https://web.nvd.nist.gov/view/vuln/search This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database. 2023-05-06T10:00:01Z en-us This material is not copywritten and may be freely used, however, attribution is requested. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-10013 A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. 2023-04-24T18:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-10014 A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232. 2023-04-24T18:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5872 ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. 2023-04-26T00:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-10104 A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. 2023-04-30T21:15:30Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-10105 A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. 2023-05-01T02:15:39Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-21643 Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. 2023-04-28T20:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23647 Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. 2023-04-28T20:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-23930 An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. 2021-04-21T18:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-36070 Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. 2023-04-26T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-4729 IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. 2023-04-28T02:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8597 eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. 2020-02-03T23:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23166 A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23176 Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23178 Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23186 A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-23203 Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26263 Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26947 Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27452 The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). 2021-03-25T20:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32269 An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. 2021-09-20T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32270 An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. 2021-09-20T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-32271 An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. 2021-09-20T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33589 Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. 2023-04-21T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33971 Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(13.0.2170.0)". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts) 2023-04-19T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33974 Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in conjunction with the exploitation of local vulnerabilities that allow spyware to persist without being scanned to permanently reside on the target PC computer (because local vulnerabilities target Qihoo 360 company's antivirus software kernel flaws); this set of remote and local vulnerabilities in perfect coordination, to achieve an information security fallacy, on Qihoo 360's antivirus software vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a secure browser, which exists in the kernel vulnerability but help the composition of the remote vulnerability.(Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to this security expert) 2023-04-19T21:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3429 When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. 2023-04-19T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36436 An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38363 An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. 2023-04-20T13:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38364 An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents. 2023-04-20T13:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43819 Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. 2023-04-19T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44460 Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44461 Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44465 Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44476 A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44547 A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44775 Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45071 Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. 2023-04-25T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45111 Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2084 Sensitive data could be exposed in world readable logs of cloud-init before version 22.3 when schema failures are reported. This leak could include hashed passwords. 2023-04-19T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23721 PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24035 An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management. 2023-04-20T13:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24109 An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. 2023-04-20T13:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24249 A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. 2022-02-04T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25091 Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. 2023-04-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25276 The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. 2023-04-26T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27145 GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. 2022-04-08T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27146 GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. 2022-04-08T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27147 GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. 2022-04-08T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27148 GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. 2022-04-08T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27978 Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. 2023-04-26T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27979 A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. 2023-04-26T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28354 In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29604 An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29605 An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29606 An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29607 An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29608 An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29609 An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29944 An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed. 2023-04-20T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31244 Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. 2023-04-25T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35898 OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. 2023-05-01T20:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36190 GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. 2022-08-17T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36191 A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. 2022-08-17T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36769 IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034. 2023-04-26T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36788 A heap-based buffer overflow vulnerability exists in the TriangleMesh clone functionality of Slic3r libslic3r 1.3.0 and Master Commit b1a5500. A specially-crafted STL file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 2023-04-20T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36963 The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands. 2023-04-21T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37381 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AFSpecial_KeystrokeEx method. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17110. 2023-03-29T19:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38530 GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. 2022-09-06T23:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38583 On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3957 A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. 2022-11-11T16:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39989 An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40482 The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40722 A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40723 The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40724 The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40725 PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41397 The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41398 The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41399 The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41400 Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41612 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Shareaholic Similar Posts plugin <= 3.1.6 versions. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41739 IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. 2023-04-26T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42335 x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. 2023-04-25T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43039 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43040 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43042 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43043 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43044 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43045 GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. 2022-10-19T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43254 GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. 2022-11-02T14:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43255 GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. 2022-11-02T14:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45064 The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API resulting in a generic type of include-based cross-site scripting issues on the Apache Sling level. The vulnerability is exploitable by an attacker that is able to include a resource with specific content-type and control the include path (i.e. writing content). The impact of a successful attack is privilege escalation to administrative power. Please update to Apache Sling Engine >= 2.14.0 and enable the "Check Content-Type overrides" configuration option. 