File exists by itself on disk. The Queue Items inside the Queue File are still encrypted with CAST-128, and in addition, the full Queue File is also CAST-128 encrypted. The CAST keys used to encrypt the Queue Items within a Container Instance can be found in that Instance’s corresponding 0x2 Container as Item Type 0x229 (see below). The key and IV used to encrypt the Queue File can be found by decoding strings within Snake’s kernel driver.

Container Descriptions
0xb Container

The 0xb Container lists the available modes of operation for a given Snake implant. When using a certain mode, Snake uses a specific set of Containers and communication channels. Each infection can use up to four different modes. Each mode in the 0xb Container will have a Container Instance value that all Containers associated with this mode will use, except for the 0x3 Container. 

Queue File Container Organization
0x0 Container

The 0x0 Container handles incoming commands/data for the host of the Snake infection. Commands will be queued in this Container until the implant is ready to execute them.

0x1 Container

The 0x1 Container handles outbound commands/data for the host of the Snake infection. The data will be queued within the 0x1 Container until the implant is ready to exfiltrate them.

0x2 Container

The 0x2 Container holds the configuration information for the mode to which it corresponds. Various pieces of information vital to Snake’s successful operation are stored within these Containers. This subsection will discuss a subset of the parameters that can be found within the 0x2 Container.

Container 2 Queue Items

Pivotal key information can be found within the 0x2 Containers. This includes the inbound and outbound RSA keys (Items 0x228 and 0x227, respectively), the CAST key (Item 0x229) used to encrypt the individual items within the Queue Container, pre-shared keys used for the top layer of encryption in Snake’s network communication protocol, and a quasi-unique value for the implant, called the “ustart” value, needed for Snake network connectivity.

Snake is constantly passing data between its kernel and user mode components. The methodology (generally, named pipes) used to make these communications is listed in Items 0x65-0x6f of the 0x2 Container. Items 0x70-0x7a list the parameters necessary to establish these communications. 

Items 0xc9-0xd3 contain details of up to ten other Snake infections, referred to as “communication channels”, which the implant can communicate with during Passive Operations. The parameters needed to establish Snake sessions with the other hosts can be found in Items 0xd4-0xde.

Many additional data points, such as the process name where Snake injected itself or the modules Snake has loaded from its 0x3 Container, can be found within 0x2 Containers.

0x3 Container

The 0x3 Container houses embedded files and modules for Snake. A single 0x3 Container will be accessible to all Containers in the Queue. The 0x3 Container has its own dedicated 0x2 Container that only includes a single Queue Item of Item Type 0x229 (a CAST-128 key). This key will be used to encrypt and decrypt all of the embedded files and modules within the 0x3 Container.

Container 3 Queue Items

The Item Types assigned to the embedded files and modules within the 0x3 Container are consistent across all of the Snake infections within Snake’s P2P network. For example, the 0x01 Item Type is the Zlib library, and therefore any time an Item Type of 0x01 is seen within the 0x3 Container of a Snake infection, that file is always the Zlib library. The implant’s 0x2 Container will keep track of libraries that it has loaded. If the DLL is a file on disk, the full path to the DLL is saved in the 0x2 Container. If the library was loaded from a 0x3 Container, the loaded module will be displayed in the implant’s 0x2 Container in the format “&”. 

0x4 Container

The 0x4 Container logs command activity. Each Queue Item within the Container is a log of a single executed or attempted command. Each mode will have its own corresponding 0x4 Container.

0x5 Container

The 0x5 Container holds Snake network logs, noting any IP address that has connected to this implant. Some versions of Snake no longer make use of this Container.

0x6 Container

The 0x6 Container saves commands that are set to execute at specific times. A Queue Item is created for each scheduled command.

0x7 Container

The 0x7 Container logs the IP addresses of any other Snake implants that have connected to this implant during Passive Operations. The commands 0x79 (Read Agents Track) and 0x7a (Clear Agents Track) are used to interact with this Container. Note that the command 0x7a had been deprecated in some versions of Snake and returns the error “function unsupported” if called.

SNAKE NETWORK COMMUNICATIONS

Snake’s network communications are encrypted, fragmented, and sent using custom methodologies that ride over common network protocols, including both raw TCP and UDP sockets and higher-level protocols like HTTP, SMTP, and DNS. Snake’s protocols for HTTP and TCP are the most commonly seen, but functionality exists for UDP, ICMP, and raw IP traffic. Snake’s network communications are comprised of “sessions”, which are distinct from the sessions associated with the legitimate protocol it is riding on top of (e.g., TCP sessions). The Snake session is then comprised of distinct commands. Both Snake’s custom transport encryption layer (“enc”) and Snake’s Application Layer have their own encryption mechanisms, where the enc layer operates on an individual P2P session and the Snake Application Layer provides end-to-end encryption between the controller (i.e., point of origin) and the command’s ultimate destination. The following figure details Snake’s communication protocol stack. 

Snake Protocol Stack

Network Obfuscation

Snake’s use of its kernel module also facilitates stealthy network communications. To participate fully in Snake’s P2P network, implanted machines which are not the ultimate target must act as servers for other Snake nodes. Snake’s kernel module, along with a thoughtfully designed mechanism for distinguishing Snake traffic from legitimate client traffic, allows the implant to function as a server in the Snake P2P network without opening any new ports, greatly complicating detection efforts. Additionally, Snake’s custom network communication protocols are designed to blend with traffic that the compromised server normally would receive. This allows Snake operators to use legitimate servers as infrastructure, which reduces the effectiveness of simple IP address or domain blocking without needing to open new ports or send unusual looking traffic to this infrastructure. 

Snake’s Network Authentication Technique (“ustart”)

Snake uses its custom HTTP and raw socket TCP based protocols for large data communications.  With these protocols and others, Snake employs a specific authentication mechanism to distinguish Snake traffic from legitimate traffic destined for application software on the compromised server. This technique enables one of the uniquely sophisticated aspects of Snake, which is its ability to function effectively as server software without opening any further ports on the compromised system. The relevant per-implant authentication value is referred to as the “ustart” and is stored in the implant’s Queue File. There are multiple forms of the ustart value, including “ustart”, “ustart2”, and “ustartl”. 

Rather than open a listening socket on a specified TCP port, the Snake kernel module intercepts the first client-to-server packet following the 3-way handshake in every TCP session. The kernel module then determines whether or not the contents of that packet are in fact valid for the ustart value of that target Snake implant. If so, the Snake kernel module forwards that packet and any future packets in the same TCP session to Snake’s own processing functionality, and the (presumably legitimate) application listening on that port remains unaware of this TCP session. If not, the Snake kernel module allows the packet—and the rest of the TCP session as it occurs—to reach the legitimate listening application, for example web server software. See the following for an illustration. 

Snake Network Session Distinction

All of the ustart versions perform authentication by sending a random nonce along with data that comprises a mathematical operation on the combination of the nonce and the ustart value itself. The receiving machine then extracts the nonce and performs the same computations to authenticate the sending machine. The ustart2 and ustartl versions use the Fowler-Noll-Vo (FNV) hash algorithm to generate the overall authentication value from the nonce and the ustart. This mechanism is slightly different in the custom Snake HTTP protocol versus the custom Snake TCP protocol.

Using the ustart methodology, a node in the Snake P2P network can function as a server without opening any otherwise closed ports and without interfering in the compromised server’s legitimate functionality. Snake will only communicate over TCP ports on which another application is actively listening. This technique makes detecting Snake compromises through network traffic monitoring far more difficult. Inbound traffic to an unexpected TCP port can be detected or blocked using standard firewall or network intrusion detection functionality. Replacing a legitimate service application with a modified executable can lead to detection at either the host or network level. Snake’s technique bypasses both of these mitigations. When combined with the fact that Snake traffic looks similar to expected traffic, especially in the case of Snake’s HTTP based protocols, this renders detecting Snake communications difficult absent detailed knowledge of Snake’s custom protocols.

