Weekly Vulnerabilities Reports > July 17 to 23, 2023

Overview

486 new vulnerabilities reported during this period, including 70 critical vulnerabilities and 186 high severity vulnerabilities. This weekly summary report vulnerabilities in 450 products from 236 vendors including Oracle, Netapp, Fedoraproject, IBM, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Cross-Site Request Forgery (CSRF)", "SQL Injection", "Out-of-bounds Write", and "Unrestricted Upload of File with Dangerous Type".

  • 398 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 157 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 317 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 56 reported vulnerabilities.
  • Linux has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

70 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-07-21 CVE-2023-37903 VM2 Project OS Command Injection vulnerability in VM2 Project VM2

vm2 is an open source vm/sandbox for Node.js.

10.0
2023-07-19 CVE-2023-3765 Lfprojects Absolute Path Traversal vulnerability in Lfprojects Mlflow

Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.

10.0
2023-07-23 CVE-2023-3854 Phpscriptpoint SQL Injection vulnerability in PHPscriptpoint Bloodbank 1.1

A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1.

9.8
2023-07-23 CVE-2023-3850 Oretnom23 SQL Injection vulnerability in Oretnom23 Lost and Found Information System 1.0

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical.

9.8
2023-07-22 CVE-2023-3836 Dahuasecurity Unrestricted Upload of File with Dangerous Type vulnerability in Dahuasecurity Smart Parking Management

A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713.

9.8
2023-07-22 CVE-2023-3826 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical.

9.8
2023-07-21 CVE-2023-26301 HP Missing Authorization vulnerability in HP products

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.

9.8
2023-07-21 CVE-2023-38646 Metabase Unspecified vulnerability in Metabase

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level.

9.8
2023-07-21 CVE-2023-35087 Asus Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U.

9.8
2023-07-21 CVE-2023-37292 Hgiga OS Command Injection vulnerability in Hgiga Isherlock

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.

9.8
2023-07-21 CVE-2023-3811 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

A vulnerability was found in Hospital Management System 1.0.

9.8
2023-07-21 CVE-2023-37291 GSS Use of Hard-coded Credentials vulnerability in GSS Vitals Enterprise Social Platform

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key.

9.8
2023-07-21 CVE-2023-3809 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

A vulnerability was found in Hospital Management System 1.0.

9.8
2023-07-21 CVE-2023-3810 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

A vulnerability was found in Hospital Management System 1.0.

9.8
2023-07-21 CVE-2023-38632 Asynchronous Sockets FOR C Project Out-of-bounds Write vulnerability in Asynchronous Sockets for C++ Project Asynchronous Sockets for C++

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.

9.8
2023-07-21 CVE-2023-3805 Four Faith Improper Authorization vulnerability in Four-Faith Video Surveillance Management System 2016/2017

A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712.

9.8
2023-07-21 CVE-2023-3806 House Rental AND Property Listing PHP Project Unrestricted Upload of File with Dangerous Type vulnerability in House Rental and Property Listing PHP Project House Rental and Property Listing PHP 1.0

A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0.

9.8
2023-07-21 CVE-2023-3804 Cdwanjiang Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0.

9.8
2023-07-21 CVE-2023-3801 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability was found in IBOS OA 4.5.5.

9.8
2023-07-21 CVE-2023-3802 Cdwanjiang Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0

A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0.

9.8
2023-07-20 CVE-2023-3799 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability was found in IBOS OA 4.5.5 and classified as critical.

9.8
2023-07-20 CVE-2023-3798 Cdwanjiang Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical.

9.8
2023-07-20 CVE-2023-3795 Bugfinder SQL Injection vulnerability in Bugfinder Chaincity 1.0

A vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0.

9.8
2023-07-20 CVE-2023-31753 Endonesia SQL Injection vulnerability in Endonesia 8.7

SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.

9.8
2023-07-20 CVE-2023-3793 Weaver SQL Injection vulnerability in Weaver E-Cology 10.0.2310.01/9.0

A vulnerability was found in Weaver e-cology.

9.8
2023-07-20 CVE-2023-37165 Millhouse Project Project SQL Injection vulnerability in Millhouse-Project Project Millhouse-Project 1.414

Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.

9.8
2023-07-20 CVE-2023-3791 Ibos SQL Injection vulnerability in Ibos 4.5.5

A vulnerability was found in IBOS OA 4.5.5 and classified as critical.

9.8
2023-07-20 CVE-2023-37471 Openidentityplatform Improper Authentication vulnerability in Openidentityplatform Openam

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security.

9.8
2023-07-20 CVE-2023-38203 Adobe Deserialization of Untrusted Data vulnerability in Adobe Coldfusion 2018/2021/2023

Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution.

9.8
2023-07-20 CVE-2023-37289 Infodoc Unrestricted Upload of File with Dangerous Type vulnerability in Infodoc Document On-Line Submission and Approval System 22547/22567

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.

9.8
2023-07-20 CVE-2023-38408 Openbsd
Fedoraproject
Unquoted Search Path or Element vulnerability in multiple products

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system.

9.8
2023-07-19 CVE-2023-3722 Avaya Unrestricted Upload of File with Dangerous Type vulnerability in Avaya Aura Device Services

An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file.

9.8
2023-07-19 CVE-2023-3519 Citrix Code Injection vulnerability in Citrix products

Unauthenticated remote code execution

9.8
2023-07-19 CVE-2023-34034 Vmware Unspecified vulnerability in VMWare Spring Security

Using "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux, and the potential for a security bypass.

9.8
2023-07-19 CVE-2023-3638 Geovision Improper Authentication vulnerability in Geovision Gv-Adr2701 Firmware 1.0020171215

In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.

9.8
2023-07-19 CVE-2023-3463 GE Out-of-bounds Write vulnerability in GE Cimplicity

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow.

9.8
2023-07-19 CVE-2023-3759 Intergard Permission Issues vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0

A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0.

9.8
2023-07-19 CVE-2023-3751 Superstorefinder SQL Injection vulnerability in Superstorefinder Super Store Finder 3.6

A vulnerability was found in Super Store Finder 3.6.

9.8
2023-07-18 CVE-2023-30153 Prestashop SQL Injection vulnerability in Prestashop Payplug

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.

9.8
2023-07-18 CVE-2023-36670 Kratosdefense OS Command Injection vulnerability in Kratosdefense NGC Indoor Unit Firmware 9.1.0.4

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4.

9.8
2023-07-18 CVE-2021-37522 Locke BOT Project SQL Injection vulnerability in Locke-Bot Project Locke-Bot 2.0.2

SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js.

9.8
2023-07-18 CVE-2023-35189 Iagona Unrestricted Upload of File with Dangerous Type vulnerability in Iagona Scrutisweb

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it.

9.8
2023-07-18 CVE-2023-36669 Kratosdefense Missing Authentication for Critical Function vulnerability in Kratosdefense NGC Indoor Unit Firmware

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system.

9.8
2023-07-18 CVE-2020-36762 ONS OS Command Injection vulnerability in ONS RAS Collection Instrument

A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical.

9.8
2023-07-18 CVE-2021-34123 Atasm Project Out-of-bounds Write vulnerability in Atasm Project Atasm 1.09

An issue was discovered on atasm, version 1.09.

9.8
2023-07-18 CVE-2018-25088 Blueyonder SQL Injection vulnerability in Blueyonder Postgraas Server

A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2.

9.8
2023-07-18 CVE-2015-10122 WP Donate Project SQL Injection vulnerability in WP Donate Project WP Donate 1.4

A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress.

9.8
2023-07-18 CVE-2022-4146 Hitachi Expression Language Injection vulnerability in Hitachi Replication Manager

Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.

9.8
2023-07-18 CVE-2023-38427 Linux
Netapp
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.8.

9.8
2023-07-18 CVE-2023-38429 Linux Off-by-one Error vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 6.3.4.

9.8
2023-07-17 CVE-2021-37384 Furukawa Unspecified vulnerability in Furukawa products

RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface.

9.8
2023-07-17 CVE-2023-37265 Icewhale Missing Authentication for Critical Function vulnerability in Icewhale Casaos

CasaOS is an open-source Personal Cloud system.

9.8
2023-07-17 CVE-2023-37266 Icewhale Improper Authentication vulnerability in Icewhale Casaos

CasaOS is an open-source Personal Cloud system.

9.8
2023-07-17 CVE-2023-37461 Metersphere Path Traversal vulnerability in Metersphere

Metersphere is an opensource testing framework.

