Weekly Vulnerabilities Reports > August 7 to 13, 2023

Overview

787 new vulnerabilities reported during this period, including 116 critical vulnerabilities and 342 high severity vulnerabilities. This weekly summary report vulnerabilities in 2543 products from 233 vendors including Microsoft, Intel, Google, Adobe, and Siemens. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Write", "SQL Injection", "Out-of-bounds Read", and "Classic Buffer Overflow".

  • 480 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 239 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 395 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 76 reported vulnerabilities.
  • Tenda has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

116 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-08 CVE-2023-3572 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote, unauthenticated attacker may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.

10.0
2023-08-13 CVE-2023-39405 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Harmonyos

Vulnerability of out-of-bounds parameter read/write in the Wi-Fi module.

9.8
2023-08-12 CVE-2023-3452 Canto Unspecified vulnerability in Canto 1.3.0

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter.

9.8
2023-08-11 CVE-2020-27544 Foldingathome Unspecified vulnerability in Foldingathome Client Advanced Control

An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py.

9.8
2023-08-11 CVE-2020-36034 School Faculty Scheduling System Project SQL Injection vulnerability in School Faculty Scheduling System Project School Faculty Scheduling System 1.0

SQL Injection vulnerability in oretnom23 School Faculty Scheduling System version 1.0, allows remote attacker to execute arbitrary code, escalate privilieges, and gain sensitive information via crafted payload to id parameter in manage_user.php.

9.8
2023-08-11 CVE-2020-36082 Bloofox Unrestricted Upload of File with Dangerous Type vulnerability in Bloofox Bloofoxcms 0.5.2.1

File Upload vulnerability in bloofoxCMS version 0.5.2.1, allows remote attackers to execute arbitrary code and escalate privileges via crafted webshell file to upload module.

9.8
2023-08-11 CVE-2021-26505 Hello JS Project Unspecified vulnerability in Hello.Js Project Hello.Js 1.18.6

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.

9.8
2023-08-11 CVE-2021-27523 Open Falcon Unspecified vulnerability in Open-Falcon Dashboard 0.2.0

An issue was discovered in open-falcon dashboard version 0.2.0, allows remote attackers to gain, modify, and delete sensitive information via crafted POST request to register interface.

9.8
2023-08-11 CVE-2021-28411 Ruoyi Improper Privilege Management vulnerability in Ruoyi 3.4.0

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.

9.8
2023-08-11 CVE-2023-40254 Genians Download of Code Without Integrity Check vulnerability in Genians Genian NAC and Genian Ztna

Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

9.8
2023-08-11 CVE-2023-40267 Gitpython Project Unspecified vulnerability in Gitpython Project Gitpython

GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from.

9.8
2023-08-11 CVE-2023-3824 PHP
Fedoraproject
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 

9.8
2023-08-11 CVE-2023-40253 Genians Improper Authentication vulnerability in Genians Genian NAC and Genian Ztna

Improper Authentication vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Authentication Abuse.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15.

9.8
2023-08-11 CVE-2023-40256 Veritas Improper Certificate Validation vulnerability in Veritas Netbackup Snapshot Manager

A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service.

9.8
2023-08-11 CVE-2023-25775 Intel Unspecified vulnerability in Intel Ethernet Controller Rdma Driver for Linux

Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2023-08-10 CVE-2023-32560 Ivanti Out-of-bounds Write vulnerability in Ivanti Avalanche

An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for finding and reporting. Fixed in version 6.4.1.

9.8
2023-08-10 CVE-2023-32562 Ivanti Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution.

9.8
2023-08-10 CVE-2023-32563 Ivanti Path Traversal vulnerability in Ivanti Avalanche

An unauthenticated attacker could achieve the code execution through a RemoteControl server.

9.8
2023-08-10 CVE-2023-32564 Ivanti Unrestricted Upload of File with Dangerous Type vulnerability in Ivanti Avalanche

An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution.

9.8
2023-08-10 CVE-2023-39805 Idreamsoft SQL Injection vulnerability in Idreamsoft Icms 7.0.16

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

9.8
2023-08-10 CVE-2023-39806 Idreamsoft SQL Injection vulnerability in Idreamsoft Icms 7.0.16

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

9.8
2023-08-10 CVE-2023-32567 Ivanti XXE vulnerability in Ivanti Avalanche

Ivanti Avalanche decodeToMap XML External Entity Processing.

9.8
2023-08-10 CVE-2023-35085 UI Integer Overflow or Wraparound vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware

An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.50 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update the UniFi Switches to Version 6.5.59 or later.

9.8
2023-08-10 CVE-2023-38034 UI Command Injection vulnerability in UI Unifi Switch Firmware and Unifi UAP Firmware

A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products: All UniFi Access Points (Version 6.5.53 and earlier) All UniFi Switches (Version 6.5.32 and earlier) -USW Flex Mini excluded. Mitigation: Update UniFi Access Points to Version 6.5.62 or later. Update UniFi Switches to Version 6.5.59 or later.

9.8
2023-08-10 CVE-2023-39966 Fit2Cloud Missing Authorization vulnerability in Fit2Cloud 1Panel 1.4.3

1Panel is an open source Linux server operation and maintenance management panel.

9.8
2023-08-10 CVE-2023-36311 Phpjabbers SQL Injection vulnerability in PHPjabbers Document Creator 1.0

There is a SQL injection (SQLi) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

9.8
2023-08-10 CVE-2023-39776 Phpjabbers Unrestricted Upload of File with Dangerous Type vulnerability in PHPjabbers Ticket Support Script 3.2

A File Upload vulnerability in PHPJabbers Ticket Support Script v3.2 allows attackers to execute arbitrary code via uploading a crafted file.

9.8
2023-08-10 CVE-2023-37734 Ezsoftmagic Classic Buffer Overflow vulnerability in Ezsoftmagic MP3 Audio Converter 2.7.3.700

EZ softmagic MP3 Audio Converter 2.7.3.700 was discovered to contain a buffer overflow.

9.8
2023-08-10 CVE-2023-37069 Online Hospital Management System Project SQL Injection vulnerability in Online Hospital Management System Project Online Hospital Management System 1.0

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application.

9.8
2023-08-10 CVE-2023-26311 Oppo Unspecified vulnerability in Oppo Store 1.5.11

A remote code execution vulnerability in the webview component of OPPO Store app.

9.8
2023-08-10 CVE-2023-26309 Oneplus Unspecified vulnerability in Oneplus Store 3.3.0

A remote code execution vulnerability in the webview component of OnePlus Store app.

9.8
2023-08-10 CVE-2023-30699 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.

9.8
2023-08-09 CVE-2023-37068 Sherlock SQL Injection vulnerability in Sherlock GYM Management System 1.0

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation.

9.8
2023-08-09 CVE-2023-39001 Opnsense Command Injection vulnerability in Opnsense

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.

9.8
2023-08-09 CVE-2023-39004 Opnsense Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.

9.8
2023-08-09 CVE-2023-39008 Opnsense Command Injection vulnerability in Opnsense

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.

9.8
2023-08-09 CVE-2023-39969 Trailofbits Improper Verification of Cryptographic Signature vulnerability in Trailofbits Uthenticode

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures.

9.8
2023-08-09 CVE-2023-34545 Cskaza SQL Injection vulnerability in Cskaza Cszcms 1.3.0

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.

9.8
2023-08-09 CVE-2023-3632 Kunduz Use of Hard-coded Cryptographic Key vulnerability in Kunduz

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before 6.2.3.

9.8
2023-08-09 CVE-2023-26310 Oppo Command Injection vulnerability in Oppo Coloros 12.3

There is a command injection problem in the old version of the mobile phone backup app.

9.8
2023-08-08 CVE-2023-39213 Zoom Injection vulnerability in Zoom Virtual Desktop Infrastructure and Zoom

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8
2023-08-08 CVE-2023-40041 Totolink Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so.

9.8
2023-08-08 CVE-2023-40042 Totolink Out-of-bounds Write vulnerability in Totolink T10 V2 Firmware 5.9C.5061B20200511

TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so.

9.8
2023-08-08 CVE-2023-20586 AMD Unspecified vulnerability in AMD Radeon Software

A potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege.

