Weekly Vulnerabilities Reports > June 12 to 18, 2023

Overview

582 new vulnerabilities reported during this period, including 85 critical vulnerabilities and 268 high severity vulnerabilities. This weekly summary report vulnerabilities in 2153 products from 231 vendors including Microsoft, Google, HP, Fortinet, and Adobe. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Command Injection", and "Use After Free".

  • 416 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 173 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 303 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 78 reported vulnerabilities.
  • Bloofox has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

85 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-18 CVE-2023-3306 Ruijie Improper Access Control vulnerability in Ruijie Rg-Ew1200G Firmware Ew3.0(1)B11P204

A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204.

9.8
2023-06-17 CVE-2023-35813 Sitecore Unspecified vulnerability in Sitecore products

Multiple Sitecore products allow remote code execution.

9.8
2023-06-17 CVE-2014-125106 Nanopb Project Out-of-bounds Write vulnerability in Nanopb Project Nanopb

Nanopb before 0.3.1 allows size_t overflows in pb_dec_bytes and pb_dec_string.

9.8
2023-06-16 CVE-2023-35784 Openbsd Use After Free vulnerability in Openbsd Libressl and Openbsd

A double free or use after free could occur after SSL_clear in OpenBSD 7.2 before errata 026 and 7.3 before errata 004, and in LibreSSL before 3.6.3 and 3.7.x before 3.7.3.

9.8
2023-06-16 CVE-2023-34659 Jeecg SQL Injection vulnerability in Jeecg Boot 3.5.0/3.5.1

jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.

9.8
2023-06-16 CVE-2023-34832 TP Link Classic Buffer Overflow vulnerability in Tp-Link Archer Ax10 Firmware 230220

TP-Link Archer AX10(EU)_V1.2_230220 was discovered to contain a buffer overflow via the function FUN_131e8 - 0x132B4.

9.8
2023-06-16 CVE-2023-25366 Siglent Unspecified vulnerability in Siglent SDS 1104X-E Firmware Sds1Xx4Xev6.1.37R9.Ads

In Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS, insecure SCPI interface discloses web password.

9.8
2023-06-16 CVE-2023-34548 Simple Customer Relationship Management Project SQL Injection vulnerability in Simple Customer Relationship Management Project Simple Customer Relationship Management 1.0

Simple Customer Relationship Management 1.0 is vulnerable to SQL Injection via the email parameter.

9.8
2023-06-16 CVE-2023-35782 Ipandlanguageredirect Project SQL Injection vulnerability in Ipandlanguageredirect Project Ipandlanguageredirect

The ipandlanguageredirect extension before 5.1.2 for TYPO3 allows SQL Injection.

9.8
2023-06-16 CVE-2022-48472 Huawei OS Command Injection vulnerability in Huawei Bisheng-Wnm Firmware and Ota-Bisheng Firmware

A Huawei printer has a system command injection vulnerability.

9.8
2023-06-16 CVE-2023-32752 L7 Networks Unrestricted Upload of File with Dangerous Type vulnerability in L7-Networks Instantqos and Instantscan

L7 Networks InstantScan IS-8000 & InstantQoS IQ-8000’s file uploading function does not restrict upload of file with dangerous type.

9.8
2023-06-16 CVE-2023-32753 Itpison Unrestricted Upload of File with Dangerous Type vulnerability in Itpison Omicard EDM

OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type.

9.8
2023-06-16 CVE-2023-32754 Thinkingsoftware SQL Injection vulnerability in Thinkingsoftware Efence 1.2.59

Thinking Software Efence login function has insufficient validation for user input.

9.8
2023-06-16 CVE-2023-35708 Progress SQL Injection vulnerability in Progress Moveit Transfer

In Progress MOVEit Transfer before 2021.0.8 (13.0.8), 2021.1.6 (13.1.6), 2022.0.6 (14.0.6), 2022.1.7 (14.1.7), and 2023.0.3 (15.0.3), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.

9.8
2023-06-15 CVE-2023-2080 Forcepoint SQL Injection vulnerability in Forcepoint Email Security and web Security

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security Cloud allows Blind SQL Injection.

9.8
2023-06-15 CVE-2023-34800 Dlink OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main.

9.8
2023-06-15 CVE-2023-31672 Prestashop SQL Injection vulnerability in Prestashop

In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability.

9.8
2023-06-15 CVE-2023-34852 Publiccms Unspecified vulnerability in Publiccms

PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions.

9.8
2023-06-15 CVE-2021-0701 Google Unspecified vulnerability in Google Android

In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access.

9.8
2023-06-15 CVE-2021-0945 Google Unspecified vulnerability in Google Android

In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR.

9.8
2023-06-15 CVE-2023-21130 Google Out-of-bounds Read vulnerability in Google Android 13.0

In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow.

9.8
2023-06-15 CVE-2023-2686 Silabs Classic Buffer Overflow vulnerability in Silabs Gecko Software Development KIT

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack.

9.8
2023-06-15 CVE-2023-34880 Cmseasy Path Traversal vulnerability in Cmseasy 7.7.7.7

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php.

9.8
2023-06-15 CVE-2023-3275 Phpgurukul SQL Injection vulnerability in PHPgurukul Rail Pass Management System 1.0

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0.

9.8
2023-06-14 CVE-2023-1329 HP Unspecified vulnerability in HP products

A potential security vulnerability has been identified for certain HP multifunction printers (MFPs).

9.8
2023-06-14 CVE-2023-30150 Leotheme SQL Injection vulnerability in Leotheme Leocustomajax 1.0.0

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.

9.8
2023-06-14 CVE-2023-31746 Vw2100 Project Command Injection vulnerability in Vw2100 Project Vw2100 Firmware M1Dv1.0

There is a command injection vulnerability in the adslr VW2100 router with firmware version M1DV1.0.

9.8
2023-06-14 CVE-2023-31671 Webbax SQL Injection vulnerability in Webbax Postfinance

PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess().

9.8
2023-06-14 CVE-2023-25367 Siglent Unspecified vulnerability in Siglent products

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.

9.8
2023-06-14 CVE-2023-34095 Openprinting Stack-based Buffer Overflow vulnerability in Openprinting Cpdb-Libs

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project.

9.8
2023-06-14 CVE-2023-34540 Langchain Unspecified vulnerability in Langchain 0.0.171

An issue discovered in Langchain before 0.0.225 allows attacker to run arbitrary code via jira.run('other' substring.

9.8
2023-06-14 CVE-2023-34747 Ujcms Unrestricted Upload of File with Dangerous Type vulnerability in Ujcms 6.0.2

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload.

9.8
2023-06-14 CVE-2023-34750 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit.

9.8
2023-06-14 CVE-2023-34751 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit.

9.8
2023-06-14 CVE-2023-34752 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit.

9.8
2023-06-14 CVE-2023-34753 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit.

9.8
2023-06-14 CVE-2023-34754 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit.

9.8
2023-06-14 CVE-2023-34755 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit.

9.8
2023-06-14 CVE-2023-34756 Bloofox SQL Injection vulnerability in Bloofox Bloofoxcms 0.5.2.1

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit.

9.8
2023-06-14 CVE-2023-34865 Ujcms Path Traversal vulnerability in Ujcms 6.0.2

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature.

9.8
2023-06-14 CVE-2023-3237 Otcms Use of Hard-coded Credentials vulnerability in Otcms

A vulnerability classified as critical was found in OTCMS up to 6.62.

9.8
2023-06-14 CVE-2023-3238 Otcms Server-Side Request Forgery (SSRF) vulnerability in Otcms

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.

9.8
2023-06-14 CVE-2023-3234 Crmeb Deserialization of Untrusted Data vulnerability in Crmeb

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.

9.8
2023-06-14 CVE-2023-3232 Crmeb Deserialization of Untrusted Data vulnerability in Crmeb

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical.

9.8
2023-06-14 CVE-2023-29357 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Elevation of Privilege Vulnerability

9.8
2023-06-14 CVE-2023-29363 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8
2023-06-14 CVE-2023-32014 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8
2023-06-14 CVE-2023-32015 Microsoft Unspecified vulnerability in Microsoft products

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

9.8
2023-06-13 CVE-2023-34944 Chamilo Unrestricted Upload of File with Dangerous Type vulnerability in Chamilo LMS

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11.* up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file.

9.8
2023-06-13 CVE-2022-28550 Jhead Project Out-of-bounds Write vulnerability in Jhead Project Jhead 3.06

Matthias-Wandel/jhead jhead 3.06 is vulnerable to Buffer Overflow via shellescape(), jhead.c, jhead.

9.8
2023-06-13 CVE-2023-29562 TP Link Out-of-bounds Write vulnerability in Tp-Link Tl-Wpa7510 Firmware 190125

TP-Link TL-WPA7510 (EU)_V2_190125 was discovered to contain a stack overflow via the operation parameter at /admin/locale.

9.8
2023-06-13 CVE-2023-27836 TP Link Command Injection vulnerability in Tp-Link Tl-Wpa8630P Firmware 171011

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the devicePwd parameter in the function sub_ 40A80C.

9.8
2023-06-13 CVE-2023-3224 Nuxt Code Injection vulnerability in Nuxt

Code Injection in GitHub repository nuxt/nuxt prior to 3.5.3.

9.8
2023-06-13 CVE-2023-27837 TP Link Command Injection vulnerability in Tp-Link Tl-Wpa8630P Firmware 171011

TP-Link TL-WPA8630P (US)_ V2_ Version 171011 was discovered to contain a command injection vulnerability via the key parameter in the function sub_ 40A774.

9.8
2023-06-13 CVE-2023-31541 Ckeditor Unrestricted Upload of File with Dangerous Type vulnerability in Ckeditor 1.2.3

A unrestricted file upload vulnerability was discovered in the ‘Browse and upload images’ feature of the CKEditor v1.2.3 plugin for Redmine, which allows arbitrary files to be uploaded to the server.

9.8
2023-06-13 CVE-2023-34249 Pybb Project SQL Injection vulnerability in Pybb Project Pybb

benjjvi/PyBB is an open source bulletin board.

9.8
2023-06-13 CVE-2023-35064 Satos SQL Injection vulnerability in Satos Mobile

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Satos Satos Mobile allows SQL Injection through SOAP Parameter Tampering.This issue affects Satos Mobile: before 20230607.

9.8
2023-06-13 CVE-2023-2807 Pandorafms Authentication Bypass by Spoofing vulnerability in Pandorafms Pandora FMS

Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS allows an unauthenticated attacker to initiate a password reset process for any user account without proper authentication.

9.8
2023-06-13 CVE-2023-3047 Tmtmakine SQL Injection vulnerability in Tmtmakine Lockcell Firmware

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TMT Lockcell allows SQL Injection.This issue affects Lockcell: before 15.

9.8
2023-06-13 CVE-2023-3048 Tmtmakine Authorization Bypass Through User-Controlled Key vulnerability in Tmtmakine Lockcell Firmware

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

9.8
2023-06-13 CVE-2023-3049 Tmtmakine Unrestricted Upload of File with Dangerous Type vulnerability in Tmtmakine Lockcell Firmware

Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.

9.8
2023-06-13 CVE-2023-3050 Tmtmakine Reliance on Cookies without Validation and Integrity Checking vulnerability in Tmtmakine Lockcell Firmware

Reliance on Cookies without Validation and Integrity Checking in a Security Decision vulnerability in TMT Lockcell allows Privilege Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

9.8
2023-06-13 CVE-2023-30762 Kbdevice Improper Authentication vulnerability in Kbdevice products

Improper authentication vulnerability exists in KB-AHR series and KB-IRIP series.