9.8
2023-07-17 CVE-2023-37791 Dlink Out-of-bounds Write vulnerability in Dlink Dir-619L Firmware 2.04

D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.

9.8
2023-07-17 CVE-2023-2958 Orjinyazilim Authorization Bypass Through User-Controlled Key vulnerability in Orjinyazilim ATS PRO

Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.

9.8
2023-07-17 CVE-2023-2963 Olivaekspertiz SQL Injection vulnerability in Olivaekspertiz Oliva Ekspertiz

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.

9.8
2023-07-17 CVE-2023-3186 Supsystic Unspecified vulnerability in Supsystic Popup

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.

9.8
2023-07-17 CVE-2023-3376 Dijital SQL Injection vulnerability in Dijital Zekiweb

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.

9.8
2023-07-17 CVE-2023-26512 Apache Deserialization of Untrusted Data vulnerability in Apache Eventmesh 1.7.0/1.8.0

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g.

9.8
2023-07-17 CVE-2023-3695 Campcodes SQL Injection vulnerability in Campcodes Beauty Salon Management System 1.0

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0.

9.8
2023-07-17 CVE-2023-3696 Mongoosejs Unspecified vulnerability in Mongoosejs Mongoose

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

9.8
2023-07-17 CVE-2023-3694 Sourcecodester House Rental AND Property Listing Project SQL Injection vulnerability in Sourcecodester House Rental and Property Listing Project House Rental and Property Listing 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0.

9.8
2023-07-18 CVE-2023-38426 Linux
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.4.

9.1
2023-07-18 CVE-2023-38428 Linux
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.4.

9.1
2023-07-18 CVE-2023-38430 Linux
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.9.

9.1
2023-07-18 CVE-2023-38431 Linux
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.8.

9.1
2023-07-18 CVE-2023-38432 Linux
Netapp
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in the Linux kernel before 6.3.10.

9.1
2023-07-18 CVE-2023-21974 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account).

9.0
2023-07-18 CVE-2023-21975 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account).

9.0

186 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-07-23 CVE-2023-3841 Nxfilter Cross-Site Request Forgery (CSRF) vulnerability in Nxfilter 4.3.2.5

A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic.

8.8
2023-07-21 CVE-2023-37917 Fit2Cloud Unspecified vulnerability in Fit2Cloud Kubepi

KubePi is an opensource kubernetes management panel.

8.8
2023-07-21 CVE-2023-3807 Campcodes SQL Injection vulnerability in Campcodes Beauty Salon Management System 1.0

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical.

8.8
2023-07-21 CVE-2023-3808 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

A vulnerability was found in Hospital Management System 1.0 and classified as critical.

8.8
2023-07-20 CVE-2023-3797 Istrong Unrestricted Upload of File with Dangerous Type vulnerability in Istrong Four Mountain Torrent Disaster Prevention, Control Monitoring and Early Warning System

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712.

8.8
2023-07-20 CVE-2023-3796 Bugfinder Unrestricted Upload of File with Dangerous Type vulnerability in Bugfinder Foody Friend 1.0

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0.

8.8
2023-07-20 CVE-2023-37650 Agentejo Cross-Site Request Forgery (CSRF) vulnerability in Agentejo Cockpit

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.

8.8
2023-07-20 CVE-2023-31462 Steelseries Unspecified vulnerability in Steelseries GG 36.0.0

An issue was discovered in SteelSeries GG 36.0.0.

8.8
2023-07-19 CVE-2023-37362 Weintek Improper Authentication vulnerability in Weintek Weincloud 0.13.6

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website.

8.8
2023-07-19 CVE-2023-26217 Tibco SQL Injection vulnerability in Tibco EBX Add-Ons

The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system.

8.8
2023-07-19 CVE-2023-27379 Foxit Use After Free vulnerability in Foxit PDF Reader 12.1.2.15332

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332.

8.8
2023-07-19 CVE-2023-28744 Foxit Use After Free vulnerability in Foxit PDF Reader 12.1.1.15289

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289.

8.8
2023-07-19 CVE-2023-33866 Foxit Use After Free vulnerability in Foxit PDF Reader 12.1.2.15332

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332.

8.8
2023-07-19 CVE-2023-33876 Foxit Unspecified vulnerability in Foxit PDF Reader 12.1.2.15332

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations.

8.8
2023-07-19 CVE-2023-28754 Apache Deserialization of Untrusted Data vulnerability in Apache Shardingsphere

Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file. The attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR. An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader.

8.8
2023-07-19 CVE-2023-22506 Atlassian Code Injection vulnerability in Atlassian Bamboo Data Center and Bamboo Server

This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.   This Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to modify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.     Atlassian recommends that you upgrade your instance to latest version.

8.8
2023-07-18 CVE-2023-22508 Atlassian Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server.

8.8
2023-07-18 CVE-2023-22505 Atlassian Unspecified vulnerability in Atlassian Confluence Data Center and Confluence Server

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to latest version.

8.8
2023-07-18 CVE-2023-37897 Getgrav Return of Wrong Status Code vulnerability in Getgrav Grav 1.7.42/1.7.42.1

Grav is a file-based Web-platform built in PHP.

8.8
2023-07-18 CVE-2023-37477 Fit2Cloud OS Command Injection vulnerability in Fit2Cloud 1Panel

1Panel is an open source Linux server operation and maintenance management panel.

8.8
2023-07-18 CVE-2020-22159 Evertz Unrestricted Upload of File with Dangerous Type vulnerability in Evertz 3080Ipx Firmware, 7801Fc Firmware and 7890Ixg Firmware

EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files.

8.8
2023-07-18 CVE-2023-28019 Hcltech SQL Injection vulnerability in Hcltech Bigfix Webui

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.

8.8
2023-07-18 CVE-2023-34330 AMI Code Injection vulnerability in AMI Megarac Sp-X 12/13

AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface.

8.8
2023-07-18 CVE-2023-33265 Hazelcast Missing Authorization vulnerability in Hazelcast and Imdg

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.

8.8
2023-07-18 CVE-2022-26563 Tildeslash Incorrect Authorization vulnerability in Tildeslash Monit

An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.

8.8
2023-07-18 CVE-2022-34155 Miniorange Improper Authentication vulnerability in Miniorange Oauth Single Sign on

Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.

8.8
2023-07-18 CVE-2022-47169 Staxwp Cross-Site Request Forgery (CSRF) vulnerability in Staxwp Visibility Logic for Elementor

Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.

8.8
2023-07-18 CVE-2023-23660 Mainwp SQL Injection vulnerability in Mainwp Maintenance Extension

Auth.

8.8
2023-07-18 CVE-2023-25036 Social Media Icons Widget Project Cross-Site Request Forgery (CSRF) vulnerability in Social Media Icons Widget Project Social Media Icons Widget

Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions.

8.8
2023-07-18 CVE-2023-37386 Codexin Cross-Site Request Forgery (CSRF) vulnerability in Codexin Media Library Helper

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.

8.8
2023-07-18 CVE-2023-37387 Radiustheme Cross-Site Request Forgery (CSRF) vulnerability in Radiustheme Classified Listing PRO - Classified ADS & Business Directory

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.

8.8
2023-07-18 CVE-2023-37889 Wpadmin Cross-Site Request Forgery (CSRF) vulnerability in Wpadmin AWS CDN

Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.

8.8
2023-07-18 CVE-2023-37892 Pluginpress Cross-Site Request Forgery (CSRF) vulnerability in Pluginpress Shortcode Imdb

Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.

8.8
2023-07-18 CVE-2023-37973 Replace Word Project Cross-Site Request Forgery (CSRF) vulnerability in Replace Word Project Replace Word

Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.

8.8
2023-07-18 CVE-2022-45828 Nootheme Cross-Site Request Forgery (CSRF) vulnerability in Nootheme NOO Timetable 2.1.3

Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.

8.8
2023-07-18 CVE-2022-46857 Sitealert Cross-Site Request Forgery (CSRF) vulnerability in Sitealert 1.9.7

Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.

8.8
2023-07-18 CVE-2023-25473 Flickr Justified Gallery Project Cross-Site Request Forgery (CSRF) vulnerability in Flickr Justified Gallery Project Flickr Justified Gallery

Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.

8.8
2023-07-18 CVE-2023-25475 Smart Youtube PRO Project Cross-Site Request Forgery (CSRF) vulnerability in Smart Youtube PRO Project Smart Youtube PRO 4.3

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.