9.8
2023-08-08 CVE-2023-21709 Microsoft Improper Restriction of Excessive Authentication Attempts vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

9.8
2023-08-08 CVE-2023-35385 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8
2023-08-08 CVE-2023-36534 Zoom Path Traversal vulnerability in Zoom

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8
2023-08-08 CVE-2023-36903 Microsoft Unspecified vulnerability in Microsoft products

Windows System Assessment Tool Elevation of Privilege Vulnerability

9.8
2023-08-08 CVE-2023-36910 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8
2023-08-08 CVE-2023-36911 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

9.8
2023-08-08 CVE-2023-38186 Microsoft Unspecified vulnerability in Microsoft products

Windows Mobile Device Management Elevation of Privilege Vulnerability

9.8
2023-08-08 CVE-2023-39216 Zoom Unspecified vulnerability in Zoom

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8
2023-08-08 CVE-2023-39532 Agoric Unspecified vulnerability in Agoric SES

SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments.

9.8
2023-08-08 CVE-2023-3386 A2Technology SQL Injection vulnerability in A2Technology Camera Trap Tracking System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.

9.8
2023-08-08 CVE-2023-3522 A2Technology SQL Injection vulnerability in A2Technology License Portal System

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.

9.8
2023-08-08 CVE-2023-3651 Digital ANT SQL Injection vulnerability in Digital-Ant Digital ANT

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.

9.8
2023-08-08 CVE-2023-37682 Judging Management System Project SQL Injection vulnerability in Judging Management System Project Judging Management System 1.0

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.

9.8
2023-08-08 CVE-2023-3716 Oduyo SQL Injection vulnerability in Oduyo Online Collection

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.

9.8
2023-08-08 CVE-2023-3717 Farmakom SQL Injection vulnerability in Farmakom Remote Administration Console

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.

9.8
2023-08-08 CVE-2022-40510 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

9.8
2023-08-08 CVE-2023-24845 Siemens Unspecified vulnerability in Siemens Ruggedcom ROS

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P.

9.8
2023-08-08 CVE-2023-28561 Qualcomm Out-of-bounds Write vulnerability in Qualcomm Qcn7606 Firmware

Memory corruption in QESL while processing payload from external ESL device to firmware.

9.8
2023-08-08 CVE-2023-37372 Siemens SQL Injection vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4).

9.8
2023-08-08 CVE-2023-3898 Mayanets SQL Injection vulnerability in Mayanets E-Commerce

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.

9.8
2023-08-08 CVE-2023-39976 Clusterlabs Classic Buffer Overflow vulnerability in Clusterlabs Libqb

log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.

9.8
2023-08-08 CVE-2023-37483 SAP Improper Access Control vulnerability in SAP Powerdesigner 16.7

SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.

9.8
2023-08-08 CVE-2023-39439 SAP Unspecified vulnerability in SAP Commerce Cloud and Commerce Hycom

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

9.8
2023-08-07 CVE-2023-39526 Prestashop SQL Injection vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

9.8
2023-08-07 CVE-2023-38704 Datadoghq Unspecified vulnerability in Datadoghq Import-In-The-Middle

import-in-the-middle is a module loading interceptor specifically for ESM modules.

9.8
2023-08-07 CVE-2023-39524 Prestashop SQL Injection vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

9.8
2023-08-07 CVE-2023-4201 Mayurik SQL Injection vulnerability in Mayurik Inventory Management System 1.0

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical.

9.8
2023-08-07 CVE-2023-38928 Netgear Command Injection vulnerability in Netgear R7100Lg Firmware 1.0.0.78

Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.

9.8
2023-08-07 CVE-2023-38929 Tenda Out-of-bounds Write vulnerability in Tenda 4G300 Firmware 1.01.42

Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer.

9.8
2023-08-07 CVE-2023-38930 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.

9.8
2023-08-07 CVE-2023-38931 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.

9.8
2023-08-07 CVE-2023-38932 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.

9.8
2023-08-07 CVE-2023-38933 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.

9.8
2023-08-07 CVE-2023-38934 Tenda Out-of-bounds Write vulnerability in Tenda F1203 Firmware, Fh1203 Firmware and Fh1205 Firmware

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.

9.8
2023-08-07 CVE-2023-38935 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.

9.8
2023-08-07 CVE-2023-38936 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.

9.8
2023-08-07 CVE-2023-38937 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.

9.8
2023-08-07 CVE-2023-38938 Tenda Out-of-bounds Write vulnerability in Tenda products

Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.

9.8
2023-08-07 CVE-2023-38939 Tenda Out-of-bounds Write vulnerability in Tenda F1202 Firmware and Fh1202 Firmware

Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.

9.8
2023-08-07 CVE-2023-38940 Tenda Out-of-bounds Write vulnerability in Tenda F1203 Firmware, Fh1203 Firmware and Fh1205 Firmware

Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.

9.8
2023-08-07 CVE-2023-4200 Mayurik SQL Injection vulnerability in Mayurik Inventory Management System 1.0

A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical.

9.8
2023-08-07 CVE-2023-23757 Bestaddon SQL Injection vulnerability in Bestaddon Gallery

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

9.8
2023-08-07 CVE-2023-23758 Creative Solutions SQL Injection vulnerability in Creative-Solutions Creative Gallery

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

9.8
2023-08-07 CVE-2023-34476 Mooj SQL Injection vulnerability in Mooj Proforms

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

9.8
2023-08-07 CVE-2023-34477 Braincert SQL Injection vulnerability in Braincert Virtual Classroom

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

9.8
2023-08-07 CVE-2023-38044 Hikashop SQL Injection vulnerability in Hikashop

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.

9.8
2023-08-07 CVE-2023-32090 Pega Improper Authentication vulnerability in Pega Platform

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

9.8
2023-08-07 CVE-2023-4192 Resort Reservation System Project SQL Injection vulnerability in Resort Reservation System Project Resort Reservation System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0.

9.8
2023-08-07 CVE-2023-4193 Resort Reservation System Project SQL Injection vulnerability in Resort Reservation System Project Resort Reservation System 1.0

A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical.

9.8
2023-08-11 CVE-2022-29887 Intel Cross-site Scripting vulnerability in Intel Manageability Commander

Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.6
2023-08-11 CVE-2023-27515 Intel Cross-site Scripting vulnerability in Intel Driver & Support Assistant

Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow unauthenticated user to potentially enable escalation of privilege via network access.

9.6
2023-08-09 CVE-2023-39007 Opnsense Cross-site Scripting vulnerability in Opnsense

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.

9.6
2023-08-08 CVE-2023-3526 Phoenixcontact Cross-site Scripting vulnerability in Phoenixcontact products

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.

9.6
2023-08-13 CVE-2021-46895 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of defects introduced in the design process in the Multi-Device Task Center.

9.1
2023-08-13 CVE-2023-39385 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of configuration defects in the media module of certain products..

9.1
2023-08-13 CVE-2023-39398 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-13 CVE-2023-39399 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-13 CVE-2023-39400 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-13 CVE-2023-39401 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-13 CVE-2023-39402 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-13 CVE-2023-39403 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Parameter verification vulnerability in the installd module.

9.1
2023-08-11 CVE-2020-27514 Zrlog Path Traversal vulnerability in Zrlog 2.1.5

Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).

9.1
2023-08-11 CVE-2023-40260 Empowerid Improper Authentication vulnerability in Empowerid 7.205.0.0

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled).

9.1
2023-08-10 CVE-2023-32565 Ivanti Unspecified vulnerability in Ivanti Avalanche

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

9.1
2023-08-10 CVE-2023-32566 Ivanti Unspecified vulnerability in Ivanti Avalanche

An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack.

9.1
2023-08-09 CVE-2023-33241 Gg20 Project
Gg18 Project
Injection vulnerability in multiple products

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof.

9.1
2023-08-09 CVE-2023-33468 Kramerav Incorrect Authorization vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device.

9.1
2023-08-09 CVE-2023-33934 Apache HTTP Request Smuggling vulnerability in Apache Traffic Server

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

9.1
2023-08-07 CVE-2023-39525 Prestashop Path Traversal vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

9.1
2023-08-07 CVE-2023-39529 Prestashop Unspecified vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

9.1
2023-08-07 CVE-2023-39530 Prestashop Improper Input Validation vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

9.1
2023-08-08 CVE-2023-37490 SAP Uncontrolled Search Path Element vulnerability in SAP Businessobjects Business Intelligence 420/430

SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process.

9.0

342 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-11 CVE-2020-23595 Yzmcms Cross-Site Request Forgery (CSRF) vulnerability in Yzmcms 5.6

Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint.

8.8
2023-08-11 CVE-2020-24922 Xuxueli Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.2.0

Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file.