9.8
2023-06-13 CVE-2023-30764 Kbdevice OS Command Injection vulnerability in Kbdevice products

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series.

9.8
2023-06-13 CVE-2023-30766 Kbdevice Unspecified vulnerability in Kbdevice products

Hidden functionality issue exists in KB-AHR series and KB-IRIP series.

9.8
2023-06-13 CVE-2023-26204 Fortinet Insufficiently Protected Credentials vulnerability in Fortinet Fortisiem

A plaintext storage of a password vulnerability [CWE-256] in FortiSIEM 6.7 all versions, 6.6 all versions, 6.5 all versions, 6.4 all versions, 6.3 all versions, 6.2 all versions, 6.1 all versions, 5.4 all versions, 5.3 all versions may allow an attacker able to access user DB content to impersonate any admin user on the device GUI.

9.8
2023-06-13 CVE-2023-27997 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests.

9.8
2023-06-13 CVE-2023-29129 Mendix Improper Authentication vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6).

9.8
2023-06-13 CVE-2023-2278 Wpdirectorykit Unspecified vulnerability in Wpdirectorykit WP Directory KIT

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdk_public_action' function.

9.8
2023-06-12 CVE-2023-26295 HP Command Injection vulnerability in HP Device Manager

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

9.8
2023-06-12 CVE-2023-32673 HP Unspecified vulnerability in HP products

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

9.8
2023-06-12 CVE-2023-32674 HP Classic Buffer Overflow vulnerability in HP PC Hardware Diagnostics

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow.

9.8
2023-06-12 CVE-2023-27716 Kafkaui Lite Project Unspecified vulnerability in Kafkaui-Lite Project Kafkaui-Lite 1.2.11

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.

9.8
2023-06-12 CVE-2023-32220 Milesight Improper Authentication vulnerability in Milesight Ncr/Camera Firmware 71.8.0.6R5

Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method.

9.8
2023-06-12 CVE-2023-33625 Dlink Command Injection vulnerability in Dlink Dir-600 Firmware 2.18

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function.

9.8
2023-06-12 CVE-2023-33626 Dlink Out-of-bounds Write vulnerability in Dlink Dir-600 Firmware 2.18

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary.

9.8
2023-06-12 CVE-2023-34581 Oretnom23 SQL Injection vulnerability in Oretnom23 Service Provider Management System 1.0

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2

9.8
2023-06-12 CVE-2023-35042 Geoserver Unspecified vulnerability in Geoserver

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the wild in June 2023.

9.8
2023-06-12 CVE-2023-26133 Progressbar JS Project Unspecified vulnerability in Progressbar.Js Project Progressbar.Js

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js.

9.8
2023-06-12 CVE-2023-35034 Atos Unspecified vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.

9.8
2023-06-14 CVE-2023-34101 Contiki NG Out-of-bounds Read vulnerability in Contiki-Ng

Contiki-NG is an operating system for internet of things devices.

9.1
2023-06-13 CVE-2023-24470 Microfocus XXE vulnerability in Microfocus Arcsight Logger

Potential XML External Entity Injection in ArcSight Logger versions prior to 7.3.0.

9.1
2023-06-12 CVE-2023-34335 AMI Missing Authentication for Critical Function vulnerability in AMI Megarac SPX

AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections.

9.1
2023-06-12 CVE-2023-34342 AMI Path Traversal vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure, or data tampering.

9.1
2023-06-12 CVE-2023-35036 Progress SQL Injection vulnerability in Progress Moveit Transfer

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database.

9.1

268 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-18 CVE-2023-3310 Agro School Management System Project SQL Injection vulnerability in Agro-School Management System Project Agro-School Management System 1.0

A vulnerability, which was classified as critical, has been found in code-projects Agro-School Management System 1.0.

8.8
2023-06-18 CVE-2023-3307 Minical SQL Injection vulnerability in Minical 1.0.0

A vulnerability was found in miniCal 1.0.0.

8.8
2023-06-18 CVE-2023-3308 Whaleal Deserialization of Untrusted Data vulnerability in Whaleal Icefrog 1.1.8

A vulnerability classified as problematic has been found in whaleal IceFrog 1.1.8.

8.8
2023-06-17 CVE-2023-35808 Sugarcrm Unrestricted Upload of File with Dangerous Type vulnerability in Sugarcrm 11.0.0/12.0.0

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.

8.8
2023-06-17 CVE-2023-35809 Sugarcrm Unspecified vulnerability in Sugarcrm 11.0.0/12.0.0

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.

8.8
2023-06-17 CVE-2023-35811 Sugarcrm SQL Injection vulnerability in Sugarcrm 11.0.0/12.0.0

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.

8.8
2023-06-17 CVE-2023-3295 Unlimited Elements Unspecified vulnerability in Unlimited-Elements Unlimited Elements for Elementor (Free Widgets, Addons, Templates)

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager functionality in versions up to, and including, 1.5.66 .

8.8
2023-06-16 CVE-2023-30625 Rudderstack SQL Injection vulnerability in Rudderstack Rudder-Server

rudder-server is part of RudderStack, an open source Customer Data Platform (CDP).

8.8
2023-06-15 CVE-2023-21108 Google Use After Free vulnerability in Google Android

In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free.

8.8
2023-06-15 CVE-2023-21115 Google Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android 11.0/12.0/12.1

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto.

8.8
2023-06-15 CVE-2023-21127 Google Use of Uninitialized Resource vulnerability in Google Android

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data.

8.8
2023-06-15 CVE-2023-25055 Digitalinspiration Cross-Site Request Forgery (CSRF) vulnerability in Digitalinspiration Google XML Sitemap for Videos

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions.

8.8
2023-06-15 CVE-2023-27634 Intrepidity Project Cross-Site Request Forgery (CSRF) vulnerability in Intrepidity Project Intrepidity

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions.

8.8
2023-06-15 CVE-2023-23802 Hasthemes Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes HT Easy GA4 (Google Analytics 4)

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions.

8.8
2023-06-15 CVE-2023-25450 Givewp Cross-Site Request Forgery (CSRF) vulnerability in Givewp

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions.

8.8
2023-06-15 CVE-2023-3274 Supplier Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Supplier Management System Project Supplier Management System 1.0

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0.

8.8
2023-06-15 CVE-2023-25449 Cformsii Project Cross-Site Request Forgery (CSRF) vulnerability in Cformsii Project Cformsii

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions.

8.8
2023-06-15 CVE-2023-35030 Liferay Cross-Site Request Forgery (CSRF) vulnerability in Liferay DXP and Liferay Portal

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

8.8
2023-06-15 CVE-2022-32752 IBM OS Command Injection vulnerability in IBM Security Directory Suite VA

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

8.8
2023-06-14 CVE-2023-25434 Libtiff Classic Buffer Overflow vulnerability in Libtiff 4.5.0

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215.

8.8
2023-06-14 CVE-2023-32031 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.8
2023-06-14 CVE-2023-32465 Dell Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability in Dell Powerprotect Cyber Recovery

Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability.

8.8
2023-06-14 CVE-2023-3233 Crmeb Server-Side Request Forgery (SSRF) vulnerability in Crmeb

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0.

8.8
2023-06-14 CVE-2023-3235 Chshcms Server-Side Request Forgery (SSRF) vulnerability in Chshcms Mccms

A vulnerability was found in mccms up to 2.6.5.

8.8
2023-06-14 CVE-2023-3236 Chshcms Server-Side Request Forgery (SSRF) vulnerability in Chshcms Mccms

A vulnerability classified as critical has been found in mccms up to 2.6.5.

8.8
2023-06-14 CVE-2023-29362 Microsoft Unspecified vulnerability in Microsoft products

Remote Desktop Client Remote Code Execution Vulnerability

8.8
2023-06-14 CVE-2023-29372 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-06-14 CVE-2023-29373 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC Driver Remote Code Execution Vulnerability

8.8
2023-06-14 CVE-2023-32009 Microsoft Unspecified vulnerability in Microsoft products

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability

8.8
2023-06-14 CVE-2023-33131 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Remote Code Execution Vulnerability

8.8
2023-06-13 CVE-2023-33817 Digitaldruid SQL Injection vulnerability in Digitaldruid Hoteldruid 3.0.5

hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability.

8.8
2023-06-13 CVE-2023-34113 Zoom Insufficient Verification of Data Authenticity vulnerability in Zoom

Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

8.8
2023-06-13 CVE-2023-34121 Zoom Unspecified vulnerability in Zoom

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

8.8
2023-06-13 CVE-2023-3214 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-06-13 CVE-2023-3215 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-06-13 CVE-2023-3216 Google
Debian
Fedoraproject
Type Confusion vulnerability in multiple products

Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-06-13 CVE-2023-3217 Google
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2023-06-13 CVE-2022-42478 Fortinet Improper Restriction of Excessive Authentication Attempts vulnerability in Fortinet Fortisiem

An Improper Restriction of Excessive Authentication Attempts [CWE-307] in FortiSIEM below 7.0.0 may allow a non-privileged user with access to several endpoints to brute force attack these endpoints.

8.8
2023-06-13 CVE-2023-25910 Siemens Code Injection vulnerability in Siemens Simatic PCS 7, Simatic S7-Pm and Simatic Step 7

A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC S7-PM (All versions), SIMATIC STEP 7 V5 (All versions < V5.7).

8.8
2023-06-13 CVE-2023-28829 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions).

8.8
2023-06-13 CVE-2023-30901 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens Q200 Firmware

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60).

8.8
2023-06-12 CVE-2023-26296 HP Command Injection vulnerability in HP Device Manager

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

8.8
2023-06-12 CVE-2023-26297 HP Command Injection vulnerability in HP Device Manager

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

8.8
2023-06-12 CVE-2023-26298 HP Command Injection vulnerability in HP Device Manager

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

8.8
2023-06-12 CVE-2023-28478 TP Link Out-of-bounds Write vulnerability in Tp-Link Ec70 Firmware

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow.

8.8
2023-06-12 CVE-2023-34334 AMI OS Command Injection vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.  

8.8
2023-06-12 CVE-2023-34336 AMI Classic Buffer Overflow vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges.  

8.8
2023-06-12 CVE-2023-34343 AMI OS Command Injection vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering.

8.8
2023-06-12 CVE-2023-34341 AMI Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering.

8.8
2023-06-12 CVE-2023-34468 Apache Code Injection vulnerability in Apache Nifi 1.11.2

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution. The resolution validates the Database URL and rejects H2 JDBC locations. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

8.8
2023-06-12 CVE-2023-3208 Roadflow SQL Injection vulnerability in Roadflow 2.13.3

A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3.

8.8
2023-06-12 CVE-2023-33253 Agilebio Unrestricted Upload of File with Dangerous Type vulnerability in Agilebio Labcollector 6.0/6.15

LabCollector 6.0 though 6.15 allows remote code execution.

8.8
2023-06-12 CVE-2023-35031 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-24036.

8.8
2023-06-12 CVE-2023-35032 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554.

8.8
2023-06-12 CVE-2023-35033 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23556.

8.8
2023-06-12 CVE-2023-35035 Atos Command Injection vulnerability in Atos products

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by authenticated users, aka OSFOURK-23557.