2023-04-13T11:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45084 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45202 GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. 2022-11-29T04:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45204 GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. 2022-11-29T04:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45291 PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45343 GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. 2022-11-29T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45456 Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. 2023-04-26T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45876 Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. 2023-04-26T22:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46302 Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. 2023-04-20T14:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46489 GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46490 GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c. 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46852 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. 2023-05-03T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47086 GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47087 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47088 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47089 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47091 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47092 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47093 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47094 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47095 GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c 2023-01-05T15:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47158 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pakpobox alfred24 Click & Collect plugin <= 1.1.7 versions. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47505 The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges. 2023-04-21T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47509 The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML. 2023-04-21T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47598 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Plugins Pro WP Super Popup plugin <= 1.1.2 versions. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47653 GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 2023-01-05T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47654 GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 2023-01-05T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47656 GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 2023-01-05T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47657 GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 2023-01-05T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47658 GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 2023-01-05T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47659 GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data 2023-01-05T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47660 GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c 2023-01-05T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47661 GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes 2023-01-05T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47662 GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 2023-01-05T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47663 GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 2023-01-05T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47930 An issue was discovered in IO FinNet tss-lib before 2.0.0. The parameter ssid for defining a session id is not used through the MPC implementation, which makes replaying and spoofing of messages easier. In particular, the Schnorr proof of knowledge implemented in sch.go does not utilize a session id, context, or random nonce in the generation of the challenge. This could allow a malicious user or an eavesdropper to replay a valid proof sent in the past. 2023-04-21T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48150 Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. 2023-04-21T14:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48476 In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48477 In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48481 In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible 2023-04-28T10:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0045 The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96 2023-04-25T23:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0184 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. 2023-04-22T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0190 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. 2023-04-22T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0199 NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. 2023-04-22T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0202 NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the GenericSio and LegacySmmSredir SMM APIs. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. 2023-04-22T03:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0203 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. 2023-04-22T03:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0204 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can cause improper handling of exceptional conditions, which may lead to denial of service. 2023-04-22T03:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0205 NVIDIA ConnectX-5, ConnectX-6, and ConnectX6-DX contain a vulnerability in the NIC firmware, where an unprivileged user can exploit insufficient granularity of access control, which may lead to denial of service. 2023-04-22T03:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0206 NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may modify arbitrary memory of SMRAM by exploiting the NVME SMM API. A successful exploit of this vulnerability may lead to denial of service, escalation of privileges, and information disclosure. 2023-04-22T03:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0276 The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-04-24T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0317 Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. 2023-04-19T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0388 The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. 2023-04-24T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0418 The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks 2023-04-24T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0420 The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF 2023-04-24T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0424 The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks 2023-04-24T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0760 Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. 2023-02-09T14:15:24Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0899 The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could be used against high privilege users such as admins. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1020 The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1126 The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1129 The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1255 Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one. 2023-04-20T17:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1324 The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1414 The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1420 The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1435 The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1585 Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later. 2023-04-19T19:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1586 Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the restore process leading to arbitrary file creation. The issue was fixed with Avast and AVG Antivirus version 22.11 2023-04-19T19:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1623 The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1624 The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1731 In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. 2023-04-24T14:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1892 Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. 2023-04-21T05:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1967 Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. 2023-04-27T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1998 The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2006 A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2007 The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. 2023-04-24T23:15:18Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2019 A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20862 In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. This vulnerability can keep users authenticated even after they performed logout. Users of affected versions should apply the following mitigation. 5.7.x users should upgrade to 5.7.8. 5.8.x users should upgrade to 5.8.3. 6.0.x users should upgrade to 6.0.3. 2023-04-19T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20864 VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20865 VMware Aria Operations for Logs contains a command injection vulnerability. A malicious actor with administrative privileges in VMware Aria Operations for Logs can execute arbitrary commands as root. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20869 VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. 2023-04-25T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20870 VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. 2023-04-25T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20871 VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20872 VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20873 In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2112 Desktop component service allows lateral movement between sessions in M-Files before 23.4.12455.0.  2023-04-20T09:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2131 Versions of INEA ME RTU firmware prior to 3.36 are vulnerable to OS command injection, which could allow an attacker to remotely execute arbitrary code. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2139 A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. 