8.8
2023-07-18 CVE-2023-25482 Keetrax Cross-Site Request Forgery (CSRF) vulnerability in Keetrax WP Tiles

Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.

8.8
2023-07-18 CVE-2023-3713 Metagauss Unspecified vulnerability in Metagauss Profilegrid

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1.

8.8
2023-07-18 CVE-2023-3714 Metagauss Unspecified vulnerability in Metagauss Profilegrid

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2.

8.8
2023-07-17 CVE-2023-3724 Wolfssl Improper Certificate Validation vulnerability in Wolfssl

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret.

8.8
2023-07-17 CVE-2023-38404 Veritas Unrestricted Upload of File with Dangerous Type vulnerability in Veritas Infoscale Operations Manager

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server.

8.8
2023-07-17 CVE-2023-33011 Zyxel Use of Externally-Controlled Format String vulnerability in Zyxel products

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.

8.8
2023-07-17 CVE-2023-33012 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.

8.8
2023-07-17 CVE-2023-34139 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.

8.8
2023-07-17 CVE-2023-28767 Zyxel OS Command Injection vulnerability in Zyxel products

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, USG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36.

8.8
2023-07-17 CVE-2022-36424 Easy Appointments Project Cross-Site Request Forgery (CSRF) vulnerability in Easy Appointments Project Easy Appointments

Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.

8.8
2023-07-17 CVE-2022-38062 Metagauss Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme

Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.

8.8
2023-07-17 CVE-2023-37974 WP Social Autoconnect Project Cross-Site Request Forgery (CSRF) vulnerability in WP Social Autoconnect Project WP Social Autoconnect

Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.

8.8
2023-07-17 CVE-2023-37985 Fivestarplugins Cross-Site Request Forgery (CSRF) vulnerability in Fivestarplugins Five Star Restaurant Menu

Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.

8.8
2023-07-17 CVE-2022-47172 Hasthemes Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes Woolentor - Woocommerce Elementor Addons + Builder

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.

8.8
2023-07-17 CVE-2023-34005 Etoilewebdesign Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Front END Users

Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.

8.8
2023-07-17 CVE-2023-36511 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Order Barcodes

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.

8.8
2023-07-17 CVE-2023-36513 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Automatewoo

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.

8.8
2023-07-17 CVE-2023-36514 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Shipping multiple Addresses

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.

8.8
2023-07-17 CVE-2023-37968 Faboba Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.

8.8
2023-07-17 CVE-2023-2329 Gsheetconnector Unspecified vulnerability in Gsheetconnector Woocommerce Google Sheet Connector 1.3.4

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

8.8
2023-07-17 CVE-2023-2330 Gsheetconnector Unspecified vulnerability in Gsheetconnector Caldera Forms Google Sheets Connector 1.2

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack

8.8
2023-07-17 CVE-2023-2636 AN Gradebook Project SQL Injection vulnerability in AN Gradebook Project AN Gradebook

The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber

8.8
2023-07-17 CVE-2023-31216 Ultimatemember Cross-Site Request Forgery (CSRF) vulnerability in Ultimatemember Ultimate Member

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.

8.8
2023-07-17 CVE-2023-35038 Wpexperts Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts WP PDF Generator

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.

8.8
2023-07-17 CVE-2023-35089 Really Simple Plugins Cross-Site Request Forgery (CSRF) vulnerability in Really-Simple-Plugins Recipe Maker for Your Food Blog From ZIP Recipes

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.

8.8
2023-07-17 CVE-2023-35096 Mycred Cross-Site Request Forgery (CSRF) vulnerability in Mycred

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

8.8
2023-07-17 CVE-2023-35880 Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Woocommerce Brands 1.6.49

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.

8.8
2023-07-17 CVE-2023-3179 Wpexperts Unspecified vulnerability in Wpexperts Post Smtp Mailer

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).

8.8
2023-07-17 CVE-2023-27424 Inactive User Deleter Project Cross-Site Request Forgery (CSRF) vulnerability in Inactive User Deleter Project Inactive User Deleter

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.

8.8
2023-07-17 CVE-2023-22672 Vibethemes Cross-Site Request Forgery (CSRF) vulnerability in Vibethemes Vslider 4.1.2

Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.

8.8
2023-07-17 CVE-2023-23646 Awplife Cross-Site Request Forgery (CSRF) vulnerability in Awplife Album Gallery

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.

8.8
2023-07-17 CVE-2023-23719 Premmerce Cross-Site Request Forgery (CSRF) vulnerability in Premmerce

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.

8.8
2023-07-17 CVE-2023-27606 WP Reroute Email Project Cross-Site Request Forgery (CSRF) vulnerability in WP Reroute Email Project WP Reroute Email

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.

8.8
2023-07-17 CVE-2023-2759 Taphome Improper Authentication vulnerability in Taphome Core Firmware

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge.

8.8
2023-07-18 CVE-2023-22062 Oracle Unspecified vulnerability in Oracle Hyperion 11.2.13.0.000

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository).

8.5
2023-07-18 CVE-2023-22014 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.59/8.60

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

8.4
2023-07-17 CVE-2023-3591 Mattermost Improper Authentication vulnerability in Mattermost Server

Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.

8.2
2023-07-20 CVE-2023-34625 Showmojo Authentication Bypass by Capture-replay vulnerability in Showmojo Mojobox Firmware 1.4

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass.

8.1
2023-07-20 CVE-2022-28733 GNU Integer Underflow (Wrap or Wraparound) vulnerability in GNU Grub2

Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value.

8.1
2023-07-18 CVE-2023-22018 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.1
2023-07-18 CVE-2023-34143 Hitachi Improper Certificate Validation vulnerability in Hitachi Device Manager

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.

8.1
2023-07-17 CVE-2023-3581 Mattermost Origin Validation Error vulnerability in Mattermost Server

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.

8.1
2023-07-17 CVE-2023-3615 Mattermost Improper Certificate Validation vulnerability in Mattermost

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.

8.1
2023-07-19 CVE-2023-3467 Citrix Unspecified vulnerability in Citrix products

Privilege Escalation to root administrator (nsroot)

8.0
2023-07-18 CVE-2023-34329 AMI Authentication Bypass by Spoofing vulnerability in AMI Megarac Sp-X 12/13

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header.

8.0
2023-07-17 CVE-2023-34138 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.

8.0
2023-07-17 CVE-2023-34141 Zyxel OS Command Injection vulnerability in Zyxel products

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.

8.0
2023-07-23 CVE-2023-28133 Checkpoint Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Endpoint Security E87.30

Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file

7.8
2023-07-23 CVE-2023-3842 Pointware Unquoted Search Path or Element vulnerability in Pointware Easyinventory 1.0.12.0

A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical.

7.8
2023-07-21 CVE-2022-37331 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-41793 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-42885 Openbabel Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1

A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-43467 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-43607 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-44451 Openbabel Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1

A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46280 Openbabel Access of Uninitialized Pointer vulnerability in Openbabel Open Babel 3.1.1

A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46289 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46290 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46291 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46292 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46293 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46294 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2022-46295 Openbabel Out-of-bounds Write vulnerability in Openbabel Open Babel 3.1.1

Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3.

7.8
2023-07-21 CVE-2023-3609 Linux
Debian
Use After Free vulnerability in multiple products

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter().

7.8
2023-07-21 CVE-2023-3610 Linux
Debian
Use After Free vulnerability in multiple products

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Flaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE.

7.8
2023-07-21 CVE-2023-3611 Linux
Debian
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. The qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks. We recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.

7.8
2023-07-21 CVE-2023-3776 Linux
Debian
Use After Free vulnerability in multiple products

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter().

7.8
2023-07-21 CVE-2023-28728 Panasonic Out-of-bounds Write vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

7.8
2023-07-21 CVE-2023-28729 Panasonic Type Confusion vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0

A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

7.8
2023-07-21 CVE-2023-28730 Panasonic Out-of-bounds Write vulnerability in Panasonic Control Fpwin PRO 6.414/7.3.0.0

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.

7.8
2023-07-20 CVE-2021-39822 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-07-20 CVE-2022-28735 GNU Unspecified vulnerability in GNU Grub2

The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems.

7.8
2023-07-20 CVE-2022-28736 GNU Use After Free vulnerability in GNU Grub2

There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2.

7.8
2023-07-20 CVE-2022-28737 Redhat Out-of-bounds Write vulnerability in Redhat Shim

There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded.