8.8
2023-08-11 CVE-2020-24950 Thedaylightstudio SQL Injection vulnerability in Thedaylightstudio Fuel CMS 1.4.9

SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items.

8.8
2023-08-11 CVE-2020-28848 Churchcrm Injection vulnerability in Churchcrm 4.2.0

CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.

8.8
2023-08-11 CVE-2020-36037 Wuzhicms Unspecified vulnerability in Wuzhicms 4.1.0

An issue was disocvered in wuzhicms version 4.1.0, allows remote attackers to execte arbitrary code via the setting parameter to the ueditor in index.php.

8.8
2023-08-11 CVE-2021-29378 Pearadmin SQL Injection vulnerability in Pearadmin Pear Admin Think 2.1.2

SQL Injection in pear-admin-think version 2.1.2, allows attackers to execute arbitrary code and escalate privileges via crafted GET request to Crud.php.

8.8
2023-08-11 CVE-2023-32267 Microfocus Unspecified vulnerability in Microfocus Arcsight Management Center

A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Management Center.

8.8
2023-08-11 CVE-2023-39417 Postgresql
Redhat
Debian
SQL Injection vulnerability in multiple products

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or "").

8.8
2023-08-11 CVE-2023-28380 Intel Uncontrolled Search Path Element vulnerability in Intel AI Hackathon

Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

8.8
2023-08-10 CVE-2023-31209 Tribe29 Injection vulnerability in Tribe29 Checkmk

Improper neutralization of active check command arguments in Checkmk < 2.1.0p32, < 2.0.0p38, < 2.2.0p4 leads to arbitrary command execution for authenticated users.

8.8
2023-08-10 CVE-2023-4276 Johnkolbert Unspecified vulnerability in Johnkolbert Absolute Privacy 2.1

The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.

8.8
2023-08-09 CVE-2023-38348 LW Systems Cross-Site Request Forgery (CSRF) vulnerability in Lw-Systems Benno Mailarchiv

A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1.

8.8
2023-08-09 CVE-2022-48591 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the vendor_state parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48592 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the vendor_country parameter of the “vendor print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48593 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “topology data service” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48594 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “ticket watchers email” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48595 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “ticket template watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48596 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “ticket queue watchers” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48597 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “ticket event report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48598 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “reporter events type date” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48599 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “reporter events type” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48600 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “notes view” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48601 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “network print report” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48602 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “message viewer print” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48603 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “message viewer iframe” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48604 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “logging export” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48580 Sciencelogic OS Command Injection vulnerability in Sciencelogic SL1

A command injection vulnerability exists in the ARP ping device tool feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command.

8.8
2023-08-09 CVE-2022-48581 Sciencelogic OS Command Injection vulnerability in Sciencelogic SL1

A command injection vulnerability exists in the “dash export” feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command.

8.8
2023-08-09 CVE-2022-48582 Sciencelogic OS Command Injection vulnerability in Sciencelogic SL1

A command injection vulnerability exists in the ticket report generate feature of the ScienceLogic SL1 that takes unsanitized user controlled input and passes it directly to a shell command.

8.8
2023-08-09 CVE-2022-48583 Sciencelogic OS Command Injection vulnerability in Sciencelogic SL1

A command injection vulnerability exists in the dashboard scheduler feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command.

8.8
2023-08-09 CVE-2022-48584 Sciencelogic OS Command Injection vulnerability in Sciencelogic SL1

A command injection vulnerability exists in the download and convert report feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a shell command.

8.8
2023-08-09 CVE-2022-48585 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “admin brand portal” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48586 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “json walker” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48587 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “schedule editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48588 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “schedule editor decoupled” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48589 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “reporting job editor” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2022-48590 Sciencelogic SQL Injection vulnerability in Sciencelogic SL1

A SQL injection vulnerability exists in the “admin dynamic app mib errors” feature of the ScienceLogic SL1 that takes unsanitized user-controlled input and passes it directly to a SQL query.

8.8
2023-08-09 CVE-2023-31452 Paessler Cross-Site Request Forgery (CSRF) vulnerability in Paessler Prtg Network Monitor

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request.

8.8
2023-08-09 CVE-2023-37861 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a certificate to the device.

8.8
2023-08-09 CVE-2023-2905 Cesanta Out-of-bounds Write vulnerability in Cesanta Mongoose 7.10

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration.

8.8
2023-08-09 CVE-2023-4243 Full Unrestricted Upload of File with Dangerous Type vulnerability in Full - Customer

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization.

8.8
2023-08-08 CVE-2023-36899 Microsoft Unspecified vulnerability in Microsoft .Net Framework

ASP.NET Elevation of Privilege Vulnerability

8.8
2023-08-08 CVE-2023-29328 Microsoft Unspecified vulnerability in Microsoft Teams

Microsoft Teams Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-29330 Microsoft Unspecified vulnerability in Microsoft Teams

Microsoft Teams Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-35368 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-35381 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Service Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-35387 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability

8.8
2023-08-08 CVE-2023-36541 Zoom Insufficient Verification of Data Authenticity vulnerability in Zoom

Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.

8.8
2023-08-08 CVE-2023-36882 Microsoft Unspecified vulnerability in Microsoft products

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-38169 Microsoft Unspecified vulnerability in Microsoft products

Microsoft SQL OLE DB Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-38181 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Spoofing Vulnerability

8.8
2023-08-08 CVE-2023-38185 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.8
2023-08-08 CVE-2023-38759 Wger Cross-Site Request Forgery (CSRF) vulnerability in Wger Workout Manager 2.2.0

Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.

8.8
2023-08-08 CVE-2023-27411 Siemens SQL Injection vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4).

8.8
2023-08-08 CVE-2023-37569 Esds CO OS Command Injection vulnerability in Esds.Co Emagic Data Center Management

This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component.

8.8
2023-08-08 CVE-2023-37570 Esds CO Insufficient Session Expiration vulnerability in Esds.Co Emagic Data Center Management

This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie.

8.8
2023-08-08 CVE-2023-3570 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.

8.8
2023-08-08 CVE-2023-3571 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.

8.8
2023-08-08 CVE-2023-3573 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.

8.8
2023-08-08 CVE-2023-37491 SAP Improper Authorization vulnerability in SAP Message Server

The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server.

8.8
2023-08-07 CVE-2023-39523 Nexb Command Injection vulnerability in Nexb Scancode.Io

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines.

8.8
2023-08-07 CVE-2023-36499 Netgear Classic Buffer Overflow vulnerability in Netgear Xr300 Firmware 1.0.3.78

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.

8.8
2023-08-07 CVE-2023-38412 Netgear Classic Buffer Overflow vulnerability in Netgear R6900P Firmware 1.3.3.154

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.

8.8
2023-08-07 CVE-2023-38591 Netgear Classic Buffer Overflow vulnerability in Netgear Dg834Gv5 Firmware 1.6.01.34

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.

8.8
2023-08-07 CVE-2023-38921 Netgear Command Injection vulnerability in Netgear Wag302V2 Firmware and Wg302V2 Firmware

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.

8.8
2023-08-07 CVE-2023-38922 Netgear Classic Buffer Overflow vulnerability in Netgear products

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.

8.8
2023-08-07 CVE-2023-38925 Netgear Classic Buffer Overflow vulnerability in Netgear Dc112A Firmware, Ex6200 Firmware and R6300V2 Firmware

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.

8.8
2023-08-07 CVE-2023-38926 Netgear Classic Buffer Overflow vulnerability in Netgear Ex6200 Firmware 1.0.3.94

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.

8.8
2023-08-07 CVE-2023-39550 Netgear Classic Buffer Overflow vulnerability in Netgear products

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.

8.8
2023-08-07 CVE-2023-2843 Multiparcels Unspecified vulnerability in Multiparcels Shipping for Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.

8.8
2023-08-07 CVE-2023-39528 Prestashop Path Traversal vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

8.6
2023-08-09 CVE-2023-37862 Phoenixcontact Missing Authorization vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API.

8.2
2023-08-10 CVE-2023-39954 Nextcloud Missing Encryption of Sensitive Data vulnerability in Nextcloud User Oidc

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform.

8.1
2023-08-09 CVE-2023-33242 Lindell17 Project Injection vulnerability in Lindell17 Project Lindell17

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of not adhering to the paper's security proof's assumption regarding handling aborts after a failed signature.

8.1
2023-08-08 CVE-2023-39214 Zoom Exposure of Resource to Wrong Sphere vulnerability in Zoom Meeting Software Development Kit, Rooms and Zoom

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

8.1
2023-08-07 CVE-2023-39349 Sentry Improper Access Control vulnerability in Sentry

Sentry is an error tracking and performance monitoring platform.