8.8
2023-06-14 CVE-2023-29360 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Streaming Service Elevation of Privilege Vulnerability

8.4
2023-06-16 CVE-2023-34154 Huawei Incorrect Permission Assignment for Critical Resource vulnerability in Huawei Harmonyos

Vulnerability of undefined permissions in HUAWEI VR screen projection.Successful exploitation of this vulnerability will cause third-party apps to create windows in an arbitrary way, consuming system resources.

8.2
2023-06-13 CVE-2023-2637 Rockwellautomation Use of Hard-coded Credentials vulnerability in Rockwellautomation products

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerability may allow a local, authenticated non-admin user to generate an invalid administrator cookie giving them administrative privileges to the FactoryTalk Policy Manger database.

8.2
2023-06-13 CVE-2023-33991 SAP Cross-site Scripting vulnerability in SAP UI

SAP UI5 Variant Management - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, does not sufficiently encode user-controlled inputs on reading data from the server, resulting in Stored Cross-Site Scripting (Stored XSS) vulnerability.

8.2
2023-06-15 CVE-2023-33243 Starface Use of Password Hash With Insufficient Computational Effort vulnerability in Starface

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password.

8.1
2023-06-15 CVE-2022-33163 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Security Directory Suite VA 8.0.1

IBM Security Directory Suite VA 8.0.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

8.1
2023-06-14 CVE-2023-35142 Jenkins Improper Certificate Validation vulnerability in Jenkins Checkmarx

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.

8.1
2023-06-14 CVE-2023-29351 Microsoft Unspecified vulnerability in Microsoft products

Windows Group Policy Elevation of Privilege Vulnerability

8.1
2023-06-13 CVE-2023-24546 Arista Incorrect Authorization vulnerability in Arista Cloudvision Portal

On affected versions of the CloudVision Portal improper access controls on the connection from devices to CloudVision could enable a malicious actor with network access to CloudVision to get broader access to telemetry and configuration data within the system than intended.

8.1
2023-06-13 CVE-2023-32548 Kingsoft OS Command Injection vulnerability in Kingsoft WPS Office 10.8.0.6186

OS command injection vulnerability exists in WPS Office version 10.8.0.6186.

8.1
2023-06-13 CVE-2023-0142 Synology Unspecified vulnerability in Synology products

Uncontrolled search path element vulnerability in Backup Management Functionality in Synology DiskStation Manager (DSM) before 7.1-42661 allows remote authenticated users to read or write arbitrary files via unspecified vectors.

8.1
2023-06-16 CVE-2022-48330 Huawei Out-of-bounds Write vulnerability in Huawei Flmg-10 Firmware 10.0.1.0

A Huawei sound box product has an out-of-bounds write vulnerability.

8.0
2023-06-14 CVE-2023-28310 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.0
2023-06-14 CVE-2023-35141 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins

In Jenkins 2.399 and earlier, LTS 2.387.3 and earlier, POST requests are sent in order to load the list of context actions.

8.0
2023-06-17 CVE-2023-28287 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Publisher Remote Code Execution Vulnerability

7.8
2023-06-17 CVE-2023-28295 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Publisher Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-30905 HPE Unspecified vulnerability in HPE products

The MC990 X and UV300 RMC component has and inadequate default configuration that could be exploited to obtain enhanced privilege.

7.8
2023-06-16 CVE-2023-35788 Linux
Debian
Netapp
Canonical
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7.

7.8
2023-06-16 CVE-2023-25185 Nokia Improper Privilege Management vulnerability in Nokia Asika Airscale Firmware

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.

7.8
2023-06-16 CVE-2023-25188 Nokia Improper Privilege Management vulnerability in Nokia Asika Airscale Firmware

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.

7.8
2023-06-16 CVE-2023-34795 Xlsxio Project Use After Free vulnerability in Xlsxio Project Xlsxio

xlsxio v0.1.2 to v0.2.34 was discovered to contain a free of uninitialized pointer in the xlsxioread_sheetlist_close() function.

7.8
2023-06-16 CVE-2023-29349 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-29356 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-32025 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-32026 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-32027 Microsoft Unspecified vulnerability in Microsoft Odbc Driver for SQL Server and SQL Server

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8
2023-06-16 CVE-2023-32028 Microsoft Unspecified vulnerability in Microsoft OLE DB Driver for SQL Server and SQL Server

Microsoft SQL OLE DB Remote Code Execution Vulnerability

7.8
2023-06-15 CVE-2023-24032 Zimbra Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

7.8
2023-06-15 CVE-2023-21120 Google Improper Locking vulnerability in Google Android

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking.

7.8
2023-06-15 CVE-2023-21121 Google Improper Input Validation vulnerability in Google Android 11.0/12.0

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation.

7.8
2023-06-15 CVE-2023-21122 Google Missing Authorization vulnerability in Google Android

In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check.

7.8
2023-06-15 CVE-2023-21123 Google Missing Authorization vulnerability in Google Android

In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check.

7.8
2023-06-15 CVE-2023-21124 Google Deserialization of Untrusted Data vulnerability in Google Android

In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization.

7.8
2023-06-15 CVE-2023-21126 Google Unspecified vulnerability in Google Android 13.0

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent.

7.8
2023-06-15 CVE-2023-21128 Google Unspecified vulnerability in Google Android

In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code.

7.8
2023-06-15 CVE-2023-21129 Google Unspecified vulnerability in Google Android

In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass.

7.8
2023-06-15 CVE-2023-21131 Google Unspecified vulnerability in Google Android

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code.

7.8
2023-06-15 CVE-2023-21135 Google Improper Input Validation vulnerability in Google Android

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation.

7.8
2023-06-15 CVE-2023-21138 Google Improper Input Validation vulnerability in Google Android

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation.

7.8
2023-06-15 CVE-2023-21139 Google Unspecified vulnerability in Google Android 13.0

In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent.

7.8
2023-06-15 CVE-2023-21618 Adobe Access of Uninitialized Pointer vulnerability in Adobe Substance 3D Designer

Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-06-15 CVE-2023-29321 Adobe Use After Free vulnerability in Adobe Animate

Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-06-15 CVE-2023-2847 Eset Improper Privilege Management vulnerability in Eset Cyber Security, Endpoint Antivirus and Server Security

During internal security analysis, a local privilege escalation vulnerability has been identified.

7.8
2023-06-15 CVE-2023-2270 Netskope Path Traversal vulnerability in Netskope

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands.

7.8
2023-06-15 CVE-2022-22307 IBM Incorrect Authorization vulnerability in IBM Security Guardium 11.3/11.4/11.5

IBM Security Guardium 11.3, 11.4, and 11.5 could allow a local user to obtain elevated privileges due to incorrect authorization checks.

7.8
2023-06-14 CVE-2023-26062 Nokia Improper Privilege Management vulnerability in Nokia web Element Manager

A mobile network solution internal fault is found in Nokia Web Element Manager before 22 R1, in which an authenticated, unprivileged user can execute administrative functions.

7.8
2023-06-14 CVE-2022-31644 HP Unspecified vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-14 CVE-2022-31645 HP Unspecified vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-14 CVE-2022-31646 HP Unspecified vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-14 CVE-2023-0009 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Globalprotect

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

7.8
2023-06-14 CVE-2023-24895 Microsoft Unspecified vulnerability in Microsoft .Net, .Net Framework and Visual Studio 2022

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-24897 Microsoft Unspecified vulnerability in Microsoft products

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-29326 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET Framework Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-1049 Schneider Electric Code Injection vulnerability in Schneider-Electric products

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI.

7.8
2023-06-14 CVE-2023-2569 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services

A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.

7.8
2023-06-14 CVE-2023-2570 Schneider Electric Improper Validation of Array Index vulnerability in Schneider-Electric Ecostruxure Foxboro DCS Control Core Services

A CWE-129: Improper Validation of Array Index vulnerability exists that could cause local denial-of-service, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an unpredictable index to an IOCTL call in the Foxboro.sys driver.

7.8
2023-06-14 CVE-2023-3001 Schneider Electric Deserialization of Untrusted Data vulnerability in Schneider-Electric Igss Dashboard

A CWE-502: Deserialization of Untrusted Data vulnerability exists in the Dashboard module that could cause an interpretation of malicious payload data, potentially leading to remote code execution when an attacker gets the user to open a malicious file.

7.8
2023-06-14 CVE-2023-29346 Microsoft Unspecified vulnerability in Microsoft products

NTFS Elevation of Privilege Vulnerability

7.8
2023-06-14 CVE-2023-29358 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability

7.8
2023-06-14 CVE-2023-29359 Microsoft Unspecified vulnerability in Microsoft products

GDI Elevation of Privilege Vulnerability

7.8
2023-06-14 CVE-2023-29365 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-29366 Microsoft Unspecified vulnerability in Microsoft products

Windows Geolocation Service Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-29367 Microsoft Unspecified vulnerability in Microsoft products

iSCSI Target WMI Provider Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-29370 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-29371 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI Elevation of Privilege Vulnerability

7.8
2023-06-14 CVE-2023-32008 Microsoft Unspecified vulnerability in Microsoft products

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-32012 Microsoft Unspecified vulnerability in Microsoft products

Windows Container Manager Service Elevation of Privilege Vulnerability

7.8
2023-06-14 CVE-2023-32017 Microsoft Unspecified vulnerability in Microsoft products

Microsoft PostScript Printer Driver Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-32018 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows Hello Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-32029 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-33133 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-33137 Microsoft Unspecified vulnerability in Microsoft Office and Office Online Server

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-06-14 CVE-2023-33146 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2023-06-13 CVE-2023-34120 Zoom Unspecified vulnerability in Zoom Virtual Desktop Infrastructure

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

7.8
2023-06-13 CVE-2023-34122 Zoom Unspecified vulnerability in Zoom

Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.

7.8
2023-06-13 CVE-2022-31635 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-13 CVE-2022-31636 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-13 CVE-2022-31637 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-13 CVE-2022-31638 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-13 CVE-2022-31639 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential time-of-check to time-of-use (TOCTOU) vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.8
2023-06-13 CVE-2023-29160 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Frenic RHC Loader

Stack-based buffer overflow vulnerability exists in FRENIC RHC Loader v1.1.0.3.

7.8
2023-06-13 CVE-2023-29167 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Frenic RHC Loader

Out-of-bound reads vulnerability exists in FRENIC RHC Loader v1.1.0.3.

7.8
2023-06-13 CVE-2022-43953 Fortinet Use of Externally-Controlled Format String vulnerability in Fortinet Fortios and Fortiproxy

A use of externally-controlled format string in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS all versions 7.0, FortiOS all versions 6.4, FortiOS all versions 6.2, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7 allows attacker to execute unauthorized code or commands via specially crafted commands.

7.8
2023-06-13 CVE-2023-22639 Fortinet Out-of-bounds Write vulnerability in Fortinet Fortios and Fortiproxy

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.2, FortiProxy version 7.0.0 through 7.0.8, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows attacker to escalation of privilege via specifically crafted commands.

7.8
2023-06-13 CVE-2023-26210 Fortinet OS Command Injection vulnerability in Fortinet Fortiadc

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] in Fortinet FortiADCManager version 7.1.0 and before 7.0.0, FortiADC version 7.2.0 and before 7.1.2 allows a local authenticated attacker to execute arbitrary shell code as `root` user via crafted CLI requests.