2023-04-21T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2176 A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2193 Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app, allowing an attacker possessing an authorization code to generate an access token. 2023-04-20T09:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2197 HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 2023-05-01T20:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2202 Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. 2023-04-21T02:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2204 A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file faqs.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226969 was assigned to this vulnerability. 2023-04-21T07:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2205 A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-226970 is the identifier assigned to this vulnerability. 2023-04-21T07:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2206 A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file contactus.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226971. 2023-04-21T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2207 A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file contactus1.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226972. 2023-04-21T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2208 A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226973 was assigned to this vulnerability. 2023-04-21T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2209 A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/sales/view_details.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226974 is the identifier assigned to this vulnerability. 2023-04-21T09:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2210 A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/categories/view_category.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226975. 2023-04-21T09:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2211 A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226976. 2023-04-21T09:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2212 A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/products/view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226977 was assigned to this vulnerability. 2023-04-21T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2213 A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/products/manage_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-226978 is the identifier assigned to this vulnerability. 2023-04-21T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2214 A vulnerability was found in Campcodes Coffee Shop POS System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/sales/manage_sale.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226979. 2023-04-21T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2215 A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226980. 2023-04-21T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2216 A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument firstname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226981 was assigned to this vulnerability. 2023-04-21T11:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2217 A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. This affects an unknown part of the file /admin/reminders/manage_reminder.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226983. 2023-04-21T11:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2218 A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-226984. 2023-04-21T11:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2219 A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic. This issue affects some unknown processing of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-226985 was assigned to this vulnerability. 2023-04-21T11:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2220 A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability. 2023-04-21T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2226 Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files.  For this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts. 2023-04-21T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2227 Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. 2023-04-21T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2228 Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. 2023-04-21T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22295 Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2231 A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22321 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2235 A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. The perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability. We recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2. 2023-05-01T13:15:44Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22354 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2236 A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Both io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability. We recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4. 2023-05-01T13:15:44Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2240 Improper Privilege Management in GitHub repository microweber/microweber prior to 1.3.4. 2023-04-22T01:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2242 A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227. 2023-04-22T16:15:42Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2243 A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file users/registration.php of the component POST Parameter Handler. The manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227228. 2023-04-22T17:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2245 A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability. 2023-04-22T17:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2248 A heap out-of-bounds read/write vulnerability in the Linux Kernel traffic control (QoS) subsystem can be exploited to achieve local privilege escalation. The qfq_change_class function does not properly limit the lmax variable which can lead to out-of-bounds read/write. If the TCA_QFQ_LMAX value is not offered through nlattr, lmax is determined by the MTU value of the network device. The MTU of the loopback device can be set up to 2^31-1 and as a result, it is possible to have an lmax value that exceeds QFQ_MIN_LMAX. We recommend upgrading past commit 3037933448f60f9acb705997eae62013ecb81e0d. 2023-05-01T13:15:44Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2250 A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2251 Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-4. 2023-04-24T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2257 Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22577 Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. 2023-04-24T09:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2258 Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22581 White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver run as the root user). 2023-04-24T09:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2259 Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2260 Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22621 Strapi through 4.5.5 allows authenticated Server-Side Template Injection (SSTI) that can be exploited to execute arbitrary code on the server. A remote attacker with access to the Strapi admin panel can inject a crafted payload that executes code on the server into an email template that bypasses the validation checks that should prevent code execution. 2023-04-19T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22665 There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. 2023-04-25T07:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22683 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions. 2023-05-03T14:15:30Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22686 Cross-Site Request Forgery (CSRF) vulnerability in TriniTronic Nice PayPal Button Lite plugin <= 1.3.5 versions. 2023-04-23T12:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2269 A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22713 Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. 2023-05-03T12:16:45Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22728 Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22729 Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. 2023-04-26T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2273 Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. 2023-04-26T09:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2281 When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team. 2023-04-25T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2282 Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector. 2023-04-25T19:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22846 Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This vulnerability could allow an attacker to disclose sensitive information. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22893 Strapi through 4.5.5 does not verify the access or ID tokens issued during the OAuth flow when the AWS Cognito login provider is used for authentication. A remote attacker could forge an ID token that is signed using the 'None' type algorithm to bypass authentication and impersonate any user that use AWS Cognito for authentication. 2023-04-19T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22894 Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. The attacker can filter users by columns that contain sensitive information and infer a value from API responses. If the attacker has super admin access, then this can be exploited to discover the password hash and password reset token of all users. If the attacker has admin panel access to an account with permission to access the username and email of API users with a lower privileged role (e.g., Editor or Author), then this can be exploited to discover sensitive information for all API users but not other admin accounts. 2023-04-19T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22901 ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. 2023-04-27T02:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2291 Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. 2023-04-26T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22913 A post-authentication command injection vulnerability in the “account_operator.cgi� CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22914 A path traversal vulnerability in the “account_print.cgi� CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp� directory by uploading a crafted file if the hotspot function were enabled. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22915 A buffer overflow vulnerability in the “fbwifi_forward.cgi� CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22916 The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22917 A buffer overflow vulnerability in the “sdwan_iface_ipc� binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. 2023-04-24T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22918 A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22919 The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. 2023-05-01T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22921 A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. 2023-05-01T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22922 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. 2023-05-01T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22923 A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. 2023-05-01T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22924 A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. 2023-05-01T17:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2293 A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2294 A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability. 2023-04-26T06:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22948 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster. 2023-04-13T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22950 An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations. 2023-04-13T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2307 Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. 2023-04-26T17:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2322 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T09:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2323 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T09:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2336 Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2338 SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2339 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2340 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2341 Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2342 Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2343 Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-27T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2344 A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587. 2023-04-27T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2345 A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. 2023-04-27T15:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23451 The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default. 2023-04-19T23:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2346 A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. 2023-04-27T15:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2347 A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability. 2023-04-27T15:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2348 A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591. 2023-04-27T15:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2356 Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. 2023-04-28T00:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23579 Datakit CrossCadWare_x64.dll contains an out-of-bounds write past the end of an allocated buffer while parsing a specially crafted SLDPRT file. This could allow an attacker to execute code in the context of the current process. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2360 Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. 2023-04-28T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2361 Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. 2023-04-28T08:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2363 A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. 2023-04-28T11:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2364 A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. 2023-04-28T11:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2365 A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. 2023-04-28T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2366 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. 2023-04-28T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2367 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2368 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2369 A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. 2023-04-28T13:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2370 A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23708 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. 2023-05-03T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2371 A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2372 A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23753 The 'Visforms Base Package for Joomla 3' extension is vulnerable to SQL Injection as concatenation is used to construct an SQL Query. An attacker can interact with the database and could be able to read, modify and delete data on it. 2023-04-23T21:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23785 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions. 2023-05-03T15:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2380 A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T17:15:43Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2381 A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T17:15:43Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2382 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T17:15:43Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23820 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. 2023-05-03T13:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2383 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T18:15:26Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23837 No exception handling vulnerability which revealed sensitive or excessive information to users. 2023-04-25T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23838 Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. 2023-04-25T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23839 The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2384 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T18:15:26Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2385 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T18:15:26Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2386 A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2387 A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T19:15:16Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23874 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. 2023-05-03T14:15:31Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23876 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions. 2023-05-03T14:15:32Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2388 A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T20:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2389 A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T20:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23892 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Jamie Poitra M Chart plugin <= 1.9.4 versions. 2023-04-24T14:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2390 A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T20:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2391 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2392 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2393 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23938 Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration. Administrative privilege is required, but an attacker with tracker administration rights could use this vulnerability to force a victim to execute uncontrolled code in the context of their browser. This issue has been addressed in Tuleap Community Edition version 14.5.99.4. Users are advised to upgrade. There are no known workarounds for this issue. 2023-04-20T17:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2394 A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2395 A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2396 A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2023-04-28T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2397 A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. 2023-04-28T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2408 A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. 2023-04-28T23:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2409 A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. 2023-04-28T23:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2410 A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. 2023-04-28T23:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2411 A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. 2023-04-28T23:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2412 A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. 2023-04-29T00:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2413 A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. 2023-04-29T00:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2424 A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. 2023-04-29T08:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2425 A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751. 2023-04-29T08:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2428 Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-04-30T01:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2429 Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. 2023-04-30T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24796 Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints. 2023-04-26T13:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24818 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24819 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24820 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually. 2023-04-24T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24821 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. 2023-04-24T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24822 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. 2023-04-24T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24823 RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. 2023-04-24T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24966 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. 2023-04-27T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25131 Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password. 