7.8
2023-07-19 CVE-2023-34394 Keysight Unrestricted Upload of File with Dangerous Type vulnerability in Keysight Geolocation Server

In Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.

7.8
2023-07-19 CVE-2023-36853 Keysight Uncontrolled Search Path Element vulnerability in Keysight Geolocation Server

?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location.

7.8
2023-07-19 CVE-2023-32664 Foxit Unspecified vulnerability in Foxit PDF Reader 12.1.2.15332

A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332.

7.8
2023-07-19 CVE-2022-43910 IBM Improper Preservation of Permissions vulnerability in IBM Security Guardium 11.3

IBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls.

7.8
2023-07-18 CVE-2023-22023 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface).

7.8
2023-07-18 CVE-2021-34119 Htmldoc Project Out-of-bounds Write vulnerability in Htmldoc Project Htmldoc 1.9.12

A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.

7.8
2023-07-18 CVE-2021-34121 Htmldoc Project Out-of-bounds Read vulnerability in Htmldoc Project Htmldoc 1.9.12

An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data.

7.8
2023-07-18 CVE-2022-33064 Libsndfile Project Off-by-one Error vulnerability in Libsndfile Project Libsndfile 1.1.0

An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.

7.8
2023-07-18 CVE-2022-33065 Libsndfile Project Integer Overflow or Wraparound vulnerability in Libsndfile Project Libsndfile

Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.

7.8
2023-07-18 CVE-2023-30906 HPE Unspecified vulnerability in HPE Intelligent Provisioning 1.72/2.81

The vulnerability could be locally exploited to allow escalation of privilege.

7.8
2023-07-18 CVE-2020-36695 Hitachi Incorrect Default Permissions vulnerability in Hitachi products

Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS components), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.

7.8
2023-07-17 CVE-2023-37476 Openrefine Path Traversal vulnerability in Openrefine

OpenRefine is a free, open source tool for data processing.

7.8
2023-07-18 CVE-2023-22060 Oracle Unspecified vulnerability in Oracle Hyperion Workspace 11.2.13.0.000

Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization).

7.6
2023-07-17 CVE-2023-2760 Taphome SQL Injection vulnerability in Taphome Core Firmware

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access.

7.6
2023-07-21 CVE-2023-35077 Ivanti Out-of-bounds Write vulnerability in Ivanti Endpoint Manager

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash.

7.5
2023-07-21 CVE-2023-37915 Objectcomputing Unspecified vulnerability in Objectcomputing Opendds 3.23.1

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS).

7.5
2023-07-21 CVE-2023-37916 Fit2Cloud Unspecified vulnerability in Fit2Cloud Kubepi

KubePi is an opensource kubernetes management panel.

7.5
2023-07-21 CVE-2023-37918 Linuxfoundation Improper Authentication vulnerability in Linuxfoundation Dapr

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge.

7.5
2023-07-21 CVE-2023-36339 Webboss Incorrect Authorization vulnerability in Webboss Webboss.Io CMS

An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request.

7.5
2023-07-21 CVE-2023-3813 Artbees Path Traversal vulnerability in Artbees Jupiter X Core

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0.

7.5
2023-07-20 CVE-2023-30200 Advancedplugins Path Traversal vulnerability in Advancedplugins Ultimateimagetool

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack.

7.5
2023-07-20 CVE-2023-37649 Agentejo Unspecified vulnerability in Agentejo Cockpit

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.

7.5
2023-07-20 CVE-2023-37601 Mobisystems Path Traversal vulnerability in Mobisystems Office Suite 10.9.1.42602

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.

7.5
2023-07-20 CVE-2023-31461 Steelseries Path Traversal vulnerability in Steelseries GG 36.0.0

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability.

7.5
2023-07-20 CVE-2023-34966 Samba
Fedoraproject
Redhat
Debian
Infinite Loop vulnerability in multiple products

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight.

7.5
2023-07-20 CVE-2023-37290 Infodoc Server-Side Request Forgery (SSRF) vulnerability in Infodoc Document On-Line Submission and Approval System 22547/22567

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe.

7.5
2023-07-19 CVE-2023-32657 Weintek Improper Restriction of Excessive Authentication Attempts vulnerability in Weintek Weincloud 0.13.6

Weintek Weincloud v0.13.6 could allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.

7.5
2023-07-19 CVE-2023-34429 Weintek Unspecified vulnerability in Weintek Weincloud 0.13.6

Weintek Weincloud v0.13.6 could allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.

7.5
2023-07-19 CVE-2023-37276 Aiohttp HTTP Request Smuggling vulnerability in Aiohttp

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python.

7.5
2023-07-19 CVE-2023-37899 Feathersjs Improper Check for Unusual or Exceptional Conditions vulnerability in Feathersjs Feathers

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript.

7.5
2023-07-19 CVE-2023-25838 Esri SQL Injection vulnerability in Esri Arcgis Insights 2022.1

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database.

7.5
2023-07-19 CVE-2023-3762 Intergard Cleartext Storage of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0

A vulnerability was found in Intergard SGS 8.7.0.

7.5
2023-07-19 CVE-2023-3763 Intergard Cleartext Transmission of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0

A vulnerability was found in Intergard SGS 8.7.0.

7.5
2023-07-19 CVE-2023-3761 Intergard Cleartext Transmission of Sensitive Information vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0

A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic.

7.5
2023-07-19 CVE-2021-38933 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling Connect:Express for Unix

IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2023-07-19 CVE-2023-26023 IBM Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.

7.5
2023-07-19 CVE-2023-26026 IBM Information Exposure Through Log Files vulnerability in IBM Cloud PAK for Data 4.0

Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks.

7.5
2023-07-19 CVE-2023-27877 IBM Improper Authentication vulnerability in IBM Cloud PAK for Data 4.0

IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server.

7.5
2023-07-19 CVE-2023-28513 IBM Unspecified vulnerability in IBM MQ and MQ Appliance

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages.

7.5
2023-07-18 CVE-2023-22047 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise 8.59/8.60

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

7.5
2023-07-18 CVE-2023-28021 Hcltech Inadequate Encryption Strength vulnerability in Hcltech Bigfix Webui

The BigFix WebUI uses weak cipher suites.

7.5
2023-07-18 CVE-2023-30383 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.

7.5
2023-07-18 CVE-2023-37758 Dlink Classic Buffer Overflow vulnerability in Dlink Dir-815 Firmware 1.0.1

D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.

7.5
2023-07-18 CVE-2023-37788 Goproxy Project Resource Exhaustion vulnerability in Goproxy Project Goproxy 1.1

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.

7.5
2023-07-18 CVE-2023-33871 Iagona Unspecified vulnerability in Iagona Scrutisweb 2.1.37

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.

7.5
2023-07-18 CVE-2023-38257 Iagona Unspecified vulnerability in Iagona Scrutisweb 2.1.37

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.

7.5
2023-07-18 CVE-2021-4428 What3Words Information Exposure vulnerability in What3Words Autosuggest

A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic.

7.5
2023-07-18 CVE-2023-2263 Rockwellautomation Resource Exhaustion vulnerability in Rockwellautomation Kinetix 5700 Firmware 13.001

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing.

7.5
2023-07-18 CVE-2022-41409 Pcre Integer Overflow or Wraparound vulnerability in Pcre Pcre2

Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.

7.5
2023-07-18 CVE-2022-47085 Ostree Project Unspecified vulnerability in Ostree Project Ostree

An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.

7.5
2023-07-18 CVE-2023-3743 Leothemes SQL Injection vulnerability in Leothemes AP Page Builder

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.

7.5
2023-07-18 CVE-2023-31998 UI Out-of-bounds Write vulnerability in UI Aircube Firmware and Edgemax Edgerouter Firmware

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.

7.5
2023-07-18 CVE-2023-34142 Hitachi Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.

7.5
2023-07-18 CVE-2023-38434 Xhttp Project Double Free vulnerability in Xhttp Project Xhttp

xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.

7.5
2023-07-17 CVE-2023-37479 Openenclave Improper Initialization vulnerability in Openenclave

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves.

7.5
2023-07-17 CVE-2023-38403 ES
Debian
Fedoraproject
Netapp
Apple
Integer Overflow or Wraparound vulnerability in multiple products

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

7.5
2023-07-17 CVE-2023-38405 Crestron Unspecified vulnerability in Crestron products

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.

7.5
2023-07-17 CVE-2021-37386 Furukawa Cross-site Scripting vulnerability in Furukawa products

Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.