Snake UDP

Outbound Communications via DNS Query

Snake uses a specialized communications protocol to encode information in seemingly standard DNS queries run via the Windows or POSIX API function gethostbyname, depending on the version. 
Snake outbound DNS requests consist of character strings that are constructed to resemble standard domain names. The actual information being transmitted from the implant is contained in the part of the character string prior to the first ‘.’ character. For illustration purposes, this subsection will outline how an arbitrary string of bytes is manipulated and then encoded to form an outbound Snake DNS request carrying data provided by the implant.

Snake outbound DNS requests originally take the form of byte arrays stored on the stack as the implant progresses through the communications function. The byte array has the following structure.

DNS Byte Array

Only the low-order seven bits of the flags byte are used, and they have the following significance.

Flags Byte

After calculating and obfuscating the byte array values shown above, Snake encodes these byte values as de-facto base32 text, using the ten digits 0-9 and the 26 lowercase ASCII letters a-z, with v, w, x, y, and z all corresponding to the same value, as only 32 distinct characters are needed. Snake then inserts ‘-‘ characters at specified locations and sends the DNS request using the gethostbyname function. The resulting encoded string mimics a legitimate DNS request; because characters after the first ‘.’ are not part of the implant’s communications, any arbitrary suffix (e.g., “.com”) can be used. 

Inbound Communications via DNS Query Response

After sending the encoded DNS request, Snake parses the returned information. In a normal DNS request, the returned hostent structure contains a list of IPv4 addresses as 32-bit unsigned integers if the domain resolves to one or more IPv4 addresses. In the Snake DNS protocol, these 32-bit integers represent the covert channel data. The Snake implant sorts the 32-bit integers by the highest order nibble and then interprets the remaining 28 bits of each integer as the actual encoded data. The Snake DNS protocol thus provides a well-concealed, low-bandwidth communications channel.  For larger bandwidth communications, Snake uses its custom HTTP and TCP protocols.

Snake HTTP

The most common custom protocol that Snake uses is its “http” protocol, which rides on top of standard HTTP. It generally looks like normal HTTP communications, including a lot of base64-looking strings, thus blending well with normal network traffic. There have been multiple iterations of Snake’s http protocol, though the differences are only in the encoding; once that is peeled away, the underlying Snake http protocol is the same. For the purposes of this document, Snake’s former version of HTTP will be referred to as “http” and its more recent version as “http2”. 

Snake communications using http2 are contained within seemingly legitimate Application Layer HTTP communications. In the client-to-server direction, the implant data is contained within an HTTP header field of a GET request, unless the data is over a certain size (usually 256 bytes, but configurable). Observed field keys have included: Auth-Data, Cache-Auth, Cookie, and Cockie (note misspelling). This list is not exhaustive; any standard HTTP header field can be used. The communication itself is contained in the legitimate HTTP header field’s value, meaning the content following the ‘:’ character and any whitespace immediately thereafter. In HTTP GET requests, the implant generally uses the default path ‘/’, but this is not required and is configurable. Larger client-to-server Snake http2 requests are contained in the body of an HTTP POST request, and server-to-client communications are contained in the body of the HTTP response.

All client-to-server Snake http and http2 requests begin with the ustart authentication. The specifics vary with each ustart version, but in each case the random nonce and the computed function of the nonce and ustart value are encoded in a manner which closely resembles the rest of the Snake communication. Since Snake http and http2 implant sessions can span multiple TCP sessions, the ustart authentication mechanism is included in every client-to-server communication.

Base62 Encoding

Snake’s http2 protocol uses a custom base62 encoding scheme that has the following differences from base64. Base62 uses 62 semantically significant characters instead of 64. The ratio of encoded-to-decoded characters in base62 is less dense (11:8) than the ratio base64 can achieve (12:9). Also, base62 uses extraneous characters in certain instances that have no semantic significance. 

The base62 characters of semantic significance are the 62 strict alphanumeric characters: [0-9A-Za-z]. The extraneous characters that can be present in a base62 string—but which have no semantic significance—are: ‘/’, ‘;’, ‘=’, and ‘_‘ (underscore). When present, these characters are removed prior to performing the decoding process. A valid base62 string can have up to 11 of these extraneous characters. A regular expression for base62 is included in the Mitigations section of this CSA.

http and http2 Metadata Structure

After the base62 decoding is completed, if necessary, the remaining data begins with an 8-byte metadata structure that provides rudimentary sessionization on top of the stateless HTTP. Snake’s http and http2 client-to-server communications have three de-facto parts, which are concatenated into a single HTTP header value. These parts are: 1) an announce or authentication string, 2) a custom metadata structure, and 3) payload data. The metadata structure consists of the following:

struct http_meta {
        uint32_t session_number;
        uint16_t communication_number;
uint8_t flags;
uint8_t checksum;
};

Snake uses the session_number and communication_number fields to provide its own custom sessionization on top of the stateless Application Layer HTTP protocol. The checksum byte serves to validate the integrity of the structure and must equal the sum of the first seven bytes modulo 256.

Snake TCP

Snake has the ability to communicate through POSIX-style TCP sockets. The implant’s custom TCP protocol, which herein will be called “tcp”, uses the reliability features of the underlying TCP protocol.  Thus, in the implant’s custom tcp protocol, the concept of a TCP session and an implant “session” are the same, whereas in the implant’s custom http protocols, one implant session could span multiple Transport Layer TCP sessions. Since the implant’s overall communications protocol is based on the idea of commands and responses, Snake depends on being able to specify the length of any given command and response so the recipient Snake node knows when a particular communication ends. Snake achieves this in the custom tcp protocol by prefacing each communication with its length encoded as a 32-bit big-endian unsigned integer. 

Immediately following the TCP 3-way handshake, the implant completes the ustart authentication for this session. Since Snake tcp sessions are mapped one-to-one with an underlying protocol TCP session, the ustart authentication only occurs once per session, rather than with each client-to-server communication as in Snake http and http2. The Snake tcp ustart mechanism is similar to the Snake http and http2 mechanisms, except that for certain ustart versions, Snake tcp uses a raw binary ustart which is not encoded in printable characters.

After the ustart authentication, the implant will begin sending length-data pairs. These pairs can be sent in the same packet or in two (or theoretically more) separate packets, but the pattern of length-data pairs will be present in each half of the stream (i.e., each direction) for the entirety of the implant communications for the remainder of the TCP session. Specifically, a length-data pair will consist of the length encoded as a big-endian 32-bit unsigned integer followed by data of exactly that length. For example, consider the instance where the implant is sending the following 4 arbitrary bytes: 

89 ab cd ef

The on-wire communication from the implant would send the integer value 4 encoded as a big-endian 32-bit integer, followed by the actual 4 bytes themselves, as shown below. This could be split across two (or theoretically more) packets.