7.8
2023-06-13 CVE-2023-28000 Fortinet OS Command Injection vulnerability in Fortinet Fortiadc

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may allow a local and authenticated attacker to execute unauthorized commands via specifically crafted arguments in diagnose system df CLI command.

7.8
2023-06-13 CVE-2023-30897 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Wincc

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13).

7.8
2023-06-13 CVE-2023-33123 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3).

7.8
2023-06-13 CVE-2023-33124 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3).

7.8
2023-06-12 CVE-2023-26294 HP Command Injection vulnerability in HP Device Manager

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

7.8
2023-06-12 CVE-2023-32221 Easeus Unspecified vulnerability in Easeus Todo Backup 20220111.390

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.

7.8
2023-06-12 CVE-2022-43777 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

7.8
2023-06-12 CVE-2022-43778 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

7.8
2023-06-12 CVE-2022-27539 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

7.8
2023-06-12 CVE-2022-27541 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.

7.8
2023-06-12 CVE-2023-34488 Emqx Out-of-bounds Write vulnerability in Emqx Nanomq 0.17.5

NanoMQ 0.17.5 is vulnerable to heap-buffer-overflow in the conn_handler function of mqtt_parser.c when it processes malformed messages.

7.8
2023-06-16 CVE-2023-25645 ZTE Incorrect Default Permissions vulnerability in ZTE products

There is a permission and access control vulnerability in some ZTE AndroidTV STBs.

7.7
2023-06-15 CVE-2023-28175 Bosch Incorrect Authorization vulnerability in Bosch products

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request.

7.7
2023-06-13 CVE-2023-28602 Zoom Improper Verification of Cryptographic Signature vulnerability in Zoom

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability.

7.7
2023-06-14 CVE-2023-32022 Microsoft Unspecified vulnerability in Microsoft products

Windows Server Service Security Feature Bypass Vulnerability

7.6
2023-06-18 CVE-2023-3305 Cdatatec Improper Access Control vulnerability in Cdatatec web Management System 20230607

A vulnerability was found in C-DATA Web Management System up to 20230607.

7.5
2023-06-16 CVE-2023-35790 Libjxl Project Integer Underflow (Wrap or Wraparound) vulnerability in Libjxl Project Libjxl

An issue was discovered in dec_patch_dictionary.cc in libjxl before 0.8.2.

7.5
2023-06-16 CVE-2023-34645 Jflyfox Files or Directories Accessible to External Parties vulnerability in Jflyfox Jfinal CMS 5.1.0

jfinal CMS 5.1.0 has an arbitrary file read vulnerability.

7.5
2023-06-16 CVE-2023-24243 Cdata Server-Side Request Forgery (SSRF) vulnerability in Cdata ARC

CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).

7.5
2023-06-16 CVE-2023-30222 4D Improper Certificate Validation vulnerability in 4D Server 17/18/19

An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping.

7.5
2023-06-16 CVE-2023-30223 4D Improper Authentication vulnerability in 4D Server 17/18/19

A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions.

7.5
2023-06-16 CVE-2022-48471 Huawei Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a misinterpretation of input vulnerability in Huawei Printer.

7.5
2023-06-16 CVE-2022-48473 Huawei Interpretation Conflict vulnerability in Huawei Bisheng-Wnm Firmware 3.0.0.325

There is a misinterpretation of input vulnerability in Huawei Printer.

7.5
2023-06-15 CVE-2023-23841 Solarwinds Cleartext Transmission of Sensitive Information vulnerability in Solarwinds Serv-U

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. 

7.5
2023-06-15 CVE-2023-21144 Google Unspecified vulnerability in Google Android

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations.

7.5
2023-06-15 CVE-2023-22248 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

7.5
2023-06-15 CVE-2023-28809 Hikvision Session Fixation vulnerability in Hikvision products

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in.

7.5
2023-06-15 CVE-2023-34455 Xerial Allocation of Resources Without Limits or Throttling vulnerability in Xerial Snappy-Java

snappy-java is a fast compressor/decompressor for Java.

7.5
2023-06-15 CVE-2023-34453 Xerial Integer Overflow or Wraparound vulnerability in Xerial Snappy-Java

snappy-java is a fast compressor/decompressor for Java.

7.5
2023-06-15 CVE-2023-34454 Xerial Integer Overflow or Wraparound vulnerability in Xerial Snappy-Java

snappy-java is a fast compressor/decompressor for Java.

7.5
2023-06-15 CVE-2023-3276 Dromara XXE vulnerability in Dromara Hutool

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19.

7.5
2023-06-15 CVE-2022-32757 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Directory Suite VA

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

7.5
2023-06-15 CVE-2022-33168 IBM Resource Exhaustion vulnerability in IBM Security Directory Suite VA 8.0.1

IBM Security Directory Suite VA 8.0.1 could allow an attacker to cause a denial of service due to uncontrolled resource consumption.

7.5
2023-06-15 CVE-2023-25683 IBM Unspecified vulnerability in IBM Powervm Hypervisor

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if they gain service access to the HMC.

7.5
2023-06-14 CVE-2023-25368 Siglent Unspecified vulnerability in Siglent products

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control.

7.5
2023-06-14 CVE-2023-25369 Siglent Unspecified vulnerability in Siglent products

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.

7.5
2023-06-14 CVE-2023-30082 Enhancesoft Improper Validation of Specified Quantity in Input vulnerability in Enhancesoft Osticket 1.17.2

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application.

7.5
2023-06-14 CVE-2023-34867 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c.

7.5
2023-06-14 CVE-2023-34868 Jerryscript Reachable Assertion vulnerability in Jerryscript 3.0.0

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c.

7.5
2023-06-14 CVE-2023-24936 Microsoft Unspecified vulnerability in Microsoft .Net and .Net Framework

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

7.5
2023-06-14 CVE-2023-29331 Microsoft Unspecified vulnerability in Microsoft .Net and .Net Framework

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

7.5
2023-06-14 CVE-2023-32030 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET and Visual Studio Denial of Service Vulnerability

7.5
2023-06-14 CVE-2023-34609 Flexjson Project Out-of-bounds Write vulnerability in Flexjson Project Flexjson

An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34610 Json IO Project Out-of-bounds Write vulnerability in Json-Io Project Json-Io

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34611 Mjson Project Out-of-bounds Write vulnerability in Mjson Project Mjson

An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34612 PH Json Project Out-of-bounds Write vulnerability in Ph-Json Project Ph-Json

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34613 Sojo Project Out-of-bounds Write vulnerability in Sojo Project Sojo

An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34614 Jsonij Project Out-of-bounds Write vulnerability in Jsonij Project Jsonij

An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34615 Pwall Out-of-bounds Write vulnerability in Pwall Jsonutil

An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34616 Pbjson Project Out-of-bounds Write vulnerability in Pbjson Project Pbjson

An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34617 Genson Project Out-of-bounds Write vulnerability in Genson Project Genson

An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34620 Hjson Project Out-of-bounds Write vulnerability in Hjson Project Hjson

An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34623 Jtidy Project Out-of-bounds Write vulnerability in Jtidy Project Jtidy

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34624 Htmlcleaner Project Out-of-bounds Write vulnerability in Htmlcleaner Project Htmlcleaner

An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-34878 Ujcms Unspecified vulnerability in Ujcms 6.0.2

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip.

7.5
2023-06-14 CVE-2023-35110 Jjson Project Out-of-bounds Write vulnerability in Jjson Project Jjson

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

7.5
2023-06-14 CVE-2023-3036 Cloudflare Out-of-bounds Read vulnerability in Cloudflare Cfnts

An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.

7.5
2023-06-14 CVE-2023-3040 Cloudflare Out-of-bounds Read vulnerability in Cloudflare Lua-Resty-Json

A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data.

7.5
2023-06-14 CVE-2023-3239 Otcms Path Traversal: '../filedir' vulnerability in Otcms

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62.

7.5
2023-06-14 CVE-2023-3241 Otcms Path Traversal vulnerability in Otcms

A vulnerability was found in OTCMS up to 6.62 and classified as problematic.

7.5
2023-06-14 CVE-2022-47184 Apache
Debian
Information Exposure vulnerability in multiple products

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: 8.0.0 to 9.2.0.

7.5
2023-06-14 CVE-2023-30631 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.  The configuration option proxy.config.http.push_method_enabled didn't function.  However, by default the PUSH method is blocked in the ip_allow configuration file.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

7.5
2023-06-14 CVE-2023-33933 Apache Information Exposure vulnerability in Apache Traffic Server

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

7.5
2023-06-14 CVE-2023-34000 Woocommerce Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Stripe Payment Gateway

Unauth.

7.5
2023-06-14 CVE-2023-34396 Apache Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater

7.5
2023-06-14 CVE-2023-3230 Fossbilling Missing Authorization vulnerability in Fossbilling

Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0.

7.5
2023-06-14 CVE-2023-32011 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Discovery Service Denial of Service Vulnerability

7.5
2023-06-13 CVE-2023-2778 Rockwellautomation Resource Exhaustion vulnerability in Rockwellautomation Factorytalk Transaction Manager

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager.

7.5
2023-06-13 CVE-2023-1707 HP Unspecified vulnerability in HP Futuresmart 5 5.3

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.

7.5
2023-06-13 CVE-2023-33568 Dolibarr Files or Directories Accessible to External Parties vulnerability in Dolibarr Erp/Crm 16.0.0/16.0.1/16.0.2

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.

7.5
2023-06-13 CVE-2023-31196 Inaba Missing Authentication for Critical Function vulnerability in Inaba products

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products.

7.5
2023-06-13 CVE-2022-43949 Fortinet Use of a Broken or Risky Cryptographic Algorithm vulnerability in Fortinet Fortisiem

A use of a broken or risky cryptographic algorithm [CWE-327] in Fortinet FortiSIEM before 6.7.1 allows a remote unauthenticated attacker to perform brute force attacks on GUI endpoints via taking advantage of outdated hashing methods.

7.5
2023-06-13 CVE-2023-22633 Fortinet Unspecified vulnerability in Fortinet Fortinac and Fortinac-F

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation.

7.5
2023-06-13 CVE-2023-2729 Synology Unspecified vulnerability in Synology products

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via unspecified vectors.

7.5
2023-06-12 CVE-2023-32219 Mazda Unspecified vulnerability in Mazda Firmware

A Mazda model (2015-2016) can be unlocked via an unspecified method.

7.5
2023-06-12 CVE-2023-1897 Atlascopco Cleartext Storage of Sensitive Information vulnerability in Atlascopco Power Focus 6000 Firmware

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller.

7.5
2023-06-12 CVE-2023-1898 Atlascopco Use of Insufficiently Random Values vulnerability in Atlascopco Power Focus 6000 Firmware

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers.

7.5
2023-06-12 CVE-2023-1899 Atlascopco Unspecified vulnerability in Atlascopco Power Focus 6000 Firmware

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller.

7.5
2023-06-12 CVE-2023-34940 Asus Out-of-bounds Write vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html.

7.5
2023-06-12 CVE-2023-34942 Asus Out-of-bounds Write vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html.

7.5
2023-06-12 CVE-2022-36331 Westerndigital Authentication Bypass by Spoofing vulnerability in Westerndigital products

Western Digital My Cloud, My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices were vulnerable to an impersonation attack that could allow an unauthenticated attacker to gain access to user data. This issue affects My Cloud OS 5 devices: before 5.25.132; My Cloud Home and My Cloud Home Duo: before 8.13.1-102; SanDisk ibi: before 8.13.1-102.