7.5
2023-07-17 CVE-2023-34669 Totolink Unspecified vulnerability in Totolink Cp300+ Firmware 5.2Cu.7594

TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.

7.5
2023-07-17 CVE-2023-37475 Avro Project Resource Exhaustion vulnerability in Avro Project Avro

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification.

7.5
2023-07-17 CVE-2023-3590 Mattermost Incorrect Authorization vulnerability in Mattermost Server 7.10.0/7.10.1/7.10.2

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

7.5
2023-07-17 CVE-2023-2959 Olivaekspertiz Authentication Bypass by Primary Weakness vulnerability in Olivaekspertiz Oliva Ekspertiz

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.

7.5
2023-07-17 CVE-2023-2912 Secomea Use After Free vulnerability in Secomea Sitemanager Embedded 9.2C

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.

7.5
2023-07-17 CVE-2022-4952 Dotnetfoundation Unspecified vulnerability in Dotnetfoundation C# Language Server Protocol

A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic.

7.5
2023-07-23 CVE-2023-3852 Yuque Unrestricted Upload of File with Dangerous Type vulnerability in Yuque Rapidcms

A vulnerability was found in OpenRapid RapidCMS up to 1.3.1.

7.2
2023-07-23 CVE-2023-3839 Dedebiz SQL Injection vulnerability in Dedebiz 6.2.10

A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10.

7.2
2023-07-21 CVE-2021-35391 Deskpro Server-Side Request Forgery (SSRF) vulnerability in Deskpro 2021.21.6

Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.

7.2
2023-07-21 CVE-2023-3820 Pimcore SQL Injection vulnerability in Pimcore

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.

7.2
2023-07-21 CVE-2023-35086 Asus Use of Externally-Controlled Format String vulnerability in Asus Rt-Ac86U Firmware and Rt-Ax56U V2 Firmware

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U.

7.2
2023-07-19 CVE-2023-30799 Mikrotik Unspecified vulnerability in Mikrotik Routeros

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue.

7.2
2023-07-18 CVE-2023-3459 Webtoffee Unspecified vulnerability in Webtoffee Import Export Wordpress Users

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1.

7.2
2023-07-18 CVE-2020-23909 Advancemame Out-of-bounds Read vulnerability in Advancemame

Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.

7.1
2023-07-20 CVE-2022-28734 GNU
Netapp
Out-of-bounds Write vulnerability in multiple products

Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position.

7.0
2023-07-19 CVE-2023-25839 Esri SQL Injection vulnerability in Esri Arcgis Insights 2022.1

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database.

7.0

210 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-07-20 CVE-2023-3786 Aures Unspecified vulnerability in Aures Komet Firmware 20230509

A vulnerability classified as problematic has been found in Aures Komet up to 20230509.

6.8
2023-07-18 CVE-2023-3527 Avaya Improper Neutralization of Formula Elements in a CSV File vulnerability in Avaya Call Management System 17.0/18.0.0.1/18.0.0.2

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software such as Microsoft Excel.  

6.8
2023-07-17 CVE-2023-35818 Espressif Unspecified vulnerability in Espressif products

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices.

6.8
2023-07-18 CVE-2021-43072 Fortinet Classic Buffer Overflow vulnerability in Fortinet products

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.

6.7
2023-07-17 CVE-2023-35012 IBM Out-of-bounds Write vulnerability in IBM DB2 11.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.

6.7
2023-07-20 CVE-2023-3800 Wolfcode Unrestricted Upload of File with Dangerous Type vulnerability in Wolfcode Easyadmin8 2.0.2.2

A vulnerability was found in EasyAdmin8 2.0.2.2.

6.6
2023-07-21 CVE-2023-3603 Libssh NULL Pointer Dereference vulnerability in Libssh

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions.

6.5
2023-07-21 CVE-2023-38187 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

6.5
2023-07-21 CVE-2023-3819 Pimcore Information Exposure vulnerability in Pimcore

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.

6.5
2023-07-21 CVE-2023-3484 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2.

6.5
2023-07-20 CVE-2020-24275 Swoole Injection vulnerability in Swoole 4.5.2

A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.

6.5
2023-07-20 CVE-2023-3792 Netentsec Forced Browsing vulnerability in Netentsec Application Security Gateway 6.3

A vulnerability was found in Beijing Netcon NS-ASG 6.3.

6.5
2023-07-20 CVE-2023-38334 Omnis Unspecified vulnerability in Omnis Studio 10.22.00

Omnis Studio 10.22.00 has incorrect access control.

6.5
2023-07-20 CVE-2023-32265 Microfocus Unspecified vulnerability in Microfocus products

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server. An attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability.

6.5
2023-07-20 CVE-2023-32481 Dell Allocation of Resources Without Limits or Throttling vulnerability in Dell Wyse Management Suite

Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability.

6.5
2023-07-19 CVE-2023-32261 Microfocus Unspecified vulnerability in Microfocus Dimensions CM

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins.

6.5
2023-07-19 CVE-2023-32262 Microfocus Unspecified vulnerability in Microfocus Dimensions CM

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins.

6.5
2023-07-19 CVE-2023-3760 Intergard Improper Resource Shutdown or Release vulnerability in Intergard Smartgard Silver With Matrix Keyboard 8.7.0

A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic.

6.5
2023-07-19 CVE-2022-43908 IBM Improper Input Validation vulnerability in IBM Security Guardium 11.3

IBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation.

6.5
2023-07-19 CVE-2023-35898 IBM Unspecified vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer.

6.5
2023-07-18 CVE-2023-21994 Oracle Unspecified vulnerability in Oracle Fusion Middleware

Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App).

6.5
2023-07-18 CVE-2023-22022 Oracle Unspecified vulnerability in Oracle Health Sciences Applications 3.1.0.2/3.1.1.3/3.2.0.0

Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality).

6.5
2023-07-18 CVE-2023-22037 Oracle Unspecified vulnerability in Oracle web Applications Desktop Integrator

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific).

6.5
2023-07-18 CVE-2023-22040 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.5
2023-07-18 CVE-2023-28023 Hcltech Cross-Site Request Forgery (CSRF) vulnerability in Hcltech Bigfix Webui 14/20/44

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). 

6.5
2023-07-18 CVE-2023-2913 Rockwellautomation Path Traversal vulnerability in Rockwellautomation Thinmanager 13.0.0/13.0.1/13.0.2

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings.

6.5
2023-07-18 CVE-2021-32256 GNU Out-of-bounds Write vulnerability in GNU Binutils 2.36

An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36.

6.5
2023-07-17 CVE-2023-37769 Pixman Divide By Zero vulnerability in Pixman

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.

6.5
2023-07-17 CVE-2023-37781 Emqx Path Traversal vulnerability in Emqx 4.3.8

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.

6.5
2023-07-17 CVE-2022-30858 Ngiflib Project Resource Exhaustion vulnerability in Ngiflib Project Ngiflib 0.4

An issue was discovered in ngiflib 0.4.

6.5
2023-07-17 CVE-2023-34140 Zyxel Classic Buffer Overflow vulnerability in Zyxel products

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.

6.5
2023-07-17 CVE-2023-3593 Mattermost Unspecified vulnerability in Mattermost Server

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.

6.5
2023-07-23 CVE-2023-3853 Phpscriptpoint Cross-site Scripting vulnerability in PHPscriptpoint Bloodbank 1.1

A vulnerability was found in phpscriptpoint BloodBank 1.1.

6.1
2023-07-23 CVE-2023-3849 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3847 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability classified as problematic was found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3848 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3846 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability classified as problematic has been found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3844 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability was found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3845 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability was found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3843 Moosocial Cross-site Scripting vulnerability in Moosocial Moodating 1.2

A vulnerability was found in mooSocial mooDating 1.2.

6.1
2023-07-23 CVE-2023-3840 Nxfilter Cross-site Scripting vulnerability in Nxfilter 4.3.2.5

A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5.

6.1
2023-07-22 CVE-2023-3835 Bugfinder Cross-site Scripting vulnerability in Bugfinder Minestack 1.0

A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0.

6.1
2023-07-22 CVE-2023-3834 Bugfinder Cross-site Scripting vulnerability in Bugfinder Ex-Rate 1.0

A vulnerability was found in Bug Finder EX-RATE 1.0.