00 00 00 04 89 ab cd ef

The custom tcp protocol (as well as all custom http protocols) have been used in conjunction with the Snake enc protocol. Details of the Snake enc protocol are provided in the following subsection. Due to the manner in which the Snake enc and Snake tcp protocols interact, the first six length-data pairs of each TCP half-stream (following the single client-to-server announce or authentication packet described above) will have known lengths. Specifically, each half-stream will begin with length-data pairs of the following lengths: 0x8, 0x4, 0x10, 0x1, 0x10, 0x10. Note that these are the lengths of the raw data, so each communication will be preceded by a 4-byte big-endian integer specifying the corresponding length. Thus, one of the half-streams could have the following TCP content:

00 00 00 08 12 34 56 78 9a bc de f0
00 00 00 04 89 ab cd ef
00 00 00 10 12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0
00 00 00 01 12
00 00 00 10 12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0
00 00 00 10 12 34 56 78 9a bc de f0 12 34 56 78 9a bc de f0

Snake “enc” Layer

As described above, Snake communications are all comprised of “Snake sessions”, irrespective of whichever legitimate protocol Snake is operating on top of. Snake’s top layer of encryption, called the enc layer, utilizes a multi-step process to establish a unique session key. The session key is formed through the combination of a Diffie-Hellman key exchange mixed with a pre-shared key (PSK) known to both parties. This PSK is stored in one of the communication channels, stored within the Queue. 

The overall establishment of the session key requires 12 communication steps, six in each direction, which involve sharing the pseudo-random values used in the Diffie-Hellman exchange process as well as custom aspects of the Snake session key derivation method. The session key is used to encrypt the command headers and (inner) encrypted payloads.

This is the layer in which the critical error of providing a value of 128 bits instead of 128 bytes for the call to DH_generate_parameters within the OpenSSL library occurred. Due to this insufficient key length, breaking the Diffie-Hellman portion of the exchange is possible. Note that in the following figure, the variables ‘p’, ‘g’, ‘a’, and ‘b’ are used in standard descriptions of Diffie-Hellman.

Snake Session Key Establishment

SNAKE APPLICATION LAYER

Snake’s Application Layer is used to process Snake commands. The payload data for a Snake session can contain one or more command exchanges, which include both the incoming data sent to the implant as well as the response returned to the server. Each command is associated with a specific ordinal, and due to Snake’s modular design, operators are able to add new commands to extend Snake’s capabilities by remotely loading a new module.

The Snake implant differentiates between High and Low commands and handles them differently, based on the ordinal number range. The majority of Snake commands are High commands that have an ordinal of 0x64 (100 decimal) or higher. There are far fewer Low commands, and these include the Forwarding command (with ordinal 0x1), and the four Queue commands (with ordinals 0xa, 0xb, 0xc, and 0xd). While Low commands are mostly used for moving data across the network, the High commands give the operator many options for interacting with an infected system. 

Command 0x15-byte Header

All commands begin with a 0x15-byte header, followed by optional command parameter data; only some commands require parameters for successful execution. For example, the command Get, which exfiltrates a file, requires the name of the file to exfiltrate, whereas the command Process List, which returns a process listing, does not require any parameters. 

The most important Command Header field contains the integer ordinal of the command being sent. The Item UID field represents a unique identifier for each individual command instance, and these values increase sequentially. The header has two fields used when a command is set to run at a specified date and time; these commands will be written to the 0x6 Container.

Some Low commands have another header before the payload data, which will be detailed below. All other commands have only the Command Header followed by the encrypted parameter data.

0x15 Command Header

Command Encryption

Underneath Snake http2 or tcp encryption at the session layer, each command exchange is further encrypted. In older versions of Snake, the exchanges were CAST-128 encrypted using a different key for incoming and outgoing data. These keys were saved in the 0x2 Container in the 0x227 and 0x228 Items. The incoming payload data, if parameter data was present, could be decrypted with the 0x227 CAST key. Any response data was encrypted with the 0x228 CAST key. 

In recent versions, the 0x227 and 0x228 Items hold two RSA-4096 public keys. For each side of an exchange, a new 16-byte CAST key is created with Microsoft’s CryptoAPI CryptGenRandom function to obtain 16 random bytes. This key is used to CAST-128 encrypt the parameter or response data.

For an incoming command, the CAST key is signed (not encrypted) by the private key corresponding to the public key on the node to create a 512-byte RSA data blob. The incoming payload has the RSA blob, followed by the optional parameter data, which is CAST-128 encrypted. Snake uses the 0x227 RSA public key to decrypt the RSA blob, recover the CAST key, then decrypt the parameter data.

For an outgoing command, a new CAST key is obtained from CryptGenRandom, and any response data is CAST-128 encrypted. The key is then encrypted using the 0x228 public key to create a 512-byte data blob. The response payload data contains the 512-byte RSA blob, followed by the encrypted response data, when present.

Command Decoding

The implant will expect data in a specific format for each command ordinal. Parameter and response data contain several possible underlying data types, including wide-character plaintext strings, numeric values, data tables, files, or a combination of multiple types. 

The parameter data buffer itself will be formatted in a specific way, depending on the command ordinal. Some commands have required parameters, as well as optional parameters. Commands with optional parameters will include a metadata header with the data length and data type (e.g., bool, integer, text, or data buffer) before the optional parameter’s data. Other commands will expect the parameters to be formatted with length-data pairs, consisting of the parameter data length encoded as a four-byte big-endian integer followed by data of exactly that length. Still other commands have a custom header or will expect no length or metadata and will simply send the parameter data alone.

The response data will similarly be formatted by the implant in a specific way according to the command ordinal. The response data typically does not have a length or metadata preceding it, with the exception of the data tables. Examples of commands that return a table are the Process List command and the List Dir command.

Response data that includes a table will start with a table description header that indicates the number of columns and rows in the table. In addition, the header will include a Column Descriptor structure to indicate the type of data that column will contain, for example a string, uint32 or uint64, timestamp in epoch format, or the contents of a whole file (included as a table entry).

After the table description header, each field is added to the data payload buffer one at a time in a length-data pair. The fields across the first row are added in order, then the fields across the second row are added immediately after the first row with no metadata or separation, and so on. To parse this table, the server will account for the number of columns to determine where the next row starts.

High Commands

High commands are those with an ordinal of 0x64 (decimal 100) or higher. High commands give the operator many options for interacting with an infected system, as well as implant components. This subsection will describe some examples of the many High commands that can exist in the implant.

Some of the most basic High commands will gather information about the machine and return the results. For example, the FSB operators can use the PS command (0x65) to return a list of running processes, the List Dir command (0x840) to list the contents of a directory, or the Syst command (0x6b) to gather basic system information.

There are several commands that interact with the infected machine using standard built-in OS tools. The operator can use the Kill command (0x67) to kill a process, the Get command (0x68) to exfiltrate a file, the Put command (0x69) to write a file, the Del command (0x6a) to delete a file, or the Run command (0x66) to execute a command in a terminal shell and receive the results. For example, operators have used the Run command to run PowerShell commands, ping other hosts, use the Windows “net use” command to map network drives, and to run executable files that had been previously written to the node using the Put command.

Table 7

In addition to commands that use the built-in OS functionality, there are several High commands that interact with Snake components. An operator can use the Read Config command (0x70) to read the 0x2 Container, which contains configuration data, or the Set Config Item command (0x71) to set a specific Queue Item within the 0x2 Container. For example, operators have used the Set Config Item command to add or update the IP addresses or domains and option parameters used to communicate with other Snake nodes. The Read Agents Track and Clear Agents Track commands (0x79 and 0x7a) interact with the 0x7 Container to read or delete logs which track which other Snake nodes have connected to this node. Note that the 0x7a command has been deprecated in some versions of Snake and returns the error “function unsupported” if called.

Snake has the ability to add additional commands by loading new modules. New modules can be loaded using the Load Modules command (0x72) or directly into memory using the Load Modules Mem command (0x7f). When compiling a module, the developer will assign an ordinal to each constituent command, which will then be used by the operator to call the newly added commands. These loaded modules can be removed using the Module Unload command (0x73).