7.5
2023-06-12 CVE-2023-30198 Webbax Path Traversal vulnerability in Webbax Winbizpayment

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php.

7.5
2023-06-12 CVE-2023-34105 Ossrs Command Injection vulnerability in Ossrs Simple Realtime Server

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181.

7.5
2023-06-12 CVE-2023-35053 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms

7.5
2023-06-12 CVE-2023-3206 Feiyuxing Command Injection vulnerability in Feiyuxing Vec40G Firmware 3.0

A vulnerability classified as problematic was found in Chengdu VEC40G 3.0.

7.5
2023-06-12 CVE-2023-34494 Emqx Use After Free vulnerability in Emqx Nanomq 0.16.5

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.

7.5
2023-06-12 CVE-2023-33290 GIT URL Parse Project Unspecified vulnerability in Git-Url-Parse Project Git-Url-Parse

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python).

7.5
2023-06-14 CVE-2023-33126 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Remote Code Execution Vulnerability

7.3
2023-06-14 CVE-2023-33128 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Remote Code Execution Vulnerability

7.3
2023-06-14 CVE-2023-33130 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Spoofing Vulnerability

7.3
2023-06-14 CVE-2023-33135 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Elevation of Privilege Vulnerability

7.3
2023-06-13 CVE-2022-47376 BD Insufficiently Protected Credentials vulnerability in BD Alaris Infusion Central

The Alaris Infusion Central software, versions 1.1 to 1.3.2, may contain a recoverable password after the installation.

7.3
2023-06-17 CVE-2023-35810 Sugarcrm Injection vulnerability in Sugarcrm 11.0.0/12.0.0

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3.

7.2
2023-06-15 CVE-2023-29297 Adobe Unspecified vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.

7.2
2023-06-15 CVE-2022-33166 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Directory Suite VA

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment.

7.2
2023-06-14 CVE-2023-34253 Getgrav Code Injection vulnerability in Getgrav Grav

Grav is a flat-file content management system.

7.2
2023-06-14 CVE-2023-34448 Getgrav Code Injection vulnerability in Getgrav Grav

Grav is a flat-file content management system.

7.2
2023-06-14 CVE-2023-34251 Getgrav Code Injection vulnerability in Getgrav Grav

Grav is a flat-file content management system.

7.2
2023-06-14 CVE-2023-34252 Getgrav Code Injection vulnerability in Getgrav Grav

Grav is a flat-file content management system.

7.2
2023-06-13 CVE-2023-30179 Craftcms Code Injection vulnerability in Craftcms Craft CMS 3.7.59

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI).

7.2
2023-06-13 CVE-2023-31198 Inaba OS Command Injection vulnerability in Inaba products

OS command injection vulnerability exists in Wi-Fi AP UNIT allows.

7.2
2023-06-13 CVE-2022-39946 Fortinet Unspecified vulnerability in Fortinet Fortinac

An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.

7.2
2023-06-13 CVE-2023-33919 Siemens Command Injection vulnerability in Siemens Cpci85 Firmware

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05).

7.2
2023-06-12 CVE-2022-38156 Kratosdefense Command Injection vulnerability in Kratosdefense Spectralnet Narrowband Firmware

A remote command injection issues exists in the web server of the Kratos SpectralNet device with SpectralNet Narrowband (NB) before 1.7.5.

7.2
2023-06-16 CVE-2023-3268 Linux
Debian
Out-of-bounds Read vulnerability in multiple products

An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs.

7.1
2023-06-14 CVE-2023-2976 Google Files or Directories Accessible to External Parties vulnerability in Google Guava

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

7.1
2023-06-14 CVE-2023-29337 Microsoft Unspecified vulnerability in Microsoft Nuget

NuGet Client Remote Code Execution Vulnerability

7.1
2023-06-14 CVE-2023-21565 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2020.1.2/2022/2022.0.1

Azure DevOps Server Spoofing Vulnerability

7.1
2023-06-14 CVE-2023-32021 Microsoft Unspecified vulnerability in Microsoft products

Windows SMB Witness Service Security Feature Bypass Vulnerability

7.1
2023-06-13 CVE-2023-28603 Zoom Unspecified vulnerability in Zoom Virtual Desktop Infrastructure

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability.

7.1
2023-06-13 CVE-2023-33695 Hutool Incorrect Permission Assignment for Critical Resource vulnerability in Hutool

Hutool v5.8.17 and below was discovered to contain an information disclosure vulnerability via the File.createTempFile() function at /core/io/FileUtil.java.

7.1
2023-06-18 CVE-2023-35823 Linux
Debian
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.2.

7.0
2023-06-18 CVE-2023-35824 Linux
Debian
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.2.

7.0
2023-06-18 CVE-2023-35826 Linux
Netapp
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.2.

7.0
2023-06-18 CVE-2023-35827 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel through 6.3.8.

7.0
2023-06-18 CVE-2023-35828 Linux
Netapp
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.2.

7.0
2023-06-18 CVE-2023-35829 Linux
Netapp
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.2.

7.0
2023-06-16 CVE-2023-25187 Nokia Use of Hard-coded Credentials vulnerability in Nokia Asika Airscale Firmware

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.

7.0
2023-06-15 CVE-2023-21101 Google Use After Free vulnerability in Google Android

In multiple functions of WVDrmPlugin.cpp, there is a possible use after free due to a race condition.

7.0
2023-06-15 CVE-2022-4149 Netskope Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Netskope

The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user.

7.0
2023-06-14 CVE-2022-31640 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.0
2023-06-14 CVE-2022-31641 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.0
2023-06-14 CVE-2022-31642 HP Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in HP products

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure.

7.0
2023-06-14 CVE-2023-29361 Microsoft Unspecified vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.0
2023-06-14 CVE-2023-29364 Microsoft Unspecified vulnerability in Microsoft products

Windows Authentication Elevation of Privilege Vulnerability

7.0
2023-06-14 CVE-2023-29368 Microsoft Unspecified vulnerability in Microsoft products

Windows Filtering Platform Elevation of Privilege Vulnerability

7.0
2023-06-14 CVE-2023-32010 Microsoft Unspecified vulnerability in Microsoft Windows 11 22H2

Windows Bus Filter Driver Elevation of Privilege Vulnerability

7.0

220 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-16 CVE-2023-34733 VW Improper Check for Unusual or Exceptional Conditions vulnerability in VW Discover Media Infotainment System 0876

A lack of exception handling in the Volkswagen Discover Media Infotainment System Software Version 0876 allows attackers to cause a Denial of Service (DoS) via supplying crafted media files when connecting a device to the vehicle's USB plug and play feature.

6.8
2023-06-14 CVE-2023-2820 Proofpoint Exposure of Resource to Wrong Sphere vulnerability in Proofpoint Threat Response Auto Pull

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic.

6.8
2023-06-13 CVE-2023-33920 Siemens Use of Hard-coded Credentials vulnerability in Siemens Cpci85 Firmware

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05).

6.8
2023-06-13 CVE-2023-33921 Siemens Unspecified vulnerability in Siemens Cpci85 Firmware

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05).

6.8
2023-06-12 CVE-2023-3159 Linux Use After Free vulnerability in Linux Kernel

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel.

6.7
2023-06-14 CVE-2023-33144 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

Visual Studio Code Spoofing Vulnerability

6.6
2023-06-16 CVE-2023-34660 Jeecg Unrestricted Upload of File with Dangerous Type vulnerability in Jeecg Boot 3.5.0/3.5.1

jjeecg-boot V3.5.0 has an unauthorized arbitrary file upload in /jeecg-boot/jmreport/upload interface.

6.5
2023-06-16 CVE-2022-48469 Huawei Authentication Bypass by Spoofing vulnerability in Huawei B535-232A Firmware 2.0.0.1

There is a traffic hijacking vulnerability in Huawei routers.

6.5
2023-06-16 CVE-2023-20885 Pivotal Information Exposure Through Log Files vulnerability in Pivotal products

Vulnerability in Cloud Foundry Notifications, Cloud Foundry SMB-volume release, Cloud FOundry cf-nfs-volume release.This issue affects Notifications: All versions prior to 63; SMB-volume release: All versions prior to 3.1.19; cf-nfs-volume release: 5.0.X versions prior to 5.0.27, 7.1.X versions prior to 7.1.19.

6.5
2023-06-16 CVE-2023-2792 Mattermost Unspecified vulnerability in Mattermost

Mattermost fails to sanitize ephemeral error messages, allowing an attacker to obtain arbitrary message contents by a specially crafted /groupmsg command.

6.5
2023-06-16 CVE-2023-2793 Mattermost Resource Exhaustion vulnerability in Mattermost

Mattermost fails to validate links on external websites when constructing a preview for a linked website, allowing an attacker to cause a denial-of-service by a linking to a specially crafted webpage in a message.

6.5
2023-06-16 CVE-2023-2797 Mattermost Injection vulnerability in Mattermost

Mattermost fails to sanitize code permalinks, allowing an attacker to preview code from private repositories by posting a specially crafted permalink on a channel.

6.5
2023-06-16 CVE-2023-2831 Mattermost Resource Exhaustion vulnerability in Mattermost

Mattermost fails to unescape Markdown strings in a memory-efficient way, allowing an attacker to cause a Denial of Service by sending a message containing a large number of escaped characters.

6.5
2023-06-16 CVE-2023-33306 Fortinet NULL Pointer Dereference vulnerability in Fortinet Fortios and Fortiproxy

A null pointer dereference in Fortinet FortiOS before 7.2.5, before 7.0.11 and before 6.4.13, FortiProxy before 7.2.4 and before 7.0.10 allows attacker to denial of sslvpn service via specifically crafted request in bookmark parameter.

6.5
2023-06-16 CVE-2023-33307 Fortinet NULL Pointer Dereference vulnerability in Fortinet Fortios and Fortiproxy

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.

6.5
2023-06-16 CVE-2023-2784 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost fails to verify if the requestor is a sysadmin or not, before allowing `install` requests to the Apps allowing a regular user send install requests to the Apps.

6.5
2023-06-16 CVE-2023-2787 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost fails to check channel membership when accessing message threads, allowing an attacker to access arbitrary posts by using the message threads API.

6.5
2023-06-16 CVE-2023-2788 Mattermost Insufficient Session Expiration vulnerability in Mattermost

Mattermost fails to check if an admin user account active after an oauth2 flow is started, allowing an attacker with admin privileges to retain persistent access to Mattermost by obtaining an oauth2 access token while the attacker's account is deactivated.

6.5
2023-06-16 CVE-2023-34157 Huawei Unspecified vulnerability in Huawei Harmonyos

Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app.

6.5
2023-06-15 CVE-2023-2683 Silabs Resource Exhaustion vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 5.0.0/5.1.0/5.1.1

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail.

6.5
2023-06-15 CVE-2023-29289 Adobe XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability.

6.5
2023-06-15 CVE-2023-32229 Bosch Resource Exhaustion vulnerability in Bosch Cpp13 Firmware and Cpp14 Firmware

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option (signing of the video stream) with option MD5, SHA-1 or SHA-256.

6.5
2023-06-15 CVE-2022-33159 IBM Cleartext Storage of Sensitive Information vulnerability in IBM Security Directory Suite VA

IBM Security Directory Suite VA 8.0.1 through 8.0.1.19 stores user credentials in plain clear text which can be read by an authenticated user.