8.1
2023-08-07 CVE-2023-3365 Multiparcels Unspecified vulnerability in Multiparcels Shipping for Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment

8.1
2023-08-11 CVE-2022-44611 Intel Unspecified vulnerability in Intel products

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via adjacent access.

8.0
2023-08-08 CVE-2023-35388 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.0
2023-08-08 CVE-2023-36891 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Spoofing Vulnerability

8.0
2023-08-08 CVE-2023-36892 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Spoofing Vulnerability

8.0
2023-08-08 CVE-2023-38182 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Remote Code Execution Vulnerability

8.0
2023-08-11 CVE-2023-22955 Audiocodes Insufficient Verification of Data Authenticity vulnerability in Audiocodes products

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000.

7.8
2023-08-11 CVE-2020-24222 Rockcarry Classic Buffer Overflow vulnerability in Rockcarry Ffjpeg

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

7.8
2023-08-11 CVE-2020-28840 Matthiaswandel Classic Buffer Overflow vulnerability in Matthiaswandel Jhead

Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).

7.8
2023-08-11 CVE-2021-28427 Xnview Classic Buffer Overflow vulnerability in Xnview 2.49.3

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

7.8
2023-08-11 CVE-2021-28835 Xnview Classic Buffer Overflow vulnerability in Xnview

Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

7.8
2023-08-11 CVE-2022-25864 Intel Uncontrolled Search Path Element vulnerability in Intel Oneapi Math Kernel Library

Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2022-29470 Intel Unspecified vulnerability in Intel Dynamic Tuning Technology

Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2022-29871 Intel Unspecified vulnerability in Intel Converged Security Management Engine Firmware

Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2022-38076 Intel
Fedoraproject
Debian
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.
7.8
2023-08-11 CVE-2022-43456 Intel Untrusted Search Path vulnerability in Intel Rapid Storage Technology

Uncontrolled search path in some Intel(R) RST software before versions 16.8.5.1014.5, 17.11.3.1010.2, 18.7.6.1011.2 and 19.5.2.1049.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2022-45112 Intel Unspecified vulnerability in Intel Virtual Raid on CPU

Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-25182 Intel Uncontrolled Search Path Element vulnerability in Intel Unite

Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-25773 Intel Unspecified vulnerability in Intel Unite

Improper access control in the Intel(R) Unite(R) Hub software installer for Windows before version 4.2.34962 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-25944 Intel Uncontrolled Search Path Element vulnerability in Intel Vcust Tool

Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-26587 Intel Improper Input Validation vulnerability in Intel Easy Streaming Wizard

Improper input validation for the Intel(R) Easy Streaming Wizard software may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-27505 Intel Incorrect Default Permissions vulnerability in Intel Advanced Link Analyzer

Incorrect default permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installers before version 22.1 .1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-27506 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Optimization for Tensorflow

Improper buffer restrictions in the Intel(R) Optimization for Tensorflow software before version 2.12 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-27509 Intel Unspecified vulnerability in Intel Ispc Software Installer

Improper access control in some Intel(R) ISPC software installers before version 1.19.0 may allow an authenticated user to potentially enable escalation of privileges via local access.

7.8
2023-08-11 CVE-2023-28405 Intel Uncontrolled Search Path Element vulnerability in Intel Openvino 2018

Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-28658 Intel Incorrect Permission Assignment for Critical Resource vulnerability in Intel Oneapi Math Kernel Library

Insecure inherited permissions in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-29151 Intel Uncontrolled Search Path Element vulnerability in Intel Platform Service Record Software Development KIT

Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-31246 Intel Incorrect Default Permissions vulnerability in Intel Server Debug and Provisioning Tool

Incorrect default permissions in some Intel(R) SDP Tool software before version 1.4 build 5 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-32543 Intel Incorrect Default Permissions vulnerability in Intel Intelligent Test System

Incorrect default permissions in the Intel(R) ITS sofware before version 3.1 may allow authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-32547 Topconpositioning Incorrect Default Permissions vulnerability in Topconpositioning Mavinci Desktop

Incorrect default permissions in the MAVinci Desktop Software for Intel(R) Falcon 8+ before version 6.2 may allow authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-32656 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-32663 Intel Incorrect Default Permissions vulnerability in Intel Realsense Software Development KIT

Incorrect default permissions in some Intel(R) RealSense(TM) SDKs in version 2.53.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-33867 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Improper buffer restrictions in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-33877 Intel Out-of-bounds Write vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Out-of-bounds write in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-34427 Intel Unspecified vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Protection mechanism failure in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2023-08-11 CVE-2023-34438 Intel Race Condition vulnerability in Intel products

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2023-08-10 CVE-2023-28129 Ivanti Unspecified vulnerability in Ivanti Desktop & Server Management 2022.2

DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user.

7.8
2023-08-10 CVE-2023-39963 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

7.8
2023-08-10 CVE-2023-4128 Linux
Redhat
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel.

7.8
2023-08-10 CVE-2022-47636 Outsystems Uncontrolled Search Path Element vulnerability in Outsystems Service Studio 11.53.30

A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739.

7.8
2023-08-10 CVE-2023-39957 Nextcloud Path Traversal vulnerability in Nextcloud Talk

Nextcloud Talk Android allows users to place video and audio calls through Nextcloud on Android.

7.8
2023-08-10 CVE-2023-29320 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Violation of Secure Design Principles vulnerability that could result in arbitrary code execution in the context of the current user by bypassing the API blacklisting feature.

7.8
2023-08-10 CVE-2023-38222 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38223 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38224 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38225 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38226 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38227 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38228 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38229 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38231 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38233 Adobe Out-of-bounds Write vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38234 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-38246 Adobe Access of Uninitialized Pointer vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-10 CVE-2023-30679 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30680 Samsung Improper Privilege Management vulnerability in Samsung Android 12.0/13.0

Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.

7.8
2023-08-10 CVE-2023-30681 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

7.8
2023-08-10 CVE-2023-30686 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30687 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30688 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30689 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30691 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.

7.8
2023-08-10 CVE-2023-30693 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30694 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

7.8
2023-08-10 CVE-2023-30695 Samsung Out-of-bounds Write vulnerability in Samsung products

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to &quot;SAMSUNG ELECTONICS, CO, LTD.

7.8
2023-08-10 CVE-2023-30696 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

7.8
2023-08-10 CVE-2023-30697 Samsung Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0

An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

7.8
2023-08-10 CVE-2023-30702 Samsung Out-of-bounds Write vulnerability in Samsung products

Stack overflow vulnerability in SSHDCPAPP TA prior to &quot;SAMSUNG ELECTONICS, CO, LTD.

7.8
2023-08-09 CVE-2023-33469 Kramerav Code Injection vulnerability in Kramerav VIA Connect2 Firmware and VIA GO2 Firmware

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local code execution at the root level.

7.8
2023-08-09 CVE-2023-38211 Adobe Use After Free vulnerability in Adobe Dimension

Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-09 CVE-2023-38212 Adobe Heap-based Buffer Overflow vulnerability in Adobe Dimension

Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2023-08-08 CVE-2023-39211 Zoom Improper Privilege Management vulnerability in Zoom Rooms and Zoom

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

7.8
2023-08-08 CVE-2023-36344 Dieboldnixdorf Uncontrolled Search Path Element vulnerability in Dieboldnixdorf Vynamic View

An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.

7.8
2023-08-08 CVE-2023-20555 AMD Out-of-bounds Write vulnerability in AMD products

Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM.

7.8
2023-08-08 CVE-2023-20562 AMD Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.

7.8
2023-08-08 CVE-2023-35359 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-35371 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-35372 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-35379 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-35380 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-35382 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-35386 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-35390 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET and Visual Studio Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36540 Zoom Untrusted Search Path vulnerability in Zoom

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

7.8
2023-08-08 CVE-2023-36865 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36866 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Visio Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36895 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36896 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36898 Microsoft Unspecified vulnerability in Microsoft Windows 11 21H2

Tablet Windows User Interface Application Core Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-36900 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-36904 Microsoft Unspecified vulnerability in Microsoft products

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-38154 Microsoft Unspecified vulnerability in Microsoft Windows 10 1809 and Windows Server 2019

Windows Kernel Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-38170 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability

7.8
2023-08-08 CVE-2023-38175 Microsoft Unspecified vulnerability in Microsoft Windows Defender

Microsoft Windows Defender Elevation of Privilege Vulnerability

7.8
2023-08-08 CVE-2023-37646 Bitberry Path Traversal vulnerability in Bitberry File Opener 23.0

An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.