Queue Commands

Queue Command Header

The four Queue commands contain a 0x3d-byte Queue Header following the Command Header. In more recent versions of Snake, this header is encrypted using the same CAST key used to encrypt the payload data. In this case, the Command Header is followed by the 512-byte RSA encrypted CAST key blob, the encrypted Queue Header, and finally the encrypted payload data.

Figure 9

Even though each of the four Queue commands only use a subset of the fields of the Queue Header (in different ways), the full header must be present for the command to be considered valid by the implant. Two fields in the header that all four Queue commands use are the Container Instance and Container Type fields, which indicate the specific Container on a node the Queue command intends to interact with. In the Queue Read and Write commands, the Item Type field is used to track the specific commands and their responses in the Containers.

Queue Enumerate Command

The Queue Enumerate command, with ordinal 0xa, is used to enumerate the contents of the 0x0 or 0x1 Containers to list all incoming or outgoing commands, respectively. The enumeration returns the 0x40-byte structure described above for each Queue Item, concatenated into a single return buffer.

Queue Read Command

The Queue Read command, with ordinal 0xb, is used to read an Item from the specified 0x0 or 0x1 Container. Several relevant fields in the Queue Header determine how the data is sent and stored. For example, the header determines whether the data should be sent immediately back to the server or stored for later transport. The header indicates if the implant should send the Queue Item’s header (i.e., the same 0x40-byte metadata structure returned by the 0xa command), the Item’s data, or both. The header also indicates whether the Queue Item should be deleted after being read and can also indicate that Queue Items with a lower Item Type should be deleted. This allows FSB operators to clear out all command Items previous to the one being read.

Queue Write Command

The Queue Write command, with ordinal 0xc, is used to write a Queue Item to the specified 0x0 or 0x1 Container. The Queue Header will indicate if a new Queue Item will be created, or an existing Queue Item will be modified.

If a Queue Item is set to be modified, an Item with the specified Item Type must exist in the specified Container. Several fields in the header must match specific attributes of the existing Queue Item. If these checks are met, the parameter data is written to the Queue Item. Fields in the Queue Header will indicate the length of data to be written, and the offset into the existing Queue Item where the write should begin.
If a Queue Item is set to be created, Snake will delete existing Queue Items of the specified Item Type in the Container of interest, then create a new Item of the specified Item Type and write the parameter data to the Queue Item. A field in the Queue Header will indicate the length of data to be written.

Queue Delete Command

The Queue Delete command, with ordinal 0xd, is used to delete a Queue Item from the specified 0x0 or 0x1 Container. The Flags field will determine if the single Queue Item should be deleted, or if all Queue Items with a lower Item Type should be deleted as well.

Forward Commands

Forward commands, with command ordinal 0x1, are used to tell an implant to forward a Snake command to a second target node, where the command will be executed. The target node sends the response data back to the first implant, which will then package that response data as its own response back to the caller.

The command is designed to tell an implant to forward one command to another implant, but in practice, Forward commands are often built on top of each other to create a chain of hop points that will continue to forward a command to an end point, where it will be executed. The response data is then sent back through the same chain of hop points until it reaches the operator.

The Forward command has a 0x199-byte Forward Header, followed by the encrypted command parameter data that will be sent to the target node of the Forward command. The Forward Header contains the information the implant will need to connect to the target node, including the ordinal of the Snake command that is being forwarded to the target node for execution.

The implant that receives the Forward command will construct a new Snake command of the ordinal indicated in the Forward Header. It will connect to the target node in a new session, construct the Command Header, and send the encrypted command parameter data on to the target node. The parameter data already will have been encrypted using the key associated with the target node, so that the target implant will be able to decrypt the parameter data and execute the command. 

When the Forward command is constructed, the CAST key used to CAST-128 encrypt the payload data—to include the 0x199-byte header and the parameter data to be forwarded—is encrypted with the RSA key pair used by the first implant. The parameter data that contains the parameters for the command to be forwarded is also CAST-128 encrypted, but the key used to encrypt the parameter data is encrypted with the RSA key pair used by the target node. The first implant knows through the header what command ordinal it is forwarding, but it is unable to decrypt the parameter data.

If the Forward Header sent to the first implant indicates that the command to be forwarded was another Forward command, the first target node will decrypt the parameter data and find another Forward Header. This first target node implant will then go through the same process to connect to the next target node, constructing the new command with the ordinal indicated in the second Forward Header to send the remaining encrypted parameter data to the next target node. This will repeat until the command to be forwarded is something other than another Forward command.

The Command Header and pertinent parameters for each target node are encrypted specifically for that node by the operator before the Forward command is sent into the Snake P2P network. To illustrate, the diagram below shows how the buffer might look when several Forward commands are chained together to include two hop points and an end point. The first hop point (HP1) will recover the first CAST key and CAST-128 decrypt the rest of the buffer, which will uncover the first Forward Header. HP1 will then forward the remainder of the decrypted buffer to the next hop point (HP2), starting with the second CAST key blob. HP2 will recover the second CAST key and CAST-128 decrypt the rest of the buffer, which will uncover the second Forward Header. HP2 will then forward the remainder of the decrypted buffer to the end point, starting with the third CAST key blob. The end point will recover the CAST key, decrypt the command parameter data, and execute the command. 

When a target machine has executed a forwarded command, the return data is encrypted with that implant’s RSA keys and returned directly to the previous hop point. As the data is returned up the chain in the Snake P2P network, the intermediate hop points do not manipulate the encrypted data, as they do not have the RSA private key necessary to do so. In this manner, the return data is de-facto end-to-end encrypted throughout the P2P network until it arrives back at the FSB operator.

Figure 10

SNAKE IMPLANT OPERATION

Snake uses two main methods for communication and command execution, namely Passive and Active. In general, Snake operators will employ Active operations to communicate with hop points within Snake’s infrastructure; however, hop points can and do sometimes operate using Snake’s Passive method. Snake’s end points tend to solely operate using the Passive method.

Active Operations

During Active operations, Snake commands are issued by an FSB operator or a script to a target machine, generally through Forward commands (described in the previous section). The response to the command is immediately returned to the point of origin following the same path that the command took to reach its end target, as shown in the previous figure on Forward command structure.

Passive Operations

During Passive operations, Snake implants operate on their own, without the synchronous interaction of FSB operators. The nodes with which an implant communicates during Passive operations are stored within its 0x2 Container(s) as communication channels. Up to ten communication channels can be present at any time; an operator can change these channels via the Set Config Item command.

Passive Intake

During Passive operations, the implant will beacon by sending a Queue Read (0xb) command to one of its stored communication channels that it has chosen at random. These Queue Read commands look for a Queue Item within a Container with an Instance Number equal to the implant’s UID. The matching UID indicates the Queue Items in this Container are intended for the beaconing implant.

If such a Queue Item is found, the beaconing implant will read in the Queue Item and delete it off of the host from which it was read. There can be multiple Queue Items found within the specified Queue Container that was beaconed to; each Queue Read command will read one of these items. This process is repeated until all items within the Container are read, which the infrastructure node will indicate by sending a specific error in response to the Queue Read. This beaconing will continue to randomly select hosts at nondeterministic time intervals for as long as the implant is set to perform Passive operations.

Passive Data Exfiltration

Similar to how Snake intakes commands passively, it can also exfiltrate the resulting data passively. This is done using Queue Write (0xc) commands to write to one of the stored communication channels chosen at random. Once the data is off the end point node, operators generally retrieve it manually or using a script. The Item Type field, which is unique per executed Snake command, is needed to associate the exfiltrated data with the target node on which the command was run.