6.5
2023-06-14 CVE-2023-34367 Microsoft Improper Authentication vulnerability in Microsoft Windows 7

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack.

6.5
2023-06-14 CVE-2023-35147 Jenkins Incorrect Permission Assignment for Critical Resource vulnerability in Jenkins AWS Codecommit Trigger

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the contents of arbitrary files on the Jenkins controller file system.

6.5
2023-06-14 CVE-2023-35148 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Digital.Ai APP Management Publisher

A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

6.5
2023-06-14 CVE-2023-35149 Jenkins Missing Authorization vulnerability in Jenkins Digital.Ai APP Management Publisher

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing credentials stored in Jenkins.

6.5
2023-06-14 CVE-2023-3240 Otcms Path Traversal: '../filedir' vulnerability in Otcms

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic.

6.5
2023-06-14 CVE-2023-34149 Apache Allocation of Resources Without Limits or Throttling vulnerability in Apache Struts

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.This issue affects Apache Struts: through 2.5.30, through 6.1.2. Upgrade to Struts 2.5.31 or 6.1.2.1 or greater.

6.5
2023-06-14 CVE-2023-3229 Fossbilling Business Logic Errors vulnerability in Fossbilling

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

6.5
2023-06-14 CVE-2023-3231 Ujcms Unspecified vulnerability in Ujcms

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic.

6.5
2023-06-14 CVE-2023-24937 Microsoft Unspecified vulnerability in Microsoft products

Windows CryptoAPI Denial of Service Vulnerability

6.5
2023-06-14 CVE-2023-24938 Microsoft Unspecified vulnerability in Microsoft products

Windows CryptoAPI Denial of Service Vulnerability

6.5
2023-06-14 CVE-2023-29352 Microsoft Unspecified vulnerability in Microsoft products

Windows Remote Desktop Security Feature Bypass Vulnerability

6.5
2023-06-14 CVE-2023-29369 Microsoft Unspecified vulnerability in Microsoft products

Remote Procedure Call Runtime Denial of Service Vulnerability

6.5
2023-06-14 CVE-2023-32032 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Elevation of Privilege Vulnerability

6.5
2023-06-14 CVE-2023-33129 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Denial of Service Vulnerability

6.5
2023-06-14 CVE-2023-33140 Microsoft Unspecified vulnerability in Microsoft Onenote

Microsoft OneNote Spoofing Vulnerability

6.5
2023-06-14 CVE-2023-33142 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Elevation of Privilege Vulnerability

6.5
2023-06-14 CVE-2023-33145 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

6.5
2023-06-13 CVE-2022-43684 Servicenow Exposure of Resource to Wrong Sphere vulnerability in Servicenow

ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.

6.5
2023-06-13 CVE-2023-34114 Zoom Exposure of Resource to Wrong Sphere vulnerability in Zoom

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

6.5
2023-06-13 CVE-2023-28601 Zoom Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Zoom

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability.

6.5
2023-06-13 CVE-2023-28598 Zoom Injection vulnerability in Zoom

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability.

6.5
2023-06-13 CVE-2023-25609 Fortinet Server-Side Request Forgery (SSRF) vulnerability in Fortinet Fortianalyzer and Fortimanager

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated attacker to access unauthorized files and services on the system via specially crafted web requests.

6.5
2023-06-13 CVE-2023-26207 Fortinet Information Exposure Through Log Files vulnerability in Fortinet Fortios and Fortiproxy

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10.

6.5
2023-06-13 CVE-2023-33305 Fortinet Infinite Loop vulnerability in Fortinet Fortios and Fortiproxy

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions, FortiOS 6.0 all versions, FortiProxy version 7.2.0 through 7.2.3, FortiProxy version 7.0.0 through 7.0.9, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1 all versions, FortiProxy 1.0 all versions, FortiWeb version 7.2.0 through 7.2.1, FortiWeb version 7.0.0 through 7.0.6, FortiWeb 6.4 all versions, FortiWeb 6.3 all versions allows attacker to perform a denial of service via specially crafted HTTP requests.

6.5
2023-06-12 CVE-2023-34246 Doorkeeper Project Improper Authentication vulnerability in Doorkeeper Project Doorkeeper

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.

6.5
2023-06-12 CVE-2023-34345 AMI Path Traversal vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure.

6.5
2023-06-12 CVE-2023-34212 Apache Deserialization of Untrusted Data vulnerability in Apache Nifi

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location. The resolution validates the JNDI URL and restricts locations to a set of allowed schemes. You are recommended to upgrade to version 1.22.0 or later which fixes this issue.

6.5
2023-06-14 CVE-2023-33132 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Spoofing Vulnerability

6.3
2023-06-16 CVE-2023-35783 Faceted Search Project Cross-site Scripting vulnerability in Faceted Search Project Faceted Search

The ke_search (aka Faceted Search) extension before 4.0.3, 4.1.x through 4.6.x before 4.6.6, and 5.x before 5.0.2 for TYPO3 allows XSS via indexed data.

6.1
2023-06-16 CVE-2023-3294 Saleor Cross-site Scripting vulnerability in Saleor React-Storefront

Cross-site Scripting (XSS) - DOM in GitHub repository saleor/react-storefront prior to c29aab226f07ca980cc19787dcef101e11b83ef7.

6.1
2023-06-16 CVE-2023-27420 Everestthemes Cross-site Scripting vulnerability in Everestthemes Arya Multipurpose

Unauth.

6.1
2023-06-15 CVE-2023-24030 Zimbra Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15.

6.1
2023-06-15 CVE-2023-24031 Zimbra Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15.

6.1
2023-06-15 CVE-2023-34833 Thinkadmin Unrestricted Upload of File with Dangerous Type vulnerability in Thinkadmin 6.0

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file.

6.1
2023-06-15 CVE-2023-34666 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Cyber Cafe Management System 1.0

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.

6.1
2023-06-15 CVE-2023-24420 Zestard Cross-site Scripting vulnerability in Zestard Admin Side Data Storage for Contact Form 7 1.0.0/1.1.0/1.1.1

Unauth.

6.1
2023-06-15 CVE-2023-35029 Liferay Open Redirect vulnerability in Liferay DXP and Liferay Portal

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

6.1
2023-06-15 CVE-2023-3193 Liferay Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

6.1
2023-06-14 CVE-2023-34452 Getgrav Cross-site Scripting vulnerability in Getgrav Grav

Grav is a flat-file content management system.

6.1
2023-06-14 CVE-2020-22402 Alinto Cross-site Scripting vulnerability in Alinto Sogo web Mail

Cross Site Scripting (XSS) vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing malicious code.

6.1
2023-06-14 CVE-2021-31280 Tp5Cms Project Cross-site Scripting vulnerability in Tp5Cms Project Tp5Cms 20170315/20170525

An issue was discovered in tp5cms through 2017-05-25.

6.1
2023-06-14 CVE-2023-3189 Online School Fees System Project Cross-site Scripting vulnerability in Online School Fees System Project Online School Fees System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0.

6.1
2023-06-13 CVE-2023-24469 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Logger

Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0

6.1
2023-06-13 CVE-2022-42880 Auto Upload Images Project Cross-Site Request Forgery (CSRF) vulnerability in Auto Upload Images Project Auto Upload Images

Cross-Site Request Forgery (CSRF) vulnerability in Ali Irani Auto Upload Images plugin <= 3.3 versions allows Stored Cross-Site Scripting (XSS).

6.1
2023-06-13 CVE-2023-2876 ABB Incorrect Permission Assignment for Critical Resource vulnerability in ABB products

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting (XSS).This issue affects REX640 PCL1: from 1.0;0 before 1.0.8; REX640 PCL2: from 1.0;0 before 1.1.4; REX640 PCL3: from 1.0;0 before 1.2.1.

6.1
2023-06-13 CVE-2023-32115 SAP SQL Injection vulnerability in SAP Master Data Synchronization

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

6.1
2023-06-13 CVE-2023-33985 SAP Cross-site Scripting vulnerability in SAP Netweaver 7.50

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.

6.1
2023-06-13 CVE-2023-33986 SAP Cross-site Scripting vulnerability in SAP Customer Relationship Management Abap 430

SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2023-06-12 CVE-2023-2362 WOW Company Unspecified vulnerability in Wow-Company products

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button WordPress plugin before 5.3.1, Herd Effects WordPress plugin before 5.2.2, Popup Box WordPress plugin before 2.2.2, Side Menu Lite WordPress plugin before 4.0.2, Sticky Buttons WordPress plugin before 3.1.1, Wow Skype Buttons WordPress plugin before 4.0.2, WP Coder WordPress plugin before 2.5.6 do not escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-12 CVE-2023-2398 Icegram Unspecified vulnerability in Icegram Engage

The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-12 CVE-2023-2568 AYS PRO Unspecified vulnerability in Ays-Pro Photo Gallery

The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-12 CVE-2023-29385 WP Abstracts Project Cross-site Scripting vulnerability in WP Abstracts Project WP Abstracts

Unauth.

6.1
2023-06-12 CVE-2023-34026 This DAY IN History Project Cross-site Scripting vulnerability in This DAY in History Project This DAY in History

Unauth.

6.1
2023-06-12 CVE-2023-32118 Wpoperation Cross-site Scripting vulnerability in Wpoperation Salert - Fake Sales Notification Woocommerce

Unauth.

6.1
2023-06-12 CVE-2023-32961 Zotpress Project Cross-site Scripting vulnerability in Zotpress Project Zotpress 6.1.2

Unauth.

6.1
2023-06-12 CVE-2023-30753 IP Metaboxes Project Cross-site Scripting vulnerability in IP Metaboxes Project IP Metaboxes

Unauth.

6.1
2023-06-12 CVE-2022-47140 Reputeinfosystems Cross-site Scripting vulnerability in Reputeinfosystems Armember

Unauth.

6.1
2023-06-12 CVE-2015-10118 WP Copyprotect Project Cross-site Scripting vulnerability in Wp-Copyprotect Project Wp-Copyprotect

A vulnerability classified as problematic was found in cchetanonline WP-CopyProtect up to 3.0.0.

6.1
2023-06-16 CVE-2023-34459 Openzeppelin Improper Validation of Integrity Check Value vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for smart contract development.

5.9
2023-06-13 CVE-2023-33620 GL Inet Insufficiently Protected Credentials vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack.

5.9
2023-06-13 CVE-2023-33621 GL Inet Authentication Bypass by Capture-replay vulnerability in Gl-Inet Gl-Ar750S Firmware 3.215

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded.

5.9
2023-06-14 CVE-2023-3227 Fossbilling Insufficient Granularity of Access Control vulnerability in Fossbilling

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.

5.7
2023-06-14 CVE-2023-3228 Fossbilling Unspecified vulnerability in Fossbilling

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0.

5.7
2023-06-13 CVE-2023-2827 SAP Missing Authentication for Critical Function vulnerability in SAP Digital Manufacturing and Plant Connectivity

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing.

5.7
2023-06-14 CVE-2023-32020 Microsoft Unspecified vulnerability in Microsoft products

Windows DNS Spoofing Vulnerability

5.6
2023-06-16 CVE-2023-30903 HP Unspecified vulnerability in HP Hp-Ux

HP-UX could be exploited locally to create a Denial of Service (DoS) when any physical interface is configured with IPv6/inet6.