7.8
2023-08-08 CVE-2021-41544 Siemens Uncontrolled Search Path Element vulnerability in Siemens Software Center

A vulnerability has been identified in Siemens Software Center (All versions < V3.0).

7.8
2023-08-08 CVE-2022-39062 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Sicam Toolbox II 07.00/07.01

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10).

7.8
2023-08-08 CVE-2023-21627 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

7.8
2023-08-08 CVE-2023-21643 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption due to untrusted pointer dereference in automotive during system call.

7.8
2023-08-08 CVE-2023-21648 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in RIL while trying to send apdu packet.

7.8
2023-08-08 CVE-2023-21649 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in WLAN while running doDriverCmd for an unspecific command.

7.8
2023-08-08 CVE-2023-21650 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.

7.8
2023-08-08 CVE-2023-21651 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

7.8
2023-08-08 CVE-2023-22666 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory Corruption in Audio while playing amrwbplus clips with modified content.

7.8
2023-08-08 CVE-2023-28537 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption while allocating memory in COmxApeDec module in Audio.

7.8
2023-08-08 CVE-2023-28575 Qualcomm Type Confusion vulnerability in Qualcomm products

The cam_get_device_priv function does not check the type of handle being returned (device/session/link).

7.8
2023-08-08 CVE-2023-28577 Qualcomm Use After Free vulnerability in Qualcomm products

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used.

7.8
2023-08-08 CVE-2023-28830 Siemens Use After Free vulnerability in Siemens products

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5).

7.8
2023-08-08 CVE-2023-30795 Siemens Out-of-bounds Read vulnerability in Siemens JT Open, JT Utilities and Parasolid

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073).

7.8
2023-08-08 CVE-2023-30796 Siemens Out-of-bounds Read vulnerability in Siemens JT Open Toolkit and JT Utilities

A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4).

7.8
2023-08-08 CVE-2023-38524 Siemens NULL Pointer Dereference vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

7.8
2023-08-08 CVE-2023-38525 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

7.8
2023-08-08 CVE-2023-38526 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

7.8
2023-08-08 CVE-2023-38527 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004).

7.8
2023-08-08 CVE-2023-38528 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

7.8
2023-08-08 CVE-2023-38529 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004).

7.8
2023-08-08 CVE-2023-38530 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

7.8
2023-08-08 CVE-2023-38531 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions), Teamcenter Visualization V14.3 (All versions < V14.3.0.9), Teamcenter Visualization V2312 (All versions < V2312.0004).

7.8
2023-08-08 CVE-2023-38641 Siemens Unspecified vulnerability in Siemens Sicam Toolbox II 07.00/07.01

A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10).

7.8
2023-08-08 CVE-2023-38679 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002).

7.8
2023-08-08 CVE-2023-38680 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002).

7.8
2023-08-08 CVE-2023-38681 Siemens Out-of-bounds Write vulnerability in Siemens Tecnomatix 2201/2302

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002).

7.8
2023-08-08 CVE-2023-38682 Siemens Out-of-bounds Read vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5).

7.8
2023-08-08 CVE-2023-38683 Siemens Out-of-bounds Write vulnerability in Siemens Jt2Go and Teamcenter Visualization

A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5).

7.8
2023-08-08 CVE-2023-39181 Siemens Out-of-bounds Write vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39182 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39183 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39184 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39185 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39186 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39187 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39188 Siemens Out-of-bounds Read vulnerability in Siemens Solid Edge

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39419 Siemens Out-of-bounds Write vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7).

7.8
2023-08-08 CVE-2023-39549 Siemens Use After Free vulnerability in Siemens Solid Edge Se2023

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2).

7.8
2023-08-08 CVE-2023-36923 SAP Code Injection vulnerability in SAP Powerdesigner 16.7

SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application.

7.8
2023-08-07 CVE-2023-39520 Cryptomator Improper Privilege Management vulnerability in Cryptomator

Cryptomator encrypts data being stored on cloud infrastructure.

7.8
2023-08-07 CVE-2023-4147 Linux
Fedoraproject
Redhat
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID.

7.8
2023-08-07 CVE-2023-3896 VIM Divide By Zero vulnerability in VIM 9.0.1367

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3

7.8
2023-08-10 CVE-2023-39962 Nextcloud Improper Access Control vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

7.7
2023-08-13 CVE-2023-39386 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameters being not strictly verified in the PMS module.

7.5
2023-08-13 CVE-2023-39390 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameter verification in certain APIs in the window management module.

7.5
2023-08-13 CVE-2023-39391 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of system file information leakage in the USB Service module.

7.5
2023-08-13 CVE-2023-39394 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of API privilege escalation in the wifienhance module.

7.5
2023-08-13 CVE-2023-39395 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Mismatch vulnerability in the serialization process in the communication system.

7.5
2023-08-13 CVE-2023-39397 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

Input parameter verification vulnerability in the communication system.

7.5
2023-08-13 CVE-2023-39404 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameter verification in certain APIs in the window management module.

7.5
2023-08-13 CVE-2023-39406 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the XLayout component.

7.5
2023-08-13 CVE-2023-39380 Huawei Improper Authentication vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the audio module.

7.5
2023-08-13 CVE-2023-39381 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Input verification vulnerability in the storage module.

7.5
2023-08-13 CVE-2023-39382 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Input verification vulnerability in the audio module.

7.5
2023-08-13 CVE-2023-39383 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameters being not strictly verified in the AMS module.

7.5
2023-08-13 CVE-2023-39384 Huawei Incorrect Authorization vulnerability in Huawei Emui and Harmonyos

Vulnerability of incomplete permission verification in the input method module.

7.5
2023-08-13 CVE-2023-39388 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameters being not strictly verified in the PMS module.

7.5
2023-08-13 CVE-2023-39389 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

Vulnerability of input parameters being not strictly verified in the PMS module.

7.5
2023-08-13 CVE-2023-39392 Huawei Improper Verification of Cryptographic Signature vulnerability in Huawei Emui and Harmonyos

Vulnerability of insecure signatures in the OsuLogin module.

7.5
2023-08-13 CVE-2023-39393 Huawei Improper Verification of Cryptographic Signature vulnerability in Huawei Emui and Harmonyos

Vulnerability of insecure signatures in the ServiceWifiResources module.

7.5
2023-08-13 CVE-2023-39396 Huawei Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos

Deserialization vulnerability in the input module.

7.5
2023-08-11 CVE-2023-22956 Audiocodes Use of Hard-coded Credentials vulnerability in Audiocodes products

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000.

7.5
2023-08-11 CVE-2023-22957 Audiocodes Use of Hard-coded Credentials vulnerability in Audiocodes products

An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000.

7.5
2023-08-11 CVE-2020-35139 Facuet Infinite Loop vulnerability in Facuet RYU 4.34

An issue was discovered in OFPBundleCtrlMsg in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

7.5
2023-08-11 CVE-2020-35141 Facuet Infinite Loop vulnerability in Facuet RYU 4.34

An issue was discovered in OFPQueueGetConfigReply in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).

7.5
2023-08-11 CVE-2020-36136 Cskaza SQL Injection vulnerability in Cskaza Cszcms 1.2.9

SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.

7.5
2023-08-11 CVE-2020-36138 Ffmpeg NULL Pointer Dereference vulnerability in Ffmpeg 4.3

An issue was discovered in decode_frame in libavcodec/tiff.c in FFmpeg version 4.3, allows remote attackers to cause a denial of service (DoS).

7.5
2023-08-11 CVE-2021-26504 Dgtl Path Traversal vulnerability in Dgtl Huemagic 3.0.0

Directory Traversal vulnerability in Foddy node-red-contrib-huemagic version 3.0.0, allows remote attackers to gain sensitive information via crafted request in res.sendFile API in hue-magic.js.

7.5
2023-08-11 CVE-2023-39534 Eprosima
Debian
Reachable Assertion vulnerability in multiple products

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

7.5
2023-08-11 CVE-2023-39945 Eprosima
Debian
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.
7.5
2023-08-11 CVE-2023-39946 Eprosima
Debian
Out-of-bounds Write vulnerability in multiple products

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

7.5
2023-08-11 CVE-2023-39947 Eprosima
Debian
Out-of-bounds Write vulnerability in multiple products

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

7.5
2023-08-11 CVE-2023-39948 Eprosima
Debian
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.
7.5
2023-08-11 CVE-2023-39949 Eprosima
Debian
Reachable Assertion vulnerability in multiple products

eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group.