In the context of Passive Snake communications, the term Item Type is defined as a UID for a given Snake command and its resulting data. The Item Type serves as a unique identifier to associate the results of command execution with the original command written by the operator. When the FSB collects the data, Snake knows exactly what infection the data came from, and therefore it can determine what key to use to successfully decrypt the data.

Figure 11

To illustrate how Passive operations are conducted between the end points, the operator, and the hop points in between, see the diagram above, which is explained further by the following steps:

  • (1), (2): During Passive operations, the Node randomly chooses a host from amongst its stored communication channels and will beacon out to it with a Queue Read command (Hop Point 1 in this case). The Item Type for these beacons will be one greater than the Item Type of the last command received by the Node, indicating in this example that a command of Item Type 0x08 was the last command that was read in by the Node during Passive operations. This Node will continue to beacon with Item Type 0x09 until it receives a command, via Passive operations, with an Item Type of 0x09 or greater. The lines are dotted for (1) and (2) as this activity will be repeated at random intervals until a successful Queue Read occurs.
  • (3), (4): In these steps, the operator uses a Queue Write command to write a command to Hop Point that is ultimately intended for the Node. The Item Type of the command being written to Hop Point 1 is assigned 0x20 (for this example). Note that the path of this command, its execution, and its results making it back to the operator can be tracked via the red text.
  • (5), (6): The Node continues to beacon out looking for commands to read in (5). The return (6) is successful, and the command written by the operator to Hop Point 1 (3) is read in by the Node, then deleted from Hop Point 1.
  • (7), (8): The Node attempts another Queue Read to Hop Point 1, however now the Item Type is set to 0x21, one greater than the command that was just read in by the Node at (5) and (6). This returns an error as Hop Point 1 has nothing else for the Node to read in, indicating to the Node that everything at Hop Point 1 was read.
  • (9), (10): At this point, the Node has executed the command it read in at (5) and (6) and is attempting to send back the results. The Node randomly selects another host from its stored communication channels, Hop Point 2 in this case, and sends out a 0xb command to make sure that the Item Type 0x20, the Item Type of the command it executed, does not already exist within the Queue of Hop Point 2. If it receives an error, there is no Item with Item Type 0x20 on Hop Point 2, and the Node can proceed to send the command results.
  • (11), (12): Here the data from the executed command is written to Hop Point 2 with Item Type 0x20 into its 0x1 Container with a 0xc command, the Item Type the command was initially given at creation (3).
  • (13), (14): The Node continues its normal beaconing routine again as seen in (1) and (2), searching for Item Type 0x21, one greater than the Item Type of the most recently executed command. As in (1) and (2), the lines here are dotted to denote that this process will repeat until there was a successful beacon as in (5) and (6).
  • (15-22): These steps show how the operator retrieves the resulting data that was written to Hop Point 2. The Queue Enumerate command (15) lists the contents of Hop Point 2’s 0x1 Container, showing the data written by the Node (11). This data is identifiable by its Item Type, namely 0x20. The Queue Read command (17) reads in the Item that was found in Hop Point 2’s Container. The Queue Read command that follows (19) is asking if there is any data left. In this case, the entirety of the data was read with the first Queue Read (17, 18). Therefore, the error returned from second Queue Read command (20) lets the operator know all of the data from Item Type 0x20 was read and there is nothing further. A Queue Delete command (21) follows and is sent to delete the item with Item Type 0x20 from Hop Point 2.
  • The subsequent Queue Read, Queue Read, and Queue Delete commands (17-21) are denoted with dashed lines to indicate that this sequence of commands is repeated for all items returned from the Queue Enumerate command (15).

MITIGATIONS

A number of complementary detection techniques effectively identify some of the more recent variants of Snake. However, as described above, Snake is purpose-built to avoid large-scale detection. Below is a discussion of the advantages and disadvantages of various detection methodologies available for Snake.

Note that some of the techniques identified in this section can affect the availability or stability of a system. Defenders should follow organizational policies and incident response best practices to minimize the risk to operations while hunting for Snake.

Network-Based Detection

Network Intrusion Detection Systems (NIDS) can feasibly identify some of the more recent variants of Snake and its custom network protocols as detailed above.

Advantages: High-confidence, large-scale (network-wide) detection of custom Snake communication protocols.

Disadvantages: Low visibility of Snake implant operations and encrypted data in transit. There is some potential for false positives in the Snake http, http2, and tcp signatures. Snake operators can easily change network-based signatures.

Snake http

Snake client-to-server http and http2 traffic is contained within an arbitrary HTTP header field. The header field value for http begins with 10 pure alphanumeric characters, followed by base64 encoding of 8 bytes, which yields exactly 11 valid base64 characters plus one base64 padding character.

      ^[0-9A-Za-z]{10}[0-9A-Za-z/+]{11}=

The following two Suricata rules will detect the traffic described:

alert http any any -> any any (msg: "http rule (Cookie)";
    pcre:"/[0-9A-Za-z]{10}[0-9A-Za-z/+]{11}=/C";
    flow: established, to_server;
    sid: 7; rev: 1;)
alert http any any -> any any (msg: "http rule (Other Header)";
    pcre:"/[0-9A-Za-z]{10}[0-9A-Za-z/+]{11}=/H";
    flow: established, to_server;
    sid: 8; rev: 1;)
Snake http2

The header field value for http2 begins with 22 pure alphanumeric characters (base62 with non-extraneous characters), followed by the base62 encoding of at least 8 bytes, which must comprise at least 11 base62 characters with the four extraneous characters allowed. The actual requirement is stricter than this expression, since the total number of non-extraneous characters alone must equal or exceed 11; however, it is not possible to encode that aspect into a regular language.

      ^[0-9A-Za-z]{22}[0-9A-Za-z/;_=]{11}

The following two Suricata rules will detect the traffic described:

alert http any any -> any any (msg: "http2 rule (Cookie)";
    pcre:"/[0-9A-Za-z]{22}[0-9A-Za-z/_=;]{11}/C";
    flow: established, to_server;
    sid: 9; rev: 1;)
alert http any any -> any any (msg: "http2 rule (Other Header)";
    pcre:"/[0-9A-Za-z]{22}[0-9A-Za-z/_=;]{11}/H";
    flow: established, to_server;
    sid: 10; rev: 1;)
Snake tcp

The client-to-server communication for tcp must begin with the ustart, which is not captured in this signature set. Immediately following the ustart, the next client-to-server communication must be the big-endian 32-bit unsigned integer 8 followed by any 8 bytes of data. The next communication must also be client-to-server, and it must comprise the big-endian 32-bit unsigned integer 4 followed by any 4 bytes of data. The next two communications must be server-to-client, comprising the integer 8 followed by 8 bytes of data and the integer 4 followed by 4 bytes of data.