5.5
2023-06-16 CVE-2023-30904 HPE Unspecified vulnerability in HPE Insight Remote Support

A security vulnerability in HPE Insight Remote Support may result in the local disclosure of privileged LDAP information.

5.5
2023-06-16 CVE-2023-35789 Rabbitmq C Project Insufficiently Protected Credentials vulnerability in Rabbitmq-C Project Rabbitmq-C

An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ.

5.5
2023-06-16 CVE-2023-34474 Imagemagick
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow issue was discovered in ImageMagick's ReadTIM2ImageData() function in coders/tim2.c.

5.5
2023-06-16 CVE-2023-34475 Imagemagick
Fedoraproject
Use After Free vulnerability in multiple products

A heap use after free issue was discovered in ImageMagick's ReplaceXmpValue() function in MagickCore/profile.c.

5.5
2023-06-16 CVE-2023-3195 Imagemagick
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

A stack-based buffer overflow issue was found in ImageMagick's coders/tiff.c.

5.5
2023-06-16 CVE-2023-2431 Kubernetes
Fedoraproject
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement.
5.5
2023-06-15 CVE-2023-2747 Silabs Use of Uninitialized Resource vulnerability in Silabs Gecko Software Development KIT

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. 

5.5
2023-06-15 CVE-2023-21105 Google Unspecified vulnerability in Google Android

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy.

5.5
2023-06-15 CVE-2023-21136 Google Improper Input Validation vulnerability in Google Android

In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation.

5.5
2023-06-15 CVE-2023-21137 Google Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed.

5.5
2023-06-15 CVE-2023-21141 Google Unspecified vulnerability in Google Android

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass.

5.5
2023-06-15 CVE-2023-21142 Google Unspecified vulnerability in Google Android

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass.

5.5
2023-06-15 CVE-2023-21143 Google Improper Input Validation vulnerability in Google Android

In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation.

5.5
2023-06-14 CVE-2023-26965 Libtiff Out-of-bounds Write vulnerability in Libtiff

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.

5.5
2023-06-14 CVE-2023-34823 Fdkaac Project Out-of-bounds Write vulnerability in Fdkaac Project Fdkaac

fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c.

5.5
2023-06-14 CVE-2023-34824 Fdkaac Project Out-of-bounds Write vulnerability in Fdkaac Project Fdkaac

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c.

5.5
2023-06-14 CVE-2023-0837 Teamviewer Unspecified vulnerability in Teamviewer Remote

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings even though the options were locked.

5.5
2023-06-14 CVE-2023-21569 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server 2020.1.2/2022/2022.0.1

Azure DevOps Server Spoofing Vulnerability

5.5
2023-06-14 CVE-2023-29353 Microsoft Unspecified vulnerability in Microsoft Sysinternals and Sysinternals Process Monitor

Sysinternals Process Monitor for Windows Denial of Service Vulnerability

5.5
2023-06-14 CVE-2023-32016 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Installer Information Disclosure Vulnerability

5.5
2023-06-14 CVE-2023-33139 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Information Disclosure Vulnerability

5.5
2023-06-13 CVE-2023-29498 Fujielectric XXE vulnerability in Fujielectric Frenic RHC Loader

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier.

5.5
2023-06-13 CVE-2022-33877 Fortinet Incorrect Default Permissions vulnerability in Fortinet Forticlient and Forticonverter

An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.

5.5
2023-06-13 CVE-2023-30757 Siemens Unspecified vulnerability in Siemens Totally Integrated Automation Portal

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions).

5.5
2023-06-13 CVE-2023-33121 Siemens NULL Pointer Dereference vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3).

5.5
2023-06-13 CVE-2023-33122 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10), Teamcenter Visualization V14.0 (All versions < V14.0.0.6), Teamcenter Visualization V14.1 (All versions < V14.1.0.8), Teamcenter Visualization V14.2 (All versions < V14.2.0.3).

5.5
2023-06-12 CVE-2023-3161 Linux
Fedoraproject
Redhat
Incorrect Calculation vulnerability in multiple products

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel.

5.5
2023-06-18 CVE-2023-3311 Online Shopping System Advanced Project Cross-site Scripting vulnerability in Online-Shopping-System-Advanced Project Online-Shopping-System-Advanced 1.0

A vulnerability, which was classified as problematic, was found in PuneethReddyHC online-shopping-system-advanced 1.0.

5.4
2023-06-18 CVE-2023-3309 Resort Reservation System Project Cross-site Scripting vulnerability in Resort Reservation System Project Resort Reservation System 1.0

A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1.0.

5.4
2023-06-16 CVE-2023-33438 Wolterskluwer Cross-site Scripting vulnerability in Wolterskluwer Teammate+ 35.0.11.0

A stored Cross-site scripting (XSS) vulnerability in Wolters Kluwer TeamMate+ 35.0.11.0 allows remote attackers to inject arbitrary web script or HTML.

5.4
2023-06-16 CVE-2023-30453 Teamlead Cross-site Scripting vulnerability in Teamlead Reminder

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.

5.4
2023-06-16 CVE-2023-26013 Wpchill Cross-site Scripting vulnerability in Wpchill Strong Testimonials

Auth.

5.4
2023-06-16 CVE-2023-34845 Bludit Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.14.1

Bludit v3.14.1 was discovered to contain an arbitrary file upload vulnerability in the component /admin/new-content.

5.4
2023-06-15 CVE-2023-34797 Temenos Incorrect Permission Assignment for Critical Resource vulnerability in Temenos CWX 8.5.6

Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information.

5.4
2023-06-15 CVE-2023-29302 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-06-15 CVE-2023-29304 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-06-15 CVE-2023-29307 Adobe Open Redirect vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability.

5.4
2023-06-15 CVE-2023-29322 Adobe Cross-site Scripting vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2023-06-14 CVE-2023-33515 Softexpert Cross-site Scripting vulnerability in Softexpert Excellence Suite 2.1.9

SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens.

5.4
2023-06-14 CVE-2023-34565 Netbox Cross-site Scripting vulnerability in Netbox 3.5.1

Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.

5.4
2023-06-14 CVE-2023-0010 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an authenticated Captive Portal user’s browser when they click on a specifically crafted link.

5.4
2023-06-14 CVE-2023-35143 Jenkins Cross-site Scripting vulnerability in Jenkins Maven Repository Server

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control maven project versions in `pom.xml`.

5.4
2023-06-14 CVE-2023-35144 Jenkins Cross-site Scripting vulnerability in Jenkins Maven Repository Server

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting (XSS) vulnerability.

5.4
2023-06-14 CVE-2023-35145 Jenkins Cross-site Scripting vulnerability in Jenkins Sonargraph Integration

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting vulnerability exploitable by attackers with Item/Configure permission.

5.4
2023-06-14 CVE-2023-35146 Jenkins Cross-site Scripting vulnerability in Jenkins Template Workflows 41.V32D86A313B4A

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create jobs.

5.4
2023-06-13 CVE-2023-34537 Digitaldruid Cross-site Scripting vulnerability in Digitaldruid Hoteldruid 3.0.5

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.

5.4
2023-06-13 CVE-2023-28600 Zoom Unspecified vulnerability in Zoom

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability.

5.4
2023-06-13 CVE-2023-23831 Rating Widget Cross-site Scripting vulnerability in Rating-Widget Ratingwidget

Auth.

5.4
2023-06-13 CVE-2023-33984 SAP Cross-site Scripting vulnerability in SAP Netweaver 7.50

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message.

5.4
2023-06-12 CVE-2023-34941 Asus Cross-site Scripting vulnerability in Asus Rt-N10Lx Firmware 2.0.0.39

A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL Keyword List text field.

5.4
2023-06-12 CVE-2023-0431 File Away Project Unspecified vulnerability in File Away Project File Away 3.9.9.0.1

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.

5.4
2023-06-12 CVE-2023-2718 Codepeople Cross-site Scripting vulnerability in Codepeople Contact Form Email

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability.

5.4
2023-06-12 CVE-2023-35054 Jetbrains Cross-site Scripting vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible

5.4
2023-06-12 CVE-2023-33492 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.2

EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-06-16 CVE-2023-34165 Huawei Missing Authorization vulnerability in Huawei Harmonyos 2.1

Unauthorized access vulnerability in the Save for later feature provided by AI Touch.Successful exploitation of this vulnerability may cause third-party apps to forge a URI for unauthorized access with zero permissions.

5.3
2023-06-15 CVE-2023-34242 Cilium Information Exposure vulnerability in Cilium

Cilium is a networking, observability, and security solution with an eBPF-based dataplane.

5.3
2023-06-15 CVE-2023-29287 Adobe Information Exposure vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass.

5.3
2023-06-15 CVE-2023-29290 Adobe Missing Support for Integrity Check vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

5.3
2023-06-14 CVE-2023-34449 Parity Incorrect Check of Function Return Value vulnerability in Parity Ink!

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework.

5.3
2023-06-14 CVE-2023-29355 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

DHCP Server Service Information Disclosure Vulnerability

5.3
2023-06-14 CVE-2023-32013 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Denial of Service Vulnerability

5.3
2023-06-13 CVE-2023-31142 Discourse Incorrect Permission Assignment for Critical Resource vulnerability in Discourse

Discourse is an open source discussion platform.

5.3
2023-06-13 CVE-2023-32061 Discourse Incorrect Authorization vulnerability in Discourse

Discourse is an open source discussion platform.

5.3
2023-06-13 CVE-2023-32301 Discourse Improper Encoding or Escaping of Output vulnerability in Discourse

Discourse is an open source discussion platform.

5.3
2023-06-13 CVE-2023-34250 Discourse Exposure of Resource to Wrong Sphere vulnerability in Discourse

Discourse is an open source discussion platform.

5.3
2023-06-13 CVE-2023-34965 Sspanel UIM Project Incorrect Authorization vulnerability in Sspanel-Uim Project Sspanel-Uim 2023.3

SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information.

5.3
2023-06-13 CVE-2023-31437 Systemd Project Improper Validation of Integrity Check Value vulnerability in Systemd Project Systemd 253

An issue was discovered in systemd 253.

5.3
2023-06-13 CVE-2023-31438 Systemd Project Improper Validation of Integrity Check Value vulnerability in Systemd Project Systemd 253

An issue was discovered in systemd 253.

5.3
2023-06-13 CVE-2023-31439 Systemd Project Improper Validation of Integrity Check Value vulnerability in Systemd Project Systemd 253

An issue was discovered in systemd 253.

5.3
2023-06-13 CVE-2023-31195 Asus Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ax3000 Firmware 3.0.0.4.38410177/3.0.0.4.386.46061

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute.

5.3
2023-06-13 CVE-2023-2673 Phoenixcontact Improper Input Validation vulnerability in Phoenixcontact products

Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.

5.3
2023-06-12 CVE-2023-34344 AMI Information Exposure Through Discrepancy vulnerability in AMI Megarac Sp-X

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure.

5.3
2023-06-12 CVE-2020-36732 Crypto JS Project Use of Insufficiently Random Values vulnerability in Crypto-Js Project Crypto-Js

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.

5.3
2023-06-13 CVE-2023-2638 Rockwellautomation Improper Authentication vulnerability in Rockwellautomation products

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected.   Improper authorization in FTSSBackupRestore.exe may lead to the loading of malicious configuration archives.  This vulnerability may allow a local, authenticated non-admin user to craft a malicious backup archive, without password protection, that will be loaded by FactoryTalk System Services as a valid backup when a restore procedure takes places.