6.1
2023-07-22 CVE-2023-3832 Bugfinder Cross-site Scripting vulnerability in Bugfinder Wedding Wonders 1.0

A vulnerability was found in Bug Finder Wedding Wonders 1.0.

6.1
2023-07-22 CVE-2023-3833 Bugfinder Cross-site Scripting vulnerability in Bugfinder Montage 1.0

A vulnerability was found in Bug Finder Montage 1.0.

6.1
2023-07-22 CVE-2023-3830 Bugfinder Cross-site Scripting vulnerability in Bugfinder Sass Biller 1.0

A vulnerability was found in Bug Finder SASS BILLER 1.0.

6.1
2023-07-22 CVE-2023-3829 Bugfinder Cross-site Scripting vulnerability in Bugfinder Icogenie 1.0

A vulnerability was found in Bug Finder ICOGenie 1.0.

6.1
2023-07-22 CVE-2023-3828 Bugfinder Cross-site Scripting vulnerability in Bugfinder Listplace Directory Listing Platform 3.0

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0.

6.1
2023-07-22 CVE-2023-3827 Bugfinder Cross-site Scripting vulnerability in Bugfinder Listplace Directory Listing Platform 3.0

A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic.

6.1
2023-07-21 CVE-2023-37905 Ckeditor Wordcount Plugin Project Cross-site Scripting vulnerability in Ckeditor-Wordcount-Plugin Project Ckeditor-Wordcount-Plugin

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor.

6.1
2023-07-21 CVE-2023-25841 Esri Cross-site Scripting vulnerability in Esri Arcgis Server 10.8.1/10.9.0/10.9.1

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.

6.1
2023-07-21 CVE-2023-37742 Webboss Cross-site Scripting vulnerability in Webboss Webboss.Io CMS

WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.

6.1
2023-07-21 CVE-2023-3822 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.

6.1
2023-07-21 CVE-2023-3815 Ruoyi Cross-site Scripting vulnerability in Ruoyi

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7.

6.1
2023-07-21 CVE-2023-32624 Sakura Cross-site Scripting vulnerability in Sakura TS Webfonts

Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.

6.1
2023-07-20 CVE-2021-39425 Seeddms Open Redirect vulnerability in Seeddms 6.0.15

SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability.

6.1
2023-07-20 CVE-2023-3794 Bugfinder Cross-site Scripting vulnerability in Bugfinder Chaincity 1.0

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0.

6.1
2023-07-20 CVE-2023-37164 Diafan Cross-site Scripting vulnerability in Diafan Diafan.Cms 6.0

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.

6.1
2023-07-20 CVE-2023-37600 Mobisystems Cross-site Scripting vulnerability in Mobisystems Office Suite 10.9.1.42602

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile.

6.1
2023-07-20 CVE-2023-37602 Alkacon Cross-site Scripting vulnerability in Alkacon Opencms 15.0.0

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.

6.1
2023-07-20 CVE-2023-38617 Mobisystems Cross-site Scripting vulnerability in Mobisystems Office Suite 10.9.1.42602

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.

6.1
2023-07-20 CVE-2023-37728 Icewarp Cross-site Scripting vulnerability in Icewarp 10.2.1

IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter.

6.1
2023-07-20 CVE-2023-3789 Paulprinting Project Cross-site Scripting vulnerability in Paulprinting Project Paulprinting 2018

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018.

6.1
2023-07-19 CVE-2023-37733 Tduckcloud Cross-site Scripting vulnerability in Tduckcloud Tduck-Platform 4.0

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.

6.1
2023-07-19 CVE-2023-3466 Citrix Cross-site Scripting vulnerability in Citrix products

Reflected Cross-Site Scripting (XSS)

6.1
2023-07-19 CVE-2023-3757 Gzscripts Cross-site Scripting vulnerability in Gzscripts CAR Rental PHP Script 1.8

A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8.

6.1
2023-07-19 CVE-2023-3755 Creativeitem Cross-site Scripting vulnerability in Creativeitem Atlas 2.13

A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic.

6.1
2023-07-19 CVE-2023-3756 Creativeitem Cross-site Scripting vulnerability in Creativeitem Atlas 2.13

A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic.

6.1
2023-07-19 CVE-2023-3754 Creativeitem Cross-site Scripting vulnerability in Creativeitem Ekushey Project Manager 5.0

A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0.

6.1
2023-07-19 CVE-2023-3752 Creativeitem Cross-site Scripting vulnerability in Creativeitem Academy LMS 5.15

A vulnerability was found in Creativeitem Academy LMS 5.15.

6.1
2023-07-19 CVE-2023-3753 Creativeitem Cross-site Scripting vulnerability in Creativeitem Mastery LMS 1.2

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2.

6.1
2023-07-18 CVE-2023-22035 Oracle Cross-site Scripting vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module).

6.1
2023-07-18 CVE-2023-22042 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics).

6.1
2023-07-18 CVE-2023-22055 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Tools

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC).

6.1
2023-07-18 CVE-2023-28020 Hcltech Open Redirect vulnerability in Hcltech Bigfix Webui

 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.

6.1
2023-07-18 CVE-2023-33312 Easy Captcha Project Cross-site Scripting vulnerability in Easy Captcha Project Easy Captcha 0.8/0.9/1.0

Unauth.

6.1
2023-07-18 CVE-2023-33231 Solarwinds Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer

XSS attack was possible in DPA 2023.2 due to insufficient input validation

6.1
2023-07-18 CVE-2023-36384 Booking Calendar Project Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar

Unauth.

6.1
2023-07-18 CVE-2023-32965 Crudlab Cross-site Scripting vulnerability in Crudlab Jazz Popups

Unauth.

6.1
2023-07-18 CVE-2023-3708 Deothemes Unspecified vulnerability in Deothemes Medikaid

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping.

6.1
2023-07-17 CVE-2023-31851 Cudy Cross-site Scripting vulnerability in Cudy Lt400 Firmware 1.13.4/1.15.18/1.15.27

Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.

6.1
2023-07-17 CVE-2023-31853 Cudy Cross-site Scripting vulnerability in Cudy Lt400 Firmware 1.13.4

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.

6.1
2023-07-17 CVE-2023-1893 Login Configurator Project Cross-site Scripting vulnerability in Login Configurator Project Login Configurator 2.1

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.

6.1
2023-07-17 CVE-2023-2701 Mediaburst Unspecified vulnerability in Mediaburst Gravity Forms

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.

6.1
2023-07-17 CVE-2023-2960 Olivaekspertiz Cross-site Scripting vulnerability in Olivaekspertiz Oliva Ekspertiz

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).This issue affects Oliva Expertise EKS: before 1.2.

6.1
2023-07-17 CVE-2023-31852 Cuby Cross-site Scripting vulnerability in Cuby Lt400 Firmware 1.13.4

Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.

6.1
2023-07-17 CVE-2023-3041 Autochat Unspecified vulnerability in Autochat Automatic Conversation

The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.

6.1
2023-07-17 CVE-2023-3182 Liquidweb Unspecified vulnerability in Liquidweb Restrict Content

The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-07-18 CVE-2023-21961 Oracle Unspecified vulnerability in Oracle Hyperion Essbase Administration Services 21.4.3.0.0

Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console).

6.0
2023-07-20 CVE-2022-2127 Samba
Redhat
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c.

5.9
2023-07-20 CVE-2023-3347 Samba
Redhat
Fedoraproject
A vulnerability was found in Samba's SMB2 packet signing mechanism.
5.9
2023-07-19 CVE-2023-35134 Weintek Weak Password Recovery Mechanism for Forgotten Password vulnerability in Weintek Weincloud 0.13.6

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.

5.9
2023-07-19 CVE-2023-3782 Squareup Unspecified vulnerability in Squareup Okhttp-Brotli

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

5.9
2023-07-18 CVE-2023-22043 Oracle Unspecified vulnerability in Oracle JDK and JRE

Vulnerability in Oracle Java SE (component: JavaFX).

5.9
2023-07-18 CVE-2023-22053 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs).
5.9
2023-07-19 CVE-2023-32263 Microfocus Unspecified vulnerability in Microfocus Dimensions CM

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins.

5.7
2023-07-18 CVE-2023-21983 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None).

5.6
2023-07-23 CVE-2023-2430 Linux Improper Locking vulnerability in Linux Kernel

A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel.

5.5
2023-07-22 CVE-2023-38633 Gnome
Fedoraproject
Debian
Path Traversal vulnerability in multiple products

A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.