2023-04-24T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25132 Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. 2023-04-24T10:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25133 Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors. 2023-04-24T11:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25292 Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. 2023-04-27T01:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25313 OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. 2023-04-25T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25314 Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. 2023-04-25T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25437 An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. 2023-04-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25510 NVIDIA CUDA Toolkit SDK for Linux and Windows contains a NULL pointer dereference in cuobjdump, where a local user running the tool against a malformed binary may cause a limited denial of service. 2023-04-22T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25511 NVIDIA CUDA Toolkit for Linux and Windows contains a vulnerability in cuobjdump, where a division-by-zero error may enable a user to cause a crash, which may lead to a limited denial of service. 2023-04-22T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25512 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds memory read by running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. 2023-04-22T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25513 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. 2023-04-22T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25514 NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in cuobjdump, where an attacker may cause an out-of-bounds read by tricking a user into running cuobjdump on a malformed input file. A successful exploit of this vulnerability may lead to limited denial of service, code execution, and limited information disclosure. 2023-04-22T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25601 On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. This issue has been fixed from version 3.1.2 onwards. For users who use version 3.0.0 to 3.1.1, you can turn off the python-gateway function by changing the value `python-gateway.enabled=false` in configuration file `application.yaml`. If you are using the python gateway, please upgrade to version 3.1.2 or above. 2023-04-20T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25652 Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. 2023-04-25T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25783 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. 2023-05-03T11:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25784 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. 2023-05-03T11:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25786 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. 2023-05-03T11:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25789 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. 2023-05-03T11:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25796 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. 2023-05-03T12:16:46Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25798 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. 2023-05-03T12:16:46Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25815 In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\mingw64\share\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\` (and since `C:\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1. This vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\`. 2023-04-25T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25979 Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions. 2023-05-03T14:15:32Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26057 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. 2023-04-25T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26058 An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. 2023-04-25T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26059 An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26060 An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. 2023-04-24T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26061 An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. 2023-04-24T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26097 An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26098 An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. 2023-04-25T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26099 An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26100 In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. 2023-04-21T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26101 In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. 2023-04-21T12:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26286 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. 2023-04-26T12:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26494 lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. 2023-04-24T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26556 io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). One leak is in ecdsa/keygen/round_2.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) 2023-04-21T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26557 io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. (bnb-chain/tss-lib and thorchain/tss are also affected.) 2023-04-21T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26567 Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. 2023-04-26T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26865 SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26930 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26931 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function. 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26934 An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter. 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26935 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc. 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26936 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26937 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc 2023-04-26T19:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26938 Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc. 2023-04-26T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26987 An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. 2023-05-01T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27035 An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. 2023-05-01T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27090 Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. 2023-04-20T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27105 A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. 2023-04-25T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27108 An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch. 2023-05-01T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27350 This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. 2023-04-20T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27351 This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SecurityRequestFilter class. The issue results from improper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19226. 2023-04-20T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27352 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845. 2023-04-20T22:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27353 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846. 2023-04-20T22:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27354 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727. 2023-04-20T22:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27355 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773. 2023-04-20T22:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27495 @fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the user. This parameter has been introduced to prevent cookie-tossing attacks as a fix for CVE-2021-29624. Whenever userInfo parameter is missing, or its value can be predicted for the target user account, network and same-site attackers can 1. fixate a _csrf cookie in the victim's browser, and 2. forge CSRF tokens that are valid for the victim's session. This allows attackers to bypass the CSRF protection mechanism. As a fix, @fastify/csrf-protection starting from version 6.3.0 (and v4.1.0) includes a server-defined secret hmacKey that cryptographically binds the CSRF token to the value of the _csrf cookie and the userInfo parameter, making tokens non-spoofable by attackers. This protection is effective as long as the userInfo parameter is unique for each user. This is patched in versions 6.3.0 and v4.1.0. Users are advised to upgrade. Users unable to upgrade may use a random, non-predictable userInfo parameter for each user as a mitigation. 2023-04-20T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27524 Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. 2023-04-24T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27556 IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. 2023-04-28T01:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27557 IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. 2023-04-28T02:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27559 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. 2023-04-26T20:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27843 SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. 2023-04-26T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27848 broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27849 rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27860 IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. 2023-04-27T19:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27990 The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27991 The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28003 A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of their account. 2023-04-18T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28008 HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. 2023-04-26T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28009 HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. 