5.0
2023-06-15 CVE-2023-29291 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.

4.9
2023-06-15 CVE-2023-29292 Adobe Server-Side Request Forgery (SSRF) vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read.

4.9
2023-06-16 CVE-2023-25974 Wp2Syslog Project Cross-site Scripting vulnerability in Wp2Syslog Project Wp2Syslog

Auth.

4.8
2023-06-16 CVE-2023-26527 Wpindeed Cross-site Scripting vulnerability in Wpindeed Debug Assistant

Auth.

4.8
2023-06-16 CVE-2023-26537 WP NO External Links Project Cross-site Scripting vulnerability in WP NO External Links Project WP NO External Links

Auth.

4.8
2023-06-16 CVE-2023-26515 Simple Slug Translate Project Cross-site Scripting vulnerability in Simple Slug Translate Project Simple Slug Translate

Auth.

4.8
2023-06-16 CVE-2023-3293 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm 8.0.0/8.0.1/8.0.2

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm-core prior to 8.3.0.

4.8
2023-06-16 CVE-2023-25963 Joomsky Cross-site Scripting vulnerability in Joomsky JS JOB Manager

Auth.

4.8
2023-06-16 CVE-2023-26541 Asmember Project Cross-site Scripting vulnerability in Asmember Project Asmember 1.0/1.5.4

Auth.

4.8
2023-06-15 CVE-2023-25972 Iksweb Cross-site Scripting vulnerability in Iksweb Wordpress Ctapt

Auth.

4.8
2023-06-13 CVE-2023-25978 Mindutopia Cross-site Scripting vulnerability in Mindutopia Protected Posts Logout Button

Auth.

4.8
2023-06-13 CVE-2023-27624 Redirect After Login Project Cross-site Scripting vulnerability in Redirect After Login Project Redirect After Login

Auth.

4.8
2023-06-13 CVE-2023-25964 Designextreme Cross-site Scripting vulnerability in Designextreme We'Re Open!

Auth.

4.8
2023-06-13 CVE-2023-26528 Shipyaari Cross-site Scripting vulnerability in Shipyaari Shipping Management

Auth.

4.8
2023-06-13 CVE-2023-26538 Chat BEE Project Cross-site Scripting vulnerability in Chat BEE Project Chat BEE 1.0.0/1.1.0

Auth.

4.8
2023-06-13 CVE-2023-28620 Cyberuslabs Cross-site Scripting vulnerability in Cyberuslabs Cyberus KEY 1.0

Auth.

4.8
2023-06-13 CVE-2023-29501 Runsystem Improper Certificate Validation vulnerability in Runsystem Jiyu Kukan Toku-Toku Coupon

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate verification.

4.8
2023-06-13 CVE-2023-29175 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortios and Fortiproxy

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through 7.0.9, 7.2.0 through 7.2.3 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the vulnerable device and the remote FortiGuard's map server.

4.8
2023-06-13 CVE-2023-31238 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Q200 Firmware

A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60), POWER METER SICAM Q100 (All versions < V2.60).

4.8
2023-06-12 CVE-2023-1323 Yikesinc Unspecified vulnerability in Yikesinc Easy Forms for Mailchimp

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-12 CVE-2023-28933 Stpetedesign Cross-site Scripting vulnerability in Stpetedesign Call NOW Accessibility Button

Auth.

4.8
2023-06-12 CVE-2023-31236 Unfocus Cross-site Scripting vulnerability in Unfocus Scripts N Styles

Auth.

4.8
2023-06-12 CVE-2023-23819 Itemprop WP FOR Serp SEO Rich Snippets Project Cross-site Scripting vulnerability in Itemprop WP for Serp/Seo Rich Snippets Project Itemprop WP for Serp/Seo Rich Snippets

Auth.

4.8
2023-06-12 CVE-2023-23822 UTM Tracker Project Cross-site Scripting vulnerability in UTM Tracker Project UTM Tracker

Auth.

4.8
2023-06-12 CVE-2023-30745 IP Metaboxes Project Cross-site Scripting vulnerability in IP Metaboxes Project IP Metaboxes

Auth.

4.8
2023-06-12 CVE-2022-45827 Galleryplugins Cross-site Scripting vulnerability in Galleryplugins Video Contest

Auth.

4.8
2023-06-12 CVE-2023-23818 Aviplugins Cross-site Scripting vulnerability in Aviplugins WP Register Profile With Shortcode

Auth.

4.8
2023-06-12 CVE-2023-34855 AC Centralized Management Platform Project Cross-site Scripting vulnerability in AC Centralized Management Platform Project AC Centralized Management Platform 1.02.040

A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a crafted HTML file to the interface /upfile.cgi.

4.8
2023-06-15 CVE-2023-21095 Google Race Condition vulnerability in Google Android 12.1/13.0

In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition.

4.7
2023-06-14 CVE-2023-35116 Fasterxml Allocation of Resources Without Limits or Throttling vulnerability in Fasterxml Jackson-Databind

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies.

4.7
2023-06-14 CVE-2023-32019 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

4.7
2023-06-13 CVE-2023-2639 Rockwellautomation Origin Validation Error vulnerability in Rockwellautomation products

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the origin of the communication is from a legitimate local client device.  This may allow a threat actor to craft a malicious website that, when visited, will send a malicious script that can connect to the local WebSocket endpoint and wait for events as if it was a valid client device.

4.7
2023-06-13 CVE-2023-2277 Wpdirectorykit Unspecified vulnerability in Wpdirectorykit WP Directory KIT

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9.

4.7
2023-06-13 CVE-2023-27465 Siemens Information Exposure vulnerability in Siemens products

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D425-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP (All versions >= V5.4 < V5.5 SP1), SIMOTION D435-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D445-2 DP/PN (All versions >= V5.4), SIMOTION D445-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D455-2 DP/PN (All versions >= V5.4 < V5.5 SP1), SIMOTION P320-4 E (All versions >= V5.4), SIMOTION P320-4 S (All versions >= V5.4).

4.6
2023-06-13 CVE-2023-3218 IT Novum Race Condition within a Thread vulnerability in It-Novum Openitcockpit

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.

4.4
2023-06-13 CVE-2023-32546 Chatwork Code Injection vulnerability in Chatwork

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier.

4.4
2023-06-13 CVE-2022-41327 Fortinet Cleartext Transmission of Sensitive Information vulnerability in Fortinet Fortios and Fortiproxy

A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.

4.4
2023-06-16 CVE-2023-2785 Mattermost Resource Exhaustion vulnerability in Mattermost

Mattermost fails to properly truncate the postgres error log message of a search query failure allowing an attacker to cause the creation of large log files which can result in Denial of Service

4.3
2023-06-16 CVE-2023-2783 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost Apps Framework fails to verify that a secret provided in the incoming webhook request allowing an attacker to modify the contents of the post sent by the Apps.

4.3
2023-06-16 CVE-2023-2786 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost fails to properly check the permissions when executing commands allowing a member with no permissions to post a message in a channel to actually post it by executing channel commands.

4.3
2023-06-16 CVE-2023-2791 Mattermost Missing Authorization vulnerability in Mattermost

When creating a playbook run via the /dialog API, Mattermost fails to validate all parameters, allowing an authenticated attacker to edit an arbitrary channel post.

4.3
2023-06-15 CVE-2023-28810 Hikvision Unspecified vulnerability in Hikvision products

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities.

4.3
2023-06-15 CVE-2023-29288 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

4.3
2023-06-15 CVE-2023-29294 Adobe Unspecified vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass.

4.3
2023-06-15 CVE-2023-29295 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

4.3
2023-06-15 CVE-2023-29296 Adobe Incorrect Authorization vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.

4.3
2023-06-15 CVE-2023-34626 Piwigo SQL Injection vulnerability in Piwigo

Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function.

4.3
2023-06-14 CVE-2023-2819 Proofpoint Cross-site Scripting vulnerability in Proofpoint Threat Response Auto Pull

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to replace the image file with an arbitrary MIME type.

4.3
2023-06-14 CVE-2023-3198 Inspireui Unspecified vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function.

4.3
2023-06-14 CVE-2023-3200 Inspireui Unspecified vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function.

4.3
2023-06-14 CVE-2023-3201 Inspireui Unspecified vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function.

4.3
2023-06-14 CVE-2023-3203 Inspireui Cross-Site Request Forgery (CSRF) vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function.

4.3
2023-06-13 CVE-2023-28599 Zoom Injection vulnerability in Zoom

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability.

4.3
2023-06-13 CVE-2023-29178 Fortinet Access of Uninitialized Pointer vulnerability in Fortinet Fortios and Fortiproxy

A access of uninitialized pointer vulnerability [CWE-824] in Fortinet FortiProxy version 7.2.0 through 7.2.3 and before 7.0.9 and FortiOS version 7.2.0 through 7.2.4 and before 7.0.11 allows an authenticated attacker to repetitively crash the httpsd process via crafted HTTP or HTTPS requests.

4.3
2023-06-13 CVE-2023-2351 Wpdirectorykit Unspecified vulnerability in Wpdirectorykit WP Directory KIT

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3.

4.3
2023-06-13 CVE-2023-2563 Cimatti Unspecified vulnerability in Cimatti Contact Forms

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7.

4.3
2023-06-13 CVE-2023-34247 Keystonejs Open Redirect vulnerability in Keystonejs Keystone

Keystone is a content management system for Node.JS.

4.1

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-13 CVE-2023-20867 Vmware Improper Authentication vulnerability in VMWare Tools

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

3.9
2023-06-13 CVE-2023-34115 Zoom Classic Buffer Overflow vulnerability in Zoom Meeting SDK

Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access.

3.8
2023-06-16 CVE-2023-3291 Gpac Heap-based Buffer Overflow vulnerability in Gpac

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.

3.3
2023-06-13 CVE-2023-28303 Microsoft Unspecified vulnerability in Microsoft Snip & Sketch and Snipping Tool

Windows Snipping Tool Information Disclosure Vulnerability

3.3
2023-06-14 CVE-2023-32024 Microsoft Unspecified vulnerability in Microsoft Power Apps

Microsoft Power Apps Spoofing Vulnerability

3.0
2023-06-16 CVE-2023-25186 Nokia Path Traversal vulnerability in Nokia Asika Airscale Firmware

An issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B.

2.8
2023-06-15 CVE-2023-29293 Adobe Improper Input Validation vulnerability in Adobe Commerce and Magento

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass.

2.7
2023-06-13 CVE-2022-42474 Fortinet Path Traversal vulnerability in Fortinet Fortiproxy and Fortiswitchmanager

A relative path traversal vulnerability [CWE-23] in Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.9 and before 6.4.12, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.7, FortiSwitchManager version 7.2.0 through 7.2.1 and before 7.0.1 allows an privileged attacker to delete arbitrary directories from the filesystem through crafted HTTP requests.

2.7
2023-06-13 CVE-2023-32114 SAP Resource Exhaustion vulnerability in SAP Netweaver

SAP NetWeaver (Change and Transport System) - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an authenticated user with admin privileges to maliciously run a benchmark program repeatedly in intent to slowdown or make the server unavailable which may lead to a limited impact on Availability with No impact on Confidentiality and Integrity of the application.

2.7