The following six Suricata rules will, in conjunction, detect traffic of the form described:

alert tcp any any -> any any (msg: "tcp rule";
    content: "|00 00 00 08|"; startswith; dsize: 12;
    flow: established, to_server; flowbits: set, a8; flowbits: noalert;
    sid: 1; rev: 1;)
alert tcp any any -> any any (msg: "tcp rule";
    content: "|00 00 00 04|"; startswith; dsize:8;
    flow: established, to_server; flowbits: isset, a8; flowbits: unset, a8;
    flowbits: set, a4; flowbits: noalert;
    sid: 2; rev: 1;)
alert tcp any any -> any any (msg: "tcp rule";
    content: "|00 00 00 08|"; startswith; dsize: 4;
    flow: established, to_client; flowbits: isset, a4; flowbits: unset, a4;
    flowbits: set, b81; flowbits: noalert;
    sid: 3; rev: 1;)
alert tcp any any -> any any (msg: "tcp rule";
    dsize: 8; flow: established, to_client; flowbits: isset, b81;
    flowbits: unset, b81; flowbits: set, b8; flowbits: noalert;
    sid: 4; rev: 1;)
alert tcp any any -> any any (msg: "tcp rule";
    content: "|00 00 00 04|"; startswith; dsize: 4;
    flow: established, to_client; flowbits: isset, b8; flowbits: unset, b8;
    flowbits: set, b41; flowbits: noalert;
    sid: 5; rev: 1;)
alert tcp any any -> any any (msg: "tcp rule";
    dsize: 4; flow: established, to_client; flowbits: isset, b41;
    flowbits: unset, b41;
    sid: 6; rev: 1;)

Host-Based Detection

Advantages: High confidence based on totality of positive hits for host-based artifacts.

Disadvantages: Many of the artifacts on the host are easily shifted to exist in a different location or with a different name. As the files are fully encrypted, accurately identifying these files is difficult.

Covert Store Detection

The Snake covert store comprises a file-backed NTFS (usually) or FAT-16 (rarely) filesystem. The filesystem is encrypted with CAST-128 in CBC mode. The encryption key can be either statically hardcoded or dynamically stored in a specified Windows registry location. The IV is 8 bytes, since CAST-128 has an 8-byte block length. The first byte of the IV for any 512-byte block of the covert store is the 0-indexed block number. The remaining bytes of the IV are the corresponding bytes of the key, meaning that bytes at 0-indexed indices 1 through 7 of the IV are the bytes at 0-indexed indices 1 through 7 of the key.

When statically hardcoded, the encryption key has the following constant value:
​​​​​​
     A1 D2 10 B7 60 5E DA 0F A1 65 AF EF 79 C3 66 FA

When stored in the Windows registry, the encryption key is the classname associated with the following key:

      SECURITYPolicySecretsn

The following initial 8-byte sequences are known to be used by NTFS or FAT-16 filesystems as observed:

      EB 52 90 4E 54 46 53 20
      EB 5B 90 4E 54 46 53 20
      EB 3C 90 4D 53 44 4F 53
      EB 00 00 00 00 00 00 00

For tool development, the following test vector illustrates the encryption of the first given header above (EB 52 90 …) using CAST-128 with the default key shown above and the IV constructed as described, given this header occurs at the beginning of the first 512-byte block of the covert store.

      Plaintext:      EB 52 90 4E 54 46 53 20
      Key:              A1 D2 10 B7 60 5E DA 0F A1 65 AF EF 79 C3 66 FA
      IV:                 00 D2 10 B7 60 5E DA 0F
      Ciphertext:   C2 C7 F4 CA F7 DA 3A C8

By encrypting each possible initial filesystem byte sequence with CAST-128 using the key obtained from the registry—or the default encryption key if the registry entry does not exist—and searching for any file with a size that is an even multiple of 220, it is possible to efficiently detect Snake covert stores. Validation can be performed by decrypting the entire file using the outlined methodology and then verifying that it comprises an NTFS or FAT-16 filesystem.

Other On-Disk Artifact Detection

Registry Blob

The registry blob is generally found at the location listed below. In case it is not present at its typical location, the registry blob can be found by searching the full registry for a value of at least 0x1000 bytes in size and entropy of at least 7.9.

      Typical Name: Unknown (RegBlob)
      Typical Path: HKLMSOFTWAREClasses.wavOpenWithProgIds
      Characteristics: High Entropy

Queue File

      Typical Name: < RANDOM_GUID >..crmlog
      Typical Path: %windowsregistration
      Unique Characteristics: High Entropy, file attributes of hidden, system, and archive
      Role: Snake Queue File

The Snake Queue File generally has a predictable path and filename structure, in addition to being high entropy. The Snake Queue File can be located by scanning all files in the typical queue path with filenames matching a regular expression that captures the typical naming convention. Files meeting these criteria should be scanned for high entropy, which is performed by the Yara rule below:

rule HighEntropy
{
    meta:
        description = "entropy rule"

    condition:
        math.entropy(0, filesize) >= 7.0
}

The following UNIX find command will scan files with names matching the GUID-based convention (note that the HighEntropy yara rule is assumed to be contained in a file named “1.yar”):

find /PATH/TO/WINDOWS_DIR -type f -regextype posix-egrep -iregex 
    '.*/registration/({[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}}.){2}crmlog' 
     -exec yara 1.yar {} ;

The following PowerShell command does the same:

Get-ChildItem -Recurse -File -Path %WINDOWS% | Where-Object {
  $_.FullName -match
  '(?i)/registration/({[0-9A-F]{8}-([0-9A-F]{4}-){3}[0-9A-F]{12}}.){2}crmlog$'
} | ForEach-Object {
  yara 1.yar $_.FullName
}

Comadmin

      Typical Name: comadmin.dat
      Typical Path: %windows%system32Com
      Unique Characteristics: High Entropy
      Role: Houses Snake’s kernel driver and the driver’s loader

The Snake Comadmin file can be found using analogous techniques to that presented above for locating the Snake Queue File. The following UNIX find command will do so:

find /PATH/TO/WINDOWS -type f -regextype posix-egrep -iregex 
    '.*/system32/Com/comadmin.dat' 
     -exec yara 1.yar {} ;

The following PowerShell command does the same:

Get-ChildItem -Recurse -File -Path %WINDOWS% | Where-Object {
    $_.FullName -match '(?i)/system32/Com/comadmin.dat$'
} | ForEach-Object {
    yara 1.yar $_.FullName
}

Werfault

Typical Name: Werfault.exe
Typical Path: %windows%WinSxSx86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_4.0.9600.16384_none_a13f7e283339a0502
Unique Characteristics: Icon is different than that of a valid Windows Werfault.exe file
Role: Persistence mechanism

The Snake Werfault.exe file has non-standard icon sizes, which form the basis of the Yara rule below. This rule should be run on all files in the typical path, specifically the %Windows%WinSxS directory.

rule PeIconSizes
{
    meta:
        description = "werfault rule"

    condition:
        pe.is_pe 
        and 
        for any rsrc in pe.resources:
            (rsrc.type == pe.RESOURCE_TYPE_ICON and rsrc.length == 3240)
        and
        for any rsrc in pe.resources:
            (rsrc.type == pe.RESOURCE_TYPE_ICON and rsrc.length == 1384)
        and
        for any rsrc in pe.resources:
            (rsrc.type == pe.RESOURCE_TYPE_ICON and rsrc.length == 7336)
}

Memory Analysis

Advantages: High confidence as memory provides the greatest level of visibility into Snake’s behaviors and artifacts.

Disadvantages: Potential impact on system stability, difficult scalability.

Capturing and analyzing the memory of a system will be the most effective approach in detecting Snake because it bypasses many of the behaviors that Snake employs to hide itself. With a memory analysis tool, such as Volatility, detection of a Snake compromise may be possible.
Snake’s principal user mode component is injected into a chosen process via a single allocation of PAGE_EXECUTE_READWRITE memory. The starting offset is generally 0x20000000, however the module does allow for relocation if needed. Additionally, since the user mode component is not obfuscated in any way, a valid PE header can be located at the beginning of the allocated memory region. Further validation can be performed by confirming the presence of strings known to exist in the user mode component also within the memory region. A plugin compatible with Volatility3 which can scan all processes on a system using this method is provided in the Appendix. A screenshot showing the results of the plugin successfully detecting Snake is displayed below.