2023-04-26T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28084 HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens 2023-04-25T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28086 An HPE OneView appliance dump may expose proxy credential settings 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28087 An HPE OneView appliance dump may expose OneView user accounts 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28088 An HPE OneView appliance dump may expose SAN switch administrative credentials 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28089 An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28090 An HPE OneView appliance dump may expose SNMPv3 read credentials 2023-04-25T19:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28122 A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. 2023-04-19T20:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28123 A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version 0.62.3 and later. 2023-04-19T20:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28124 Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. 2023-04-19T20:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28131 A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social sign-in. This can be achieved once a victim clicks a malicious link. The link itself may be sent to the victim in various ways (including email, text message, an attacker-controlled website, etc). 2023-04-24T05:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28384 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 2023-04-27T23:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28400 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 2023-04-27T23:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28458 pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28459 pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. 2023-04-20T21:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28471 Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28472 Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28473 Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28474 Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28475 Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28476 Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28477 Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28484 In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28528 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. 2023-04-28T03:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28697 Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. 2023-04-27T02:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28716 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 2023-04-27T23:15:14Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28771 Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. 2023-04-25T02:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28819 Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28820 Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28821 Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. 2023-04-28T14:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28847 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available. 2023-04-25T17:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28882 Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. 2023-04-28T04:15:38Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28976 An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If specific traffic is received on MX Series and its rate exceeds the respective DDoS protection limit the ingress PFE will crash and restart. Continued receipt of this traffic will create a sustained DoS condition. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 19.1R3-S10; 19.2 versions prior to 19.2R3-S7; 19.3 versions prior to 19.3R3-S8; 19.4 versions prior to 19.4R3-S11; 20.2 versions prior to 20.2R3-S5; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S4; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28978 An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. In the default configuration it is possible to read confidential information about locally configured (administrative) users of the affected system. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S7-EVO on pending commit???; 21.1-EVO versions prior to 21.1R3-S4-EVO on awaiting build; 21.4-EVO versions prior to 21.4R3-S1-EVO; 22.2-EVO versions prior to 22.2R3-EVO; 21.2-EVO versions prior to 21.2R3-S5-EVO on pending commit???; 21.3-EVO version 21.3R1-EVO and later versions; 22.1-EVO version 22.1R1-EVO and later versions; 22.2-EVO versions prior to 22.2R2-S1-EVO. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28979 An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. In a 6PE scenario and if an additional integrity check is configured, it will fail to drop specific malformed IPv6 packets, and then these packets will be forwarded to other connected networks. This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S7; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28980 A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service (DoS). In a rib sharding scenario the rpd process will crash shortly after specific CLI command is issued. This issue is more likely to occur in a scenario with high route scale (>1M routes). This issue affects: Juniper Networks Junos OS 20.2 version 20.2R3-S5 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S2 and later versions prior to 20.3R3-S5; 20.4 version 20.4R3-S1 and later versions prior to 20.4R3-S4 21.1 version 21.1R3 and later versions prior to 21.1R3-S3; 21.2 version 21.2R1-S2, 21.2R2-S1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R2 and later versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.4-EVO version 20.4R3-S1-EVO and later versions prior to 20.4R3-S6-EVO; 21.2-EVO version 21.2R1-S2-EVO and later versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R2-EVO and later versions prior to 21.3R3-S1-EVO; 21.4-EVO versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R2-EVO. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28981 An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). If the receipt of router advertisements is enabled on an interface and a specifically malformed RA packet is received, memory corruption will happen which leads to an rpd crash. This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.3-EVO versions prior to 21.3R3-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28982 A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the following CLI commands: show task memory show system processes extensive | match rpd This issue affects: Juniper Networks Junos OS 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S6; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2. Juniper Networks Junos OS Evolved 20.3-EVO version 20.3R1-EVO and later versions; 20.4-EVO versions prior to 20.4R3-S6-EVO; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28983 An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28984 A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29002 Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode. 2023-04-18T22:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29007 Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29011 Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\etc\connectrc`. Since `C:\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\etc\connectrc` files on multi-user machines. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29012 Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29019 @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-04-21T23:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29020 @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`. 2023-04-21T23:15:20Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29150 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 2023-04-27T23:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29169 mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. 2023-04-27T23:15:15Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29197 guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade. 2023-04-17T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29200 Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds. 2023-04-25T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29213 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-04-17T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29255 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. 2023-04-27T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29257 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. 2023-04-26T13:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29469 An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\0' value). 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29471 Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. 2023-04-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29479 Ribose RNP before 0.16.3 may hang when the input is malformed. 2023-04-24T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29480 Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. 2023-04-24T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29489 An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. 2023-04-27T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29523 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading. 2023-04-19T00:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29524 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a new object of type XWiki.SchedulerJobClass, In "Job Script", groovy code can be added and will be executed in the server context on viewing. This has been patched in XWiki 14.10.3 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this issue. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29525 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29527 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the document after saving it will execute the groovy script in the server context which provides code execution. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3. Users are advised to upgrade. There are no known workarounds for this issue. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29528 XWiki Commons are technical libraries common to several other top level XWiki projects. The "restricted" mode of the HTML cleaner in XWiki, introduced in version 4.2-milestone-1 and massively improved in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid HTML comments. As a consequence, any code relying on this "restricted" mode for security is vulnerable to JavaScript injection ("cross-site scripting"/XSS). When a privileged user with programming rights visits such a comment in XWiki, the malicious JavaScript code is executed in the context of the user session. This allows server-side code execution with programming rights, impacting the confidentiality, integrity and availability of the XWiki instance. This problem has been patched in XWiki 14.10, HTML comments are now removed in restricted mode and a check has been introduced that ensures that comments don't start with `>`. There are no known workarounds apart from upgrading to a version including the fix. 2023-04-20T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29530 Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`. 