5.5
2023-07-20 CVE-2023-32476 Dell Information Exposure vulnerability in Dell Hybrid Client 2.0

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability.

5.5
2023-07-20 CVE-2023-32446 Dell Information Exposure Through Log Files vulnerability in Dell Wyse Thinos 9.4.1141

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability.

5.5
2023-07-20 CVE-2023-32447 Dell Information Exposure Through Log Files vulnerability in Dell Wyse Thinos

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability.

5.5
2023-07-20 CVE-2023-32455 Dell Information Exposure Through Log Files vulnerability in Dell Wyse Thinos

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability.

5.5
2023-07-19 CVE-2023-37748 Miniupnp Project Infinite Loop vulnerability in Miniupnp Project Ngiflib

ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.

5.5
2023-07-19 CVE-2022-40896 Pygments Unrestricted Upload of File with Dangerous Type vulnerability in Pygments

A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.

5.5
2023-07-19 CVE-2023-32635 Edinet FSA XXE vulnerability in Edinet-Fsa Xbrl Data Create

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE).

5.5
2023-07-18 CVE-2023-22017 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.5
2023-07-18 CVE-2023-37139 Microsoft Out-of-bounds Write vulnerability in Microsoft Chakracore

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().

5.5
2023-07-18 CVE-2023-37140 Microsoft Resource Exhaustion vulnerability in Microsoft Chakracore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().

5.5
2023-07-18 CVE-2023-37141 Microsoft Resource Exhaustion vulnerability in Microsoft Chakracore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().

5.5
2023-07-18 CVE-2023-37142 Microsoft Resource Exhaustion vulnerability in Microsoft Chakracore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().

5.5
2023-07-18 CVE-2023-37143 Microsoft Resource Exhaustion vulnerability in Microsoft Chakracore

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().

5.5
2023-07-18 CVE-2023-35763 Iagona Use of Hard-coded Credentials vulnerability in Iagona Scrutisweb 2.1.37

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.

5.5
2023-07-18 CVE-2023-0160 Linux
Fedoraproject
Improper Locking vulnerability in multiple products

A deadlock flaw was found in the Linux kernel’s BPF subsystem.

5.5
2023-07-18 CVE-2023-31441 Ncia NULL Pointer Dereference vulnerability in Ncia Advisor Network

In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception.

5.5
2023-07-18 CVE-2020-23910 Asn1C Project Out-of-bounds Write vulnerability in Asn1C Project Asn1C 0.9.28

Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.

5.5
2023-07-18 CVE-2020-23911 Asn1C Project NULL Pointer Dereference vulnerability in Asn1C Project Asn1C 0.9.28

An issue was discovered in asn1c through v0.9.28.

5.5
2023-07-18 CVE-2021-33294 Elfutils Project Infinite Loop vulnerability in Elfutils Project Elfutils 0.183

In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.

5.5
2023-07-17 CVE-2023-38409 Linux Unspecified vulnerability in Linux Kernel

An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12.

5.5
2023-07-17 CVE-2023-28864 Progress Insecure Storage of Sensitive Information vulnerability in Progress Chef Infra Server

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed.

5.5
2023-07-17 CVE-2023-37770 Grame Out-of-bounds Write vulnerability in Grame Faust

faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp.

5.5
2023-07-22 CVE-2023-3831 Bugfinder Cross-site Scripting vulnerability in Bugfinder Finounce 1.0

A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic.

5.4
2023-07-22 CVE-2023-25929 IBM Cross-site Scripting vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting.

5.4
2023-07-22 CVE-2023-28530 IBM Cross-site Scripting vulnerability in IBM Cognos Analytics

IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations.

5.4
2023-07-21 CVE-2023-37901 Cern Cross-site Scripting vulnerability in Cern Indico

Indico is an open source a general-purpose, web based event management tool.

5.4
2023-07-21 CVE-2023-3821 Pimcore Cross-site Scripting vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.

5.4
2023-07-21 CVE-2023-25836 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9

There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.

5.4
2023-07-20 CVE-2021-45094 Okta Cross-site Scripting vulnerability in Okta Imprivata Privileged Access Management 2.3.202112051108

Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.

5.4
2023-07-20 CVE-2023-3790 Uxblondon Cross-site Scripting vulnerability in Uxblondon Boom CMS 8.0.7

A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic.

5.4
2023-07-20 CVE-2023-3788 Activeitzone Cross-site Scripting vulnerability in Activeitzone Active Super Shop 2.5

A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5.

5.4
2023-07-20 CVE-2023-3787 Tiva Events Calendar Project Cross-site Scripting vulnerability in Tiva Events Calendar Project Tiva Events Calendar 1.4

A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4.

5.4
2023-07-20 CVE-2023-3785 Paulprinting Project Cross-site Scripting vulnerability in Paulprinting Project Paulprinting 2018

A vulnerability was found in PaulPrinting CMS 2018.

5.4
2023-07-20 CVE-2023-3784 Wifi File Explorer Project Cross-site Scripting vulnerability in Wifi File Explorer Project Wifi File Explorer 1.13.3

A vulnerability was found in Dooblou WiFi File Explorer 1.13.3.

5.4
2023-07-20 CVE-2023-3783 Webile Wifi PC File Transfer Project Cross-site Scripting vulnerability in Webile Wifi PC File Transfer Project Webile Wifi PC File Transfer 1.0.1

A vulnerability was found in Webile 1.0.1.

5.4
2023-07-19 CVE-2023-29260 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Sterling Connect:Express for Unix 1.5.0

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF).

5.4
2023-07-19 CVE-2023-30433 IBM Open Redirect vulnerability in IBM Security Verify Access 10.0.0

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.4
2023-07-18 CVE-2023-22011 Oracle Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

5.4
2023-07-18 CVE-2023-22020 Oracle Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

5.4
2023-07-18 CVE-2023-22039 Oracle Unspecified vulnerability in Oracle Agile PLM 9.3.6

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient).

5.4
2023-07-18 CVE-2023-22050 Oracle Unspecified vulnerability in Oracle JD Edwards Enterpriseone Orchestrator

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security).

5.4
2023-07-18 CVE-2023-22061 Oracle Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer).

5.4
2023-07-18 CVE-2023-37259 Matrix React SDK Project Cross-site Scripting vulnerability in Matrix-React-Sdk Project Matrix-React-Sdk

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page.

5.4
2023-07-18 CVE-2023-36383 Mage People Cross-site Scripting vulnerability in Mage-People Event Manager and Tickets Selling for Woocommerce

Auth.

5.4
2023-07-18 CVE-2023-2433 Yarpp Unspecified vulnerability in Yarpp YET Another Related Posts Plugin

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping.

5.4
2023-07-17 CVE-2023-36656 Jaegertracing Cross-site Scripting vulnerability in Jaegertracing Jaeger UI

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.

5.4
2023-07-17 CVE-2023-3586 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.

5.4
2023-07-17 CVE-2023-0439 Basixonline Unspecified vulnerability in Basixonline Nex-Forms

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues.

5.4
2023-07-17 CVE-2023-2143 Ideastocode Unspecified vulnerability in Ideastocode Enable Svg, Webp & ICO Upload 1.0.0/1.0.1/1.0.3

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.

5.4
2023-07-17 CVE-2023-2579 Inventorypress Project Unspecified vulnerability in Inventorypress Project Inventorypress 1.7

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.

5.4
2023-07-21 CVE-2023-3102 Gitlab Unspecified vulnerability in Gitlab 16.1.0

A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.

5.3
2023-07-20 CVE-2023-37645 Eyoucms Exposure of Resource to Wrong Sphere vulnerability in Eyoucms 1.6.3

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.

5.3
2023-07-20 CVE-2023-38523 Samsung Missing Authentication for Critical Function vulnerability in Samsung products

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed.

5.3
2023-07-20 CVE-2023-38335 Omnis Unspecified vulnerability in Omnis Studio 10.22.00

Omnis Studio 10.22.00 has incorrect access control.

5.3
2023-07-20 CVE-2023-34967 Samba
Fedoraproject
Redhat
Debian
Type Confusion vulnerability in multiple products

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight.

5.3
2023-07-20 CVE-2023-34968 Samba
Fedoraproject
Redhat
Debian
A path disclosure vulnerability was found in Samba.
5.3
2023-07-20 CVE-2023-3779 Wpdeveloper Unspecified vulnerability in Wpdeveloper Essential Addons for Elementor

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block.