7.5
2023-08-11 CVE-2023-39553 Apache Improper Input Validation vulnerability in Apache Apache-Airflow-Providers-Apache-Drill

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server. This issue affects Apache Airflow Drill Provider: before 2.4.3. It is recommended to upgrade to a version that is not affected.

7.5
2023-08-11 CVE-2023-4108 Mattermost Information Exposure Through Log Files vulnerability in Mattermost

Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged

7.5
2023-08-11 CVE-2023-3823 PHP
Fedoraproject
Debian
XXE vulnerability in multiple products

In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded.

7.5
2023-08-11 CVE-2022-36392 Intel Unspecified vulnerability in Intel Converged Security Management Engine Firmware

Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2023-08-10 CVE-2023-32561 Ivanti Unspecified vulnerability in Ivanti Avalanche

A previously generated artifact by an administrator could be accessed by an attacker.

7.5
2023-08-10 CVE-2023-39964 Fit2Cloud Path Traversal vulnerability in Fit2Cloud 1Panel 1.4.3

1Panel is an open source Linux server operation and maintenance management panel.

7.5
2023-08-10 CVE-2023-37543 Cacti Authorization Bypass Through User-Controlled Key vulnerability in Cacti

Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php.

7.5
2023-08-10 CVE-2023-38830 Phpjabbers Exposure of Resource to Wrong Sphere vulnerability in PHPjabbers Yacht Listing Script 1.0

An information leak in PHPJabbers Yacht Listing Script v1.0 allows attackers to export clients' credit card numbers from the Reservations module.

7.5
2023-08-09 CVE-2023-39003 Opnsense Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.

7.5
2023-08-09 CVE-2023-39005 Opnsense Incorrect Permission Assignment for Critical Resource vulnerability in Opnsense

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.

7.5
2023-08-09 CVE-2023-40012 Trailofbits Missing Required Cryptographic Step vulnerability in Trailofbits Uthenticode

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures.

7.5
2023-08-09 CVE-2023-33953 Grpc Excessive Iteration vulnerability in Grpc

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer.

7.5
2023-08-09 CVE-2023-38207 Adobe XML Injection (aka Blind XPath Injection) vulnerability in Adobe Commerce

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read.

7.5
2023-08-09 CVE-2022-47185 Apache Improper Input Validation vulnerability in Apache Traffic Server

Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.

7.5
2023-08-09 CVE-2023-37860 Phoenixcontact Missing Authorization vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon.

7.5
2023-08-09 CVE-2023-39910 Libbitcoin Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Libbitcoin Explorer

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue.

7.5
2023-08-08 CVE-2023-39086 Asus Cleartext Transmission of Sensitive Information vulnerability in Asus Rt-Ac66U B1 Firmware 3.0.0.4.28651665

ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.

7.5
2023-08-08 CVE-2023-35391 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-38180 Microsoft Unspecified vulnerability in Microsoft .Net, Asp.Net Core and Visual Studio 2022

.NET and Visual Studio Denial of Service Vulnerability

7.5
2023-08-08 CVE-2023-39533 Libp2P Allocation of Resources Without Limits or Throttling vulnerability in Libp2P Go-Libp2P 0.28.0/0.29.0

go-libp2p is the Go implementation of the libp2p Networking Stack.

7.5
2023-08-08 CVE-2023-35383 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-36532 Zoom Out-of-bounds Write vulnerability in Zoom Rooms and Zoom

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

7.5
2023-08-08 CVE-2023-36533 Zoom Unspecified vulnerability in Zoom products

Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.

7.5
2023-08-08 CVE-2023-36905 Microsoft Unspecified vulnerability in Microsoft products

Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-36906 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Services Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-36907 Microsoft Unspecified vulnerability in Microsoft products

Windows Cryptographic Services Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-36912 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-08-08 CVE-2023-36913 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Information Disclosure Vulnerability

7.5
2023-08-08 CVE-2023-38172 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

7.5
2023-08-08 CVE-2023-38178 Microsoft Unspecified vulnerability in Microsoft .Net and Visual Studio 2022

.NET Core and Visual Studio Denial of Service Vulnerability

7.5
2023-08-08 CVE-2023-38184 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

7.5
2023-08-08 CVE-2023-39217 Zoom Unspecified vulnerability in Zoom products

Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.

7.5
2023-08-08 CVE-2023-3894 Fasterxml Out-of-bounds Write vulnerability in Fasterxml Jackson-Dataformats-Text

Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS).

7.5
2023-08-08 CVE-2023-38760 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.

7.5
2023-08-08 CVE-2023-38762 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38764 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38765 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38767 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38768 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38769 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38770 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38771 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.

7.5
2023-08-08 CVE-2023-38773 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.

7.5
2023-08-08 CVE-2023-24698 Foswiki Path Traversal vulnerability in Foswiki

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.

7.5
2023-08-08 CVE-2023-2423 Rockwellautomation Incorrect Calculation vulnerability in Rockwellautomation Armor Powerflex Firmware

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log.

7.5
2023-08-08 CVE-2023-33756 Foswiki Path Traversal vulnerability in Foswiki

An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.

7.5
2023-08-08 CVE-2023-4219 Doctors Appointment System Project SQL Injection vulnerability in Doctors Appointment System Project Doctors Appointment System 1.0

A vulnerability was found in SourceCodester Doctors Appointment System 1.0.

7.5
2023-08-08 CVE-2023-21625 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in Network Services due to buffer over-read while the device receives DNS response.

7.5
2023-08-08 CVE-2023-28555 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Transient DOS in Audio while remapping channel buffer in media codec decoding.

7.5
2023-08-08 CVE-2023-37373 Siemens Missing Authentication for Critical Function vulnerability in Siemens Ruggedcom Crossbow 5.2/5.3

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4).

7.5
2023-08-08 CVE-2023-39269 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens Ruggedcom ROS

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NCv2 V4.X, RUGGEDCOM RS416NCv2 V5.X, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNCv2 V4.X, RUGGEDCOM RS416PNCv2 V5.X, RUGGEDCOM RS416Pv2 V4.X, RUGGEDCOM RS416Pv2 V5.X, RUGGEDCOM RS416v2 V4.X, RUGGEDCOM RS416v2 V5.X, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P.

7.5
2023-08-08 CVE-2023-33993 SAP SQL Injection vulnerability in SAP Business ONE 10.0

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data.

7.5
2023-08-08 CVE-2023-37486 SAP Unspecified vulnerability in SAP Commerce Cloud and Commerce Hycom

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted.

7.5
2023-08-07 CVE-2023-4012 Ntpsec Unspecified vulnerability in Ntpsec 1.2.2

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).

7.5
2023-08-07 CVE-2023-4199 Mayurik SQL Injection vulnerability in Mayurik Inventory Management System 1.0

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0.

7.5
2023-08-07 CVE-2023-32783 Zohocorp Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.

7.5
2023-08-07 CVE-2021-24916 Themeum Unspecified vulnerability in Themeum Qubely

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.

7.5
2023-08-07 CVE-2023-0425 ABB Numeric Range Comparison Without Minimum Check vulnerability in ABB products

ABB is aware of vulnerabilities in the product versions listed below.

7.5
2023-08-07 CVE-2023-0426 ABB Stack-based Buffer Overflow vulnerability in ABB products

ABB is aware of vulnerabilities in the product versions listed below.

7.5
2023-08-07 CVE-2022-48579 Rarlab Link Following vulnerability in Rarlab Unrar

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.

7.5
2023-08-11 CVE-2023-22841 Intel Uncontrolled Search Path Element vulnerability in Intel Server Firmware Update Utility

Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-08-11 CVE-2023-23577 Intel Uncontrolled Search Path Element vulnerability in Intel ITE Tech Consumer Infrared Driver

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-08-11 CVE-2023-24016 Intel Uncontrolled Search Path Element vulnerability in Intel Quartus Prime

Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-08-11 CVE-2023-28823 Intel Uncontrolled Search Path Element vulnerability in Intel products

Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-08-11 CVE-2023-34355 Intel Uncontrolled Search Path Element vulnerability in Intel Integrated BMC Video Driver 1.0/1.10.03/2.0

Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2023-08-09 CVE-2023-36673 Avira Cleartext Transmission of Sensitive Information vulnerability in Avira Phantom VPN 2.23.1

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS.