2023-04-24T20:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29552 The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. 2023-04-25T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29566 huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. 2023-04-24T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29575 Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. 2023-04-21T14:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29578 mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29579 yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29582 yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29583 yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. 2023-04-24T13:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29596 Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. 2023-04-26T20:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29635 File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29636 Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29637 Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29639 Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29641 Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29643 Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. 2023-05-01T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29779 Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command. 2023-04-25T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29780 Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. 2023-04-24T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29848 Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. 2023-04-24T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29849 Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. 2023-04-24T15:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29905 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29906 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29907 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29908 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29909 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29910 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29911 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29912 H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29913 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29914 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29915 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29916 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29917 H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. 2023-04-21T15:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29921 PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. 2023-04-19T12:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30061 D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. 2023-05-01T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30063 D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. 2023-05-01T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30076 Sourcecodester Judging Management System v1.0 is vulnerable to SQL Injection via /php-jms/print_judges.php?print_judges.php=&se_name=&sub_event_id=. 2023-04-20T19:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30106 Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. 2023-04-26T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30111 Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). 2023-04-26T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30112 Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30123 wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. 2023-04-28T14:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30177 CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. 2023-04-25T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30210 OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. 2023-04-26T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30211 OURPHP <= 7.2.0 is vulnerable to SQL Injection. 2023-04-26T16:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30212 OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. 2023-04-26T17:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30265 CLTPHP <=6.0 is vulnerable to Directory Traversal. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30266 CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30267 CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30269 CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. 2023-04-26T14:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30338 Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. 2023-04-27T15:15:13Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30363 vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts. 2023-04-26T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30380 An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. 2023-04-27T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30402 YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. 2023-04-25T16:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30406 Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30408 Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30410 Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30414 Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30417 A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. 2023-04-25T13:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30444 IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. 2023-04-27T13:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30456 An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. 2023-04-10T02:15:06Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30458 A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of the supplied password. 2023-04-24T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30466 This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device. 2023-04-28T11:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30467 This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device. Successful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device. 2023-04-28T11:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30533 SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. 2023-04-24T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30536 slim/psr7 is a PSR-7 implementation for use with Slim 4. In versions prior to 1.6.1 an attacker could sneak in a newline (\n) into both the header names and values. While the specification states that \r\n\r\n is used to terminate the header list, many servers in the wild will also accept \n\n. An attacker that is able to control the header names that are passed to Slilm-Psr7 would be able to intentionally craft invalid messages, possibly causing application errors or invalid HTTP requests being sent out with an PSR-18 HTTP client. The latter might present a denial of service vector if a remote service’s web application firewall bans the application due to the receipt of malformed requests. The issue has been patched in version 1.6.1. There are no known workarounds to this issue. Users are advised to upgrade. 2023-04-17T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30543 @web3-react is a framework for building Ethereum Apps . In affected versions the `chainId` may be outdated if the user changes chains as part of the connection flow. This means that the value of `chainId` returned by `useWeb3React()` may be incorrect. In an application, this means that any data derived from `chainId` could be incorrect. For example, if a swapping application derives a wrapped token contract address from the `chainId` *and* a user has changed chains as part of their connection flow the application could cause the user to send funds to the incorrect address when wrapping. This issue has been addressed in PR #749 and is available in updated npm artifacts. There are no known workarounds for this issue. Users are advised to upgrade. 2023-04-17T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30544 Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist. 2023-04-24T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30545 PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9 2023-04-25T18:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30549 Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation. Apptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs. Some workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. 2023-04-25T21:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30552 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql/instance.py` endpoint's `describe` method. In several cases, user input coming from the `tb_name` parameter value, the `db_name` parameter value or the `schema_name` value in the `sql/instance.py` `describe` endpoint is passed to the `describe_table` methods in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. Please take into account that in some cases all three parameter values are concatenated, in other only one or two of them. The affected methods are: `describe_table` in `sql/engines/clickhouse.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/clickhouse.py`, `describe_table` in `sql/engines/mssql.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/mssql.py`, `describe_table` in `sql/engines/mysql.py`which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/mysql.py`, `describe_table` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/oracle.py`, `describe_table` in `sql/engines/pgsql.py`which concatenates input which is passed to execution on the database in the `query` methods in `sql/engines/pgsql.py`, `describe_table` in `sql/engines/phoenix.py` which concatenates input which is passed to execution on the database in the `query` method in `sql/engines/phoenix.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-101`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30553 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the `sql_api/api_workflow.py` endpoint `ExecuteCheck`. User input coming from the `db_name` parameter value and the `full_sql` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed to the methods that follow in given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution. The affected methods are `execute_check` in `sql/engines/clickhouse.py` which concatenates input which is passed to execution on the database in the `sql/engines/clickhouse.py` `query` method, `execute_check` in `sql/engines/goinception.py`which concatenates input which is passed to execution on the database in the `sql/engines/goinception.py` `query` method, `execute_check` in `sql/engines/oracle.py`which passes unsafe user input into the `object_name_check` method in `sql/engines/oracle.py` which in turn is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-102`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30554 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `sql_api/api_workflow.py` endpoint `ExecuteCheck` which passes unfiltered input to the `explain_check` method in `sql/engines/oracle.py`. User input coming from the `db_name` parameter value in the `api_workflow.py` `ExecuteCheck` endpoint is passed through the `oracle.py` `execute_check` method and to the `explain_check` method for execution. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-103`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30555 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are subject to SQL injection in the `explain` method in `sql_optimize.py`. User input coming from the `db_name` parameter value in the `explain` endpoint is passed to the following `query` methods of each database engine for execution. `query` in `sql/engines/mssql.py`, and `query` in `sql/engines/oracle.py`. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-108`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30556 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `optimize_sqltuningadvisor` method of `sql_optimize.py`. User input coming from the `db_name` parameter value in `sql_optimize.py` is passed to the `sqltuningadvisor` method in `oracle.py`for execution. To mitigate escape the variables accepted via user input when used in `sql_optimize.py`. Users may also use prepared statements when dealing with SQL as a mitigation for this issue. This issue is also indexed as `GHSL-2022-107`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30557 Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to SQL injection in the `data_dictionary.py` `table_info`. User input coming from the `db_name` in and the `tb_name` parameter values in the `sql/data_dictionary.py` `table_info` endpoint is passed to the following methods in the given SQL engine implementations, which concatenate user input unsafely into a SQL query and afterwards pass it to the `query` method of each database engine for execution.The methods are `get_table_meta_data ` in `sql/engines/mssql.py` which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_desc_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query`, `get_table_index_data` in `sql/engines/mssql.py`which passes unsafe user input to the `sql/engines/mssql.py` `query` method, `get_table_meta_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, `get_table_desc_data` in `sql/engines/oracle.py`which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method, and `get_table_index_data` in `sql/engines/oracle.py` which concatenates input which is passed to execution on the database in the `sql/engines/oracle.py` `query` method. Each of these issues may be mitigated by escaping user input or by using prepared statements when executing SQL queries. This issue is also indexed as `GHSL-2022-106`. 2023-04-19T00:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30610 aws-sigv4 is a rust library for low level request signing in the aws cloud platform. The `aws_sigv4::SigningParams` struct had a derived `Debug` implementation. When debug-formatted, it would include a user's AWS access key, AWS secret key, and security token in plaintext. When TRACE-level logging is enabled for an SDK, `SigningParams` is printed, thereby revealing those credentials to anyone with access to logs. All users of the AWS SDK for Rust who enabled TRACE-level logging, either globally (e.g. `RUST_LOG=trace`), or for the `aws-sigv4` crate specifically are affected. This issue has been addressed in a set of new releases. Users are advised to upgrade. Users unable to upgrade should disable TRACE-level logging for AWS Rust SDK crates. 2023-04-19T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30611 Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. In affected versions data about what reactions were performed on a post in a private topic could be leaked. This issue has been addressed in version 0.3. Users are advised to upgrade. Users unable to upgrade should disable the discourse-reactions plugin to fully mitigate the issue. 2023-04-19T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30612 Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. This vulnerability allows users to close arbitrary open file descriptors in the Cloud Hypervisor process via sending malicious HTTP request through the HTTP API socket. As a result, the Cloud Hypervisor process can be easily crashed, causing Deny-of-Service (DoS). This can also be a potential Use-After-Free (UAF) vulnerability. Users require to have the write access to the API socket file to trigger this vulnerability. Impacted versions of Cloud Hypervisor include upstream main branch, v31.0, and v30.0. The vulnerability was initially detected by our `http_api_fuzzer` via oss-fuzz. This issue has been addressed in versions 30.1 and 31.1. Users unable to upgrade may mitigate this issue by ensuring the write access to the API socket file is granted to trusted users only. 2023-04-19T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30613 Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer. Kiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading. 2023-04-24T17:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30614 Pay is a payments engine for Ruby on Rails 6.0 and higher. In versions prior to 6.3.2 a payments info page of Pay is susceptible to reflected Cross-site scripting. An attacker could create a working URL that renders a javascript link to a user on a Rails application that integrates Pay. This URL could be distributed via email to specifically target certain individuals. If the targeted application contains a functionality to submit user-generated content (such as comments) the attacker could even distribute the URL using that functionality. This has been patched in version 6.3.2 and above. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-04-19T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30616 Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any website without a user noticing. Users are advised to upgrade to version 1.0.2. There are no known workarounds for this vulnerability. 2023-04-20T18:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30618 Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. 2023-04-21T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30622 Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. 2023-04-24T16:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30623 `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30626 Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30627 jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds. 2023-04-24T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30628 Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue. 2023-04-24T22:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30629 Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`. 2023-04-24T22:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30776 An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1. 2023-04-24T16:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30797 Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur. 2023-04-19T20:15:12Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30839 PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds. 2023-04-25T19:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30843 Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data. 2023-04-26T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30846 typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds. 2023-04-26T21:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30848 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. 2023-04-27T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30849 Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. 2023-04-27T16:15:11Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31043 EnterpriseDB EDB Postgres Advanced Server (EPAS) before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edb_filter_log.redact_password_commands. The fixed versions are 10.23.33, 11.18.29, 12.13.17, 13.9.13, and 14.6.0. 2023-04-23T20:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31045 ** DISPUTED ** A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content type (e.g., page, post, or card) as an admin, the stored XSS payload is executed upon selecting a malicious text formatting option. NOTE: the vendor disputes the security relevance of this finding because "any administrator that can configure a text format could easily allow Full HTML anywhere." 2023-04-24T08:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31059 Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. 2023-04-24T03:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31060 Repetier Server through 1.4.10 executes as SYSTEM. This can be leveraged in conjunction with CVE-2023-31059 for full compromise. 2023-04-24T03:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31061 Repetier Server through 1.4.10 does not have CSRF protection. 2023-04-24T03:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31081 An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). 2023-04-24T06:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31082 An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. 2023-04-24T06:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31083 An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. 2023-04-24T06:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31084 An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. 2023-04-24T06:15:07Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31085 An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. 2023-04-24T06:15:08Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31223 Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. 2023-04-25T23:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31250 The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating. 2023-04-26T19:15:09Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31285 An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user. 2023-04-27T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31286 An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. 2023-04-27T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31287 An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account. 2023-04-27T03:15:10Z https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31436 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. 2023-04-28T02:15:09Z