5.3
2023-07-20 CVE-2023-3300 Hashicorp Missing Authorization vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy.

5.3
2023-07-19 CVE-2023-3446 Openssl Unspecified vulnerability in Openssl

Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays.

5.3
2023-07-19 CVE-2023-29259 IBM Unspecified vulnerability in IBM Sterling Connect:Express for Unix 1.5.0

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute.

5.3
2023-07-19 CVE-2023-35900 IBM Unspecified vulnerability in IBM products

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level.

5.3
2023-07-18 CVE-2023-34035 Vmware Incorrect Authorization vulnerability in VMWare Spring Security

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.) Specifically, an application is vulnerable when all of the following are true: * Spring MVC is on the classpath * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet) * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints An application is not vulnerable if any of the following is true: * The application does not have Spring MVC on the classpath * The application secures no servlets other than Spring MVC’s DispatcherServlet * The application uses requestMatchers(String) only for Spring MVC endpoints

5.3
2023-07-18 CVE-2023-3709 Royal Elementor Addons Unspecified vulnerability in Royal-Elementor-Addons Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block.

5.3
2023-07-17 CVE-2022-4023 3Dprint Project Unspecified vulnerability in 3Dprint Project 3Dprint

The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form.

5.3
2023-07-17 CVE-2023-34036 Vmware Improper Encoding or Escaping of Output vulnerability in VMWare Spring Hateoas

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server. For the application to be affected, it needs to satisfy the following requirements: * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses. * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.

5.3
2023-07-17 CVE-2023-33857 IBM Unspecified vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system.

5.3
2023-07-17 CVE-2023-35901 IBM Improper Authentication vulnerability in IBM products

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields.

5.3
2023-07-18 CVE-2023-22041 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).
5.1
2023-07-22 CVE-2023-38195 Datalust Unspecified vulnerability in Datalust SEQ

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory.

4.9
2023-07-21 CVE-2023-32478 Dell Information Exposure Through Log Files vulnerability in Dell Powerstoreos

Dell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability.

4.9
2023-07-20 CVE-2023-32482 Dell Incorrect Authorization vulnerability in Dell Wyse Management Suite

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability.

4.9
2023-07-18 CVE-2023-21950 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).

4.9
2023-07-18 CVE-2023-22007 Oracle Unspecified vulnerability in Oracle Mysql

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).

4.9
2023-07-18 CVE-2023-22008 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2023-07-18 CVE-2023-22034 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Unified Audit component of Oracle Database Server.

4.9
2023-07-18 CVE-2023-22046 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2023-07-18 CVE-2023-22054 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2023-07-18 CVE-2023-22056 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2023-07-18 CVE-2023-22057 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2023-07-18 CVE-2023-37480 Ethyca Resource Exhaustion vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations.

4.9
2023-07-18 CVE-2023-37481 Ethyca Resource Exhaustion vulnerability in Ethyca Fides

Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations.

4.9
2023-07-23 CVE-2023-3838 Dedebiz Cross-site Scripting vulnerability in Dedebiz 6.2.10

A vulnerability classified as problematic was found in DedeBIZ 6.2.10.

4.8
2023-07-22 CVE-2023-3837 Dedebiz Cross-site Scripting vulnerability in Dedebiz 6.2.10

A vulnerability classified as problematic has been found in DedeBIZ 6.2.10.

4.8
2023-07-21 CVE-2023-25837 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis 10.8.1/10.9

There is a Cross-site Scripting vulnerability in Esri ArcGIS Enterprise Sites versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked by a victim could potentially execute arbitrary JavaScript code in the target's browser.

4.8
2023-07-21 CVE-2023-25835 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.

4.8
2023-07-18 CVE-2023-33329 Custom Post Type Generator Project Cross-site Scripting vulnerability in Custom Post Type Generator Project Custom Post Type Generator

Auth.

4.8
2023-07-18 CVE-2022-47421 Armemberplugin Cross-site Scripting vulnerability in Armemberplugin Armember

Auth.

4.8
2023-07-18 CVE-2023-24390 Wesecur Cross-site Scripting vulnerability in Wesecur

Auth.

4.8
2023-07-17 CVE-2023-3245 Premio Cross-site Scripting vulnerability in Premio Chaty

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2023-07-21 CVE-2023-35392 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.7
2023-07-19 CVE-2023-33832 IBM Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in IBM products

IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality.

4.7
2023-07-20 CVE-2023-32483 Dell Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability.

4.4
2023-07-18 CVE-2023-22005 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.4
2023-07-18 CVE-2023-22031 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

4.4
2023-07-18 CVE-2023-22033 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.4
2023-07-18 CVE-2023-22058 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL).
4.4
2023-07-22 CVE-2023-3247 PHP Use of Insufficiently Random Values vulnerability in PHP

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have.

4.3
2023-07-21 CVE-2023-38173 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge for Android Spoofing Vulnerability

4.3
2023-07-21 CVE-2023-32625 Sakura Cross-Site Request Forgery (CSRF) vulnerability in Sakura TS Webfonts

Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.

4.3
2023-07-18 CVE-2023-22004 Oracle Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration).

4.3
2023-07-18 CVE-2023-22009 Oracle Unspecified vulnerability in Oracle Self-Service Human Resources

Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management).

4.3
2023-07-18 CVE-2023-22012 Oracle Unspecified vulnerability in Oracle Business Intelligence 7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

4.3
2023-07-18 CVE-2023-22013 Oracle Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

4.3
2023-07-18 CVE-2023-22021 Oracle Unspecified vulnerability in Oracle Business Intelligence 6.4.0.0.0/7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

4.3
2023-07-18 CVE-2023-22027 Oracle Unspecified vulnerability in Oracle Business Intelligence 7.0.0.0.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server).

4.3
2023-07-18 CVE-2023-3403 Metagauss Unspecified vulnerability in Metagauss Profilegrid

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1.

4.3
2023-07-17 CVE-2023-3577 Mattermost Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

4.3
2023-07-17 CVE-2023-3582 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, 

4.3
2023-07-17 CVE-2023-3585 Mattermost Resource Exhaustion vulnerability in Mattermost Server

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.

4.3
2023-07-17 CVE-2023-3700 Easyappointments Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

4.3
2023-07-18 CVE-2023-22016 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

4.2

20 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-07-20 CVE-2023-3072 Hashicorp Missing Authorization vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results.

3.8
2023-07-21 CVE-2023-3803 Cdwanjiang Unrestricted Upload of File with Dangerous Type vulnerability in Cdwanjiang Flash Flood Disaster Monitoring and Warning System 2.0

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0.

3.7
2023-07-18 CVE-2023-21949 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Advanced Networking Option component of Oracle Database Server.

3.7
2023-07-18 CVE-2023-22036 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility).
3.7
2023-07-18 CVE-2023-22044 Oracle
Debian
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).
3.7
2023-07-18 CVE-2023-22045 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot).
3.7
2023-07-18 CVE-2023-22049 Debian
Oracle
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries).
3.7
2023-07-18 CVE-2023-22051 Oracle Unspecified vulnerability in Oracle Graalvm and Graalvm for JDK

Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler).

3.7
2023-07-17 CVE-2023-3613 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default.

3.5
2023-07-21 CVE-2023-25840 Esri Cross-site Scripting vulnerability in Esri Arcgis Server 10.8.1/10.9.0/10.9.1

There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.

3.4
2023-07-17 CVE-2023-3614 Mattermost Resource Exhaustion vulnerability in Mattermost Server

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.

3.3
2023-07-18 CVE-2023-22006 Oracle
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking).
3.1
2023-07-18 CVE-2023-22048 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).
3.1
2023-07-18 CVE-2023-22052 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

3.1
2023-07-17 CVE-2023-3584 Mattermost Incorrect Authorization vulnerability in Mattermost Server

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.

3.1
2023-07-19 CVE-2023-3674 Keylime
Fedoraproject
A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason.
2.8
2023-07-20 CVE-2023-3299 Hashicorp Exposure of Resource to Wrong Sphere vulnerability in Hashicorp Nomad

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results.

2.7
2023-07-18 CVE-2023-22038 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
2.7
2023-07-17 CVE-2023-3587 Mattermost Missing Authorization vulnerability in Mattermost Server

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

2.7
2023-07-18 CVE-2023-22010 Oracle Unspecified vulnerability in Oracle Essbase 21.4.3.0.0

Vulnerability in Oracle Essbase (component: Security and Provisioning).

2.2