Plugin Screenshot

PREVENTION

Note that the mitigations that follow are not meant to protect against the initial access vector and are only designed to prevent Snake’s persistence and hiding techniques.

Change Credentials and Apply Updates

System owners who are believed to be compromised by Snake are advised to change their credentials immediately (from a non-compromised system) and to not use any type of passwords similar to those used before. Snake employs a keylogger functionality that routinely returns logs back to FSB operators. Changing passwords and usernames to values which cannot be brute forced or guessed based on old passwords is recommended.

System owners are advised to apply updates to their Operating Systems. Modern versions of Windows, Linux, and MacOS make it much harder for adversaries to operate in the kernel space. This will make it much harder for FSB actors to load Snake’s kernel driver on the target system.

Execute Organizational Incident Response Plan

If system owners receive detection signatures of Snake implant activity or have other indicators of compromise that are associated with FSB actors using Snake, the impacted organization should immediately initiate their documented incident response plan.

We recommend implementing the following Cross-Sector Cybersecurity Performance Goals (CPGs) to help defend against FSB actors using Snake, or mitigate negative impacts post-compromise:

CPG 2.A: Changing Default Passwords will prevent FSB actors from compromising default credentials to gain initial access or move laterally within a network.

CPG 2.B: Requiring Minimum Password Strength across an organization will prevent FSB actors from being able to successfully conduct password spraying or cracking operations. 

CPG 2.C: Requiring Unique Credentials will prevent FSB actors from compromising valid accounts through password spraying or brute force. 

CPG 2.E Separating User and Privileged Accounts will make it harder for FSB actors to gain access to administrator credentials.

CPG 2.F. Network Segmentation to deny all connections by default unless explicitly required for specific system functionality, and ensure all incoming communication is going through a properly configured firewall.

CPG 2.H Implementing Phishing Resistant MFA adds an additional layer of security even when account credentials are compromised and can mitigate a variety of attacks towards valid accounts, to include brute forcing passwords and exploiting external remote services software.

CPG 4.C. Deploy Security.txt Files to ensure all public facing web domains have a security.txt file that conforms to the recommendations in RFC 9118.

APPENDIX

Partnership

This advisory was developed as a joint effort by an international partnership of multiple agencies in furtherance of the respective cybersecurity missions of each of the partner agencies, including our responsibilities to develop and issue cybersecurity specifications and mitigations. This partnership includes the following organizations:

Collectively, we use a variety of sources, methods, and partnerships to acquire information about foreign cyber threats. This advisory contains the information we have concluded can be publicly released, consistent with the protection of sources and methods and the public interest.

Disclaimer

The information in this report is being provided “as is” for informational purposes only. We do not endorse any commercial product or service, including any subjects of analysis. Any reference to specific commercial products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by co-authors. 

MITRE ATT&CK Techniques

This advisory uses the MITRE ATT&CK® for Enterprise framework, version 13. See MITRE ATT&CK for Enterprise for all referenced tactics and techniques. MITRE and ATT&CK are registered trademarks of The MITRE Corporation. This report references the following MITRE ATT&CK techniques.

Technique Title

ID

Use

Network Connection Enumeration

T0840

Adversaries may perform network connection enumeration to discover information about device communication patterns.

Data Obfuscation

T1001

Adversaries may obfuscate command and control traffic to make it more difficult to detect.

Protocol Impersonation

T1001.003

Adversaries may impersonate legitimate protocols or web service traffic to disguise command and control activity and thwart analysis efforts.

OS Credential Dumping

T1003

Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software.

Rootkit

T1014

Adversaries may use rootkits to hide the presence of programs, files, network connections, services, drivers, and other system components.

Obfuscated Files or Information

T1027

Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit.

Software Packing

T1027.002

Adversaries may perform software packing or virtual machine software protection to conceal their code.

Masquerading

T1036

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools.

Network Sniffing

T1040

Adversaries may sniff network traffic to capture information about an environment, including authentication material passed over the network.

Network Service Discovery

T1046

Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation.

Dynamic-link Library Injection

T1055.001

Adversaries may inject dynamic-link libraries (DLLs) into processes in order to evade process-based defenses as well as possibly elevate privileges.

Keylogging

T1056.001

Adversaries may log user keystrokes to intercept credentials as the user types them.

PowerShell

T1059.001

Adversaries may abuse PowerShell commands and scripts for execution.

Application Layer Protocol

T1071

Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic.

Web Protocols

T1071.001

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic.

Mail Protocols

T1071.003

Adversaries may communicate using application layer protocols associated with electronic mail delivery to avoid detection/network filtering by blending in with existing traffic.

DNS

T1071.004

Adversaries may communicate using the Domain Name System (DNS) application layer protocol to avoid detection/network filtering by blending in with existing traffic.

Data Staged

T1074

Adversaries may stage collected data in a central location or directory prior to Exfiltration.

Valid Accounts

T1078

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

File and Directory Discovery

T1083

Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.

Multi-hop Proxy

T1090.003

To disguise the source of malicious traffic, adversaries may chain together multiple proxies.

Non-Application Layer Protocol

T1095

Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network.

Multi-Stage Channels

T1104

Adversaries may create multiple stages for command and control that are employed under different conditions or for certain functions.

Native API

T1106

Adversaries may interact with the native OS application programming interface (API) to execute behaviors.

Modify Registry

T1112

Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.

Automated Collection

T1119

Once established within a system or network, an adversary may use automated techniques for collecting internal data.

Data Encoding

T1132

Adversaries may encode data to make the content of command and control traffic more difficult to detect.

Non-Standard Encoding

T1132.002

Adversaries may encode data with a non-standard data encoding system to make the content of command and control traffic more difficult to detect.

Network Share Discovery

T1135

Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement.

Deobfuscate/Decode Files or Information

T1140

Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis.

Exploit Public-Facing Application

T1190

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

Domain Trust Discovery

T1482

Adversaries may attempt to gather information on domain trust relationships that may be used to identify lateral movement opportunities in Windows multi-domain/forest environments.

Installer Packages

T1546.016

Adversaries may establish persistence and elevate privileges by using an installer to trigger the execution of malicious content.

Dynamic Linker Hijacking

T1547.006

Adversaries may execute their own malicious payloads by hijacking environment variables the dynamic linker uses to load shared libraries.

Inter-Process Communication

T1559

Adversaries may abuse inter-process communication (IPC) mechanisms for local code or command execution.

Archive Collected Data

T1560.003

An adversary may compress and/or encrypt data that is collected prior to exfiltration.

Hide Artifacts

T1564

Adversaries may attempt to hide artifacts associated with their behaviors to evade detection.

Service Execution

T1569.002

Adversaries may abuse the Windows service control manager to execute malicious commands or payloads.

Lateral Tool Transfer

T1570

Adversaries may transfer tools or other files between systems in a compromised environment.

Protocol Tunneling

T1572

Adversaries may tunnel network communications to and from a victim system within a separate protocol to avoid detection/network filtering and/or enable access to otherwise unreachable systems.

Encrypted Channel

T1573

Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol.

Symmetric Cryptography

T1573.001

Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol.

Asymmetric Cryptography

T1573.002

Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol.

DLL Side-Loading

T1574.002

Adversaries may execute their own malicious payloads by side-loading DLLs.

Compromise Infrastructure

T1584

Adversaries may compromise third-party infrastructure that can be used during targeting.

Malware

T1587.001

Adversaries may develop malware and malware components that can be used during targeting.

Obtain Capabilities

T1588

Adversaries may buy and/or steal capabilities that can be used during targeting.

Stage Capabilities

T1608

Adversaries may upload, install, or otherwise set up capabilities that can be used during targeting.