7.3
2023-08-09 CVE-2023-3518 Hashicorp Unspecified vulnerability in Hashicorp Consul 1.16.0

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities.

7.3
2023-08-11 CVE-2021-25857 Supermicro CMS Project Unspecified vulnerability in Supermicro-Cms Project Supermicro-Cms 3.11

An issue was discovered in pcmt superMicro-CMS version 3.11, allows authenticated attackers to execute arbitrary code via the font_type parameter to setup.php.

7.2
2023-08-11 CVE-2023-3864 Snowsoftware SQL Injection vulnerability in Snowsoftware Snow License Manager 9.27/9.29/9.30

Blind SQL injection in a service running in Snow Software license manager from version 8.0.0 up to and including 9.30.1 on Windows allows a logged in user with high privileges to inject SQL commands via the web portal.

7.2
2023-08-11 CVE-2023-25757 Intel Unspecified vulnerability in Intel Unison

Improper access control in some Intel(R) Unison(TM) software before version 10.12 may allow a privileged user to potentially enable escalation of privilege via network access.

7.2
2023-08-11 CVE-2023-35179 Solarwinds Improper Access Control vulnerability in Solarwinds Serv-U 15.4.0

A vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication.

7.2
2023-08-10 CVE-2023-40225 Haproxy HTTP Request Smuggling vulnerability in Haproxy

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6.

7.2
2023-08-09 CVE-2023-38997 Opnsense Path Traversal vulnerability in Opnsense

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.

7.2
2023-08-09 CVE-2023-32781 Paessler Command Injection vulnerability in Paessler Prtg Network Monitor

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor.

7.2
2023-08-09 CVE-2023-32782 Paessler Command Injection vulnerability in Paessler Prtg Network Monitor

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor.

7.2
2023-08-09 CVE-2023-38208 Adobe OS Command Injection vulnerability in Adobe Commerce

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead to arbitrary code execution by an admin-privilege authenticated attacker.

7.2
2023-08-09 CVE-2023-37857 Phoenixcontact Use of Hard-coded Credentials vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing the attacker to create valid session cookies.

7.2
2023-08-09 CVE-2023-37859 Phoenixcontact Improper Privilege Management vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 the SNMP daemon is running with root privileges allowing a remote attacker with knowledge of the SNMPv2 r/w community string to execute system commands as root.

7.2
2023-08-09 CVE-2023-37863 Phoenixcontact OS Command Injection vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

7.2
2023-08-09 CVE-2023-37864 Phoenixcontact Download of Code Without Integrity Check vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device.

7.2
2023-08-08 CVE-2023-38167 Microsoft Unspecified vulnerability in Microsoft Dynamics 365 Business Central 2023

Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability

7.2
2023-08-08 CVE-2023-37687 Phpgurukul SQL Injection vulnerability in PHPgurukul Online Nurse Hiring System 1.0

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.

7.2
2023-08-08 CVE-2023-4009 Mongodb Improper Privilege Management vulnerability in Mongodb OPS Manager Server

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.

7.2
2023-08-07 CVE-2023-36220 Textpattern Path Traversal vulnerability in Textpattern 4.8.8

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.

7.2
2023-08-07 CVE-2023-33913 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed

7.2
2023-08-11 CVE-2022-38973 Intel Unspecified vulnerability in Intel ARC A750 Firmware and ARC A770 Firmware

Improper access control for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow an authenticated user to potentially enable denial of service or infomation disclosure via local access.

7.1
2023-08-10 CVE-2023-23342 Hcltech Unspecified vulnerability in Hcltech HCL Nomad

If certain local files are manipulated in a certain manner, the validation to use the cryptographic keys can be circumvented. 

7.1
2023-08-09 CVE-2023-23347 Hcltech Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Iautomate 6.0/6.1/6.2

HCL DRYiCE iAutomate is affected by the use of a broken cryptographic algorithm.

7.1
2023-08-09 CVE-2023-23346 Hcltech Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hcltech Dryice Mycloud

HCL DRYiCE MyCloud is affected by the use of a broken cryptographic algorithm.

7.1
2023-08-08 CVE-2023-36876 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008 R2

Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability

7.1
2023-08-08 CVE-2023-21626 Qualcomm Improper Authentication vulnerability in Qualcomm products

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

7.1
2023-08-08 CVE-2023-21652 Qualcomm Use of Hard-coded Credentials vulnerability in Qualcomm products

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

7.1
2023-08-09 CVE-2023-24477 Nozominetworks Session Fixation vulnerability in Nozominetworks CMC and Guardian

In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout.

7.0
2023-08-08 CVE-2023-35378 Microsoft Race Condition vulnerability in Microsoft products

Windows Projected File System Elevation of Privilege Vulnerability

7.0
2023-08-08 CVE-2023-38176 Microsoft Unspecified vulnerability in Microsoft Azure Arc-Enabled Servers

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability

7.0
2023-08-08 CVE-2023-28576 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it.

7.0

320 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-12 CVE-2023-4265 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis...

6.8
2023-08-09 CVE-2023-39531 Sentry Improper Authentication vulnerability in Sentry

Sentry is an error tracking and performance monitoring platform.

6.8
2023-08-08 CVE-2023-20589 AMD Unspecified vulnerability in AMD products

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. 

6.8
2023-08-07 CVE-2023-3492 Cmscommander Unspecified vulnerability in Cmscommander WP Shopping Pages 1.14

The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.

6.8
2023-08-11 CVE-2022-27635 Intel
Fedoraproject
Debian
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
6.7
2023-08-11 CVE-2022-36372 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2022-37336 Intel Unspecified vulnerability in Intel products

Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2022-37343 Intel Unspecified vulnerability in Intel products

Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2022-40964 Intel
Fedoraproject
Debian
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
6.7
2023-08-11 CVE-2022-41804 Debian
Fedoraproject
Intel
Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
6.7
2023-08-11 CVE-2022-46329 Intel
Fedoraproject
Debian
Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.
6.7
2023-08-11 CVE-2023-22449 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-27391 Intel Unspecified vulnerability in Intel products

Improper access control in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-28385 Intel Unspecified vulnerability in Intel Next Unit of Computing Firmware

Improper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially enable escalation of privilage via local access.

6.7
2023-08-11 CVE-2023-28714 Intel Unspecified vulnerability in Intel Proset/Wireless Wifi

Improper access control in firmware for some Intel(R) PROSet/Wireless WiFi software for Windows before version 22.220 HF (Hot Fix) may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-28736 Mdadm Project Classic Buffer Overflow vulnerability in Mdadm Project Mdadm

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-29494 Intel Unspecified vulnerability in Intel products

Improper input validation in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-32617 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) NUC Rugged Kit, Intel(R) NUC Kit and Intel(R) Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-11 CVE-2023-34086 Intel Unspecified vulnerability in Intel products

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2023-08-09 CVE-2023-4273 Linux
Fedoraproject
Redhat
Debian
Netapp
Out-of-bounds Write vulnerability in multiple products

A flaw was found in the exFAT driver of the Linux kernel.

6.7
2023-08-07 CVE-2023-20783 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20784 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20786 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In gps, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20795 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In ril, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20797 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In camera middleware, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20804 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In imgsys, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20805 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In imgsys, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20806 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In hcp, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20807 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In dpe, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20808 Google Out-of-bounds Write vulnerability in Google Android 11.0

In OPTEE, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20809 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In vdec, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20811 Google
Linux
Out-of-bounds Write vulnerability in multiple products

In IOMMU, there is a possible out of bounds write due to a missing bounds check.

6.7
2023-08-07 CVE-2023-20814 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds write due to improper input validation.

6.7
2023-08-07 CVE-2023-20815 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds write due to improper input validation.

6.7
2023-08-07 CVE-2023-20816 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds write due to improper input validation.

6.7
2023-08-07 CVE-2023-20817 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds write due to improper input validation.

6.7
2023-08-12 CVE-2023-4293 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Premium Packages - Sell Digital products Securely

The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.7.4 due to insufficient restriction on the 'wpdmpp_update_profile' function.

6.5
2023-08-11 CVE-2020-24804 CMS DEV Information Exposure Through Log Files vulnerability in Cms-Dev CMS 1.4

Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs.

6.5
2023-08-11 CVE-2020-24904 Davesteele Unspecified vulnerability in Davesteele Gnome-Gmail 2.5.4

An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.