Deploy Container

T1610

Adversaries may deploy a container into an environment to facilitate execution or evade defenses.

Volatility Plugin

The following plugin for the Volatility memory analysis framework will scan all processes on the system until it finds the Snake user mode component injected into a process. If found, the plugin will list both the injected process and the virtual memory address at which the Snake user mode component is loaded.

# This plugin to identify the injected usermode component of Snake is based 
# on the malfind plugin released with Volatility3
#
# This file is Copyright 2019 Volatility Foundation and licensed under the 
# Volatility Software License 1.0
# which is available at https://www.volatilityfoundation.org/license/vsl-v1.0
import logging
from typing import Iterable, Tuple
from volatility3.framework import interfaces, symbols, exceptions, renderers
from volatility3.framework.configuration import requirements
from volatility3.framework.objects import utility
from volatility3.framework.renderers import format_hints
from volatility3.plugins.windows import pslist, vadinfo
vollog = logging.getLogger(__name__)
class snake(interfaces.plugins.PluginInterface):
    _required_framework_version = (2, 4, 0)
    
    @classmethod
    def get_requirements(cls):
        return [
            requirements.ModuleRequirement(name = 'kernel', 
            description = 'Windows kernel', 
            architectures = ["Intel32", "Intel64"]),
            requirements.VersionRequirement(name = 'pslist', 
            component = pslist.PsList, version = (2, 0, 0)),
            requirements.VersionRequirement(name = 'vadinfo', 
            component = vadinfo.VadInfo, version = (2, 0, 0))]

    @classmethod
    def list_injections(
            cls, context: interfaces.context.ContextInterface, 
            kernel_layer_name: str, symbol_table: str,
            proc: interfaces.objects.ObjectInterface) -> Iterable[
            Tuple[interfaces.objects.ObjectInterface, bytes]]:
        proc_id = "Unknown"
        try:
            proc_id = proc.UniqueProcessId
            proc_layer_name = proc.add_process_layer()
        except exceptions.InvalidAddressException as excp:
            vollog.debug("Process {}: invalid address {} in layer {}".
            format(proc_id, excp.invalid_address, excp.layer_name))
            return
        proc_layer = context.layers[proc_layer_name]
        for vad in proc.get_vad_root().traverse():
            protection_string = vad.get_protection(vadinfo.VadInfo.
            protect_values(context, kernel_layer_name, symbol_table), 
            vadinfo.winnt_protections)
            if not "PAGE_EXECUTE_READWRITE" in protection_string:
                continue

            if (vad.get_private_memory() == 1
                    and vad.get_tag() == "VadS") or (vad.get_private_memory() 
                    == 0 and protection_string != 
                    "PAGE_EXECUTE_WRITECOPY"):
                data = proc_layer.read(vad.get_start(), 
                vad.get_size(), pad = True)
                if data.find(b'x4dx5a') != 0:
                    continue
                yield vad, data

    def _generator(self, procs):
        kernel = self.context.modules[self.config['kernel']]
        is_32bit_arch = not symbols.symbol_table_is_64bit(self.context, 
        kernel.symbol_table_name)
        for proc in procs:
            process_name = utility.array_to_string(proc.ImageFileName)
            for vad, data in self.list_injections(self.context, 
            kernel.layer_name, kernel.symbol_table_name, proc):
                strings_to_find = [b'x25x73x23x31',b'x25x73x23x32',
                b'x25x73x23x33',b'x25x73x23x34', 
                b'x2ex74x6dx70', b'x2ex73x61x76',
                b'x2ex75x70x64']
                if not all(stringToFind in data for 
                stringToFind in strings_to_find):
                    continue
                yield (0, (proc.UniqueProcessId, process_name, 
                format_hints.Hex(vad.get_start()),
                           format_hints.Hex(vad.get_size()),
                           vad.get_protection(
                               vadinfo.VadInfo.protect_values(self.context, 
                kernel.layer_name, kernel.symbol_table_name), 
                vadinfo.winnt_protections)))
                return

    def run(self):
        kernel = self.context.modules[self.config['kernel']]
        return renderers.TreeGrid([("PID", int), ("Process", str), 
        ("Address", format_hints.Hex), ("Length", format_hints.Hex), 
        ("Protection", str)], self._generator(pslist.PsList.list_processes(
        context = self.context, layer_name = kernel.layer_name,  
        symbol_table = kernel.symbol_table_name)))

 

 

Categories
alerts

CISA Urges Organizations to Incorporate the FCC Covered List Into Risk Management Plans

The Federal Communications Commission (FCC) maintains a Covered List of communications equipment and services that have been determined by the U.S. government to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons to national security pursuant to the Secure and Trusted Communications Networks Act of 2019.

As the 6th annual National Supply Chain Integrity Month concludes, CISA reminds all critical infrastructure owners and operators to take necessary steps in securing the nation’s most critical supply chains. CISA urges organizations to incorporate the Covered List into their supply chain risk management efforts, in addition to adopting recommendations listed in Defending Against Software Supply Chain Attacks—a joint CISA and NIST resource that provides guidance on using NIST’s Cyber Supply Chain Risk Management (C-SCRM) framework to identify, assess, and mitigate risks. All critical infrastructure organizations are also urged to enroll in CISA’s free Vulnerability Scanning service for assistance in identifying vulnerable or otherwise high-risk devices such as those on FCC’s Covered List.

To learn more about CISA’s supply chain efforts and to view resources, visit CISA.gov/supply-chain-integrity-month.

 

Categories
alerts

CISA Requests for Comment on Secure Software Self-Attestation Form

CISA has issued requests for comment on the Secure Software Self-Attestation Form. CISA, in coordination with the Office of Budget and Management (OMB), released proposed guidance on secure software. This guidance seeks to secure software leveraged by the federal government. CISA expects agencies to use this proposed form to reduce the risk to the federal environment, thereby implementing a standardized process for agencies and software producers that will create transparency on the security of software development efforts.
 
Visit CISA.gov/secure-software-attestation-form for more information and to review the document. The comment period is open until June 26, 2023. CISA is specifically requesting insight on the feasibility, clarity, and usefulness of the document. To submit a comment, click the comment box at the top of Regulations.gov

Categories
alerts

CISA Releases One Industrial Control Systems Medical Advisory

CISA released one Industrial Control Systems Medical (ICS) medical advisory on April 27, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS medical advisory for technical details and mitigations:

Categories
alerts

CISA Releases Malware Analysis Report on ICONICSTEALER

 CISA has released a new Malware Analysis Report (MAR) on an infostealer known as ICONICSTEALER. This trojan has been identified as a variant of malware used in the supply chain attack against 3CX’s Desktop App.

CISA recommends users and administrators to review the following resources for more information, and hunt for the listed indicators of compromise (IOCs) for potential malicious activity:

Categories
alerts

CISA and Partners Release Cybersecurity Best Practices for Smart Cities

Today, CISA, NSA, FBI, NCSC-UK, ACSC, CCCS and NCSC-NZ released a joint guide: Cybersecurity Best Practices for Smart Cities

Smart cities may create safer, more efficient, resilient communities through technological innovation and data-driven decision making. However, this opportunity also introduces potential vulnerabilities and weaknesses that—if exploited—could impact national security, economic security, public health and safety, and critical infrastructure operations.

CISA encourages organizations implement these best practices in alignment with their specific cybersecurity requirements to ensure the safe and secure operation of infrastructure systems, protection of citizen’s private data, and security of sensitive government and business data.
 

For Emergency Cyber Security Incident Response please email RedTeam@DefendEdge.com