6.5
2023-08-11 CVE-2020-36023 Freedesktop Infinite Loop vulnerability in Freedesktop Poppler 20.12.1

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

6.5
2023-08-11 CVE-2021-29057 Thoughtworks Resource Exhaustion vulnerability in Thoughtworks Node-Worker-Threads-Pool 1.4.3

An issue was discovered in StaticPool in SUCHMOKUO node-worker-threads-pool version 1.4.3, allows attackers to cause a denial of service.

6.5
2023-08-11 CVE-2023-4106 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost fails to check if the requesting user is a guest before performing different actions to public playbooks, resulting a guest being able to view, join, edit, export and archive public playbooks.

6.5
2023-08-11 CVE-2023-4107 Mattermost Incorrect Authorization vulnerability in Mattermost

Mattermost fails to properly validate the requesting user permissions when updating a system admin, allowing a user manager to update a system admin's details such as email, first name and last name.

6.5
2023-08-11 CVE-2022-36351 Intel
Fedoraproject
Debian
Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.
6.5
2023-08-11 CVE-2022-40982 Redhat
XEN
Intel
Debian
Netapp
Information Exposure Through Discrepancy vulnerability in multiple products

Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

6.5
2023-08-10 CVE-2023-40235 Opengroup Unspecified vulnerability in Opengroup Archi

An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0.

6.5
2023-08-10 CVE-2023-39952 Nextcloud Improper Access Control vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

6.5
2023-08-10 CVE-2023-4277 Pragmaticmates Unspecified vulnerability in Pragmaticmates Realia 1.4.0

The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0.

6.5
2023-08-09 CVE-2023-38999 Opnsense Cross-Site Request Forgery (CSRF) vulnerability in Opnsense

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

6.5
2023-08-09 CVE-2023-22378 Nozominetworks SQL Injection vulnerability in Nozominetworks CMC and Guardian

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

6.5
2023-08-09 CVE-2023-23574 Nozominetworks SQL Injection vulnerability in Nozominetworks CMC and Guardian

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way.

6.5
2023-08-09 CVE-2023-24471 Nozominetworks Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian

An access control vulnerability was found, due to the restrictions that are applied on actual assertions not being enforced in their debug functionality. An authenticated user with reduced visibility can obtain unauthorized information via the debug functionality, obtaining data that would normally be not accessible in the Query and Assertions functions.

6.5
2023-08-09 CVE-2023-38209 Adobe Incorrect Authorization vulnerability in Adobe Commerce

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Incorrect Authorization vulnerability that could lead to a Security feature bypass.

6.5
2023-08-09 CVE-2023-4239 Webcodingplace Unspecified vulnerability in Webcodingplace Real Estate Manager

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 6.7.1 due to insufficient restriction on the 'rem_save_profile_front' function.

6.5
2023-08-08 CVE-2023-39209 Zoom Improper Input Validation vulnerability in Zoom

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

6.5
2023-08-08 CVE-2023-39951 Linuxfoundation Unspecified vulnerability in Linuxfoundation Opentelemetry Instrumentation for Java

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java.

6.5
2023-08-08 CVE-2023-35376 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

6.5
2023-08-08 CVE-2023-35377 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

6.5
2023-08-08 CVE-2023-35384 Microsoft Unspecified vulnerability in Microsoft products

Windows HTML Platforms Security Feature Bypass Vulnerability

6.5
2023-08-08 CVE-2023-35389 Microsoft Unspecified vulnerability in Microsoft Dynamics 365

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

6.5
2023-08-08 CVE-2023-36535 Zoom Unspecified vulnerability in Zoom

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

6.5
2023-08-08 CVE-2023-36890 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2019

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5
2023-08-08 CVE-2023-36893 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Outlook Spoofing Vulnerability

6.5
2023-08-08 CVE-2023-36894 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2016/2019

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5
2023-08-08 CVE-2023-36897 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Tools for Office Runtime Spoofing Vulnerability

6.5
2023-08-08 CVE-2023-36908 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Information Disclosure Vulnerability

6.5
2023-08-08 CVE-2023-36909 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

6.5
2023-08-08 CVE-2023-38254 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Message Queuing Denial of Service Vulnerability

6.5
2023-08-08 CVE-2023-38763 Churchcrm SQL Injection vulnerability in Churchcrm 5.0.0

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.

6.5
2023-08-08 CVE-2023-36136 Phpjabbers Cleartext Storage of Sensitive Information vulnerability in PHPjabbers Class Scheduling System 1.0

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.

6.5
2023-08-08 CVE-2023-21647 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.

6.5
2023-08-08 CVE-2023-37492 SAP Missing Authorization vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

6.5
2023-08-07 CVE-2023-36054 MIT
Debian
Netapp
Access of Uninitialized Pointer vulnerability in multiple products

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer.

6.5
2023-08-07 CVE-2023-38924 Netgear Classic Buffer Overflow vulnerability in Netgear Dgn3500 Firmware 1.1.00.37

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.

6.5
2023-08-07 CVE-2023-38157 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

6.5
2023-08-07 CVE-2022-38795 Gitea Unspecified vulnerability in Gitea

In Gitea through 1.17.1, repo cloning can occur in the migration function.

6.5
2023-08-07 CVE-2023-20800 Linuxfoundation
Google
In imgsys, there is a possible system crash due to a mssing ptr check.
6.5
2023-08-07 CVE-2023-20802 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In imgsys, there is a possible memory corruption due to improper input validation.

6.5
2023-08-07 CVE-2023-20803 Linuxfoundation
Google
Out-of-bounds Write vulnerability in multiple products

In imgsys, there is a possible memory corruption due to improper input validation.

6.5
2023-08-11 CVE-2023-34349 Intel Race Condition vulnerability in Intel products

Race condition in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

6.4
2023-08-07 CVE-2023-20785 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0/13.0

In audio, there is a possible out of bounds write due to a missing bounds check.

6.4
2023-08-07 CVE-2023-20787 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0

In thermal, there is a possible use after free due to a race condition.

6.4
2023-08-07 CVE-2023-20788 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 12.0

In thermal, there is a possible use after free due to a race condition.

6.4
2023-08-07 CVE-2023-20801 Linuxfoundation
Google
Use After Free vulnerability in multiple products

In imgsys, there is a possible use after free due to a race condition.

6.4
2023-08-09 CVE-2023-36671 Clario Cleartext Transmission of Sensitive Information vulnerability in Clario VPN 5.9.1.1662

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS.

6.3
2023-08-08 CVE-2023-36869 Microsoft Unspecified vulnerability in Microsoft Azure Devops Server

Azure DevOps Server Spoofing Vulnerability

6.3
2023-08-13 CVE-2023-23208 Genesys Cross-site Scripting vulnerability in Genesys Administrator Extension

Genesys Administrator Extension (GAX) before 9.0.105.15 is vulnerable to Cross Site Scripting (XSS) via the Business Structure page of the iWD plugin, aka GAX-11261.

6.1
2023-08-11 CVE-2023-0871 Opennms XXE vulnerability in Opennms Horizon and Meridian

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity (XXE) injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer.

6.1
2023-08-11 CVE-2020-19952 JBT Cross-site Scripting vulnerability in JBT Live (Github-Flavored) Markdown Editor

Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file.

6.1
2023-08-11 CVE-2020-20523 Gilacms Cross-site Scripting vulnerability in Gilacms Gila CMS 1.11.3

Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation.

6.1
2023-08-11 CVE-2020-24075 Laborator Cross-site Scripting vulnerability in Laborator Kalium

Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code.

6.1
2023-08-11 CVE-2020-24872 Lepton CMS Cross-site Scripting vulnerability in Lepton-Cms Leptoncms 4.7.0

Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.

6.1
2023-08-11 CVE-2020-27449 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO 11.1

Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript payload.

6.1
2023-08-11 CVE-2020-28717 Kindsoft Cross-site Scripting vulnerability in Kindsoft Kindeditor 4.1.12

Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor version 4.1.12, allows attackers to execute arbitrary code.

6.1
2023-08-11 CVE-2021-27524 Margox Cross-site Scripting vulnerability in Margox Braft-Editor 2.3.8

Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature.

6.1
2023-08-10 CVE-2023-38333 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Applications Manager

Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.

6.1
2023-08-10 CVE-2023-40224 Misp Cross-site Scripting vulnerability in Misp 2.4.174

MISP 2.4.174 allows XSS in app/View/Events/index.ctp.

6.1
2023-08-10 CVE-2023-36309 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Document Creator v1.0.

6.1
2023-08-10 CVE-2023-36310 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0

There is a Cross Site Scripting (XSS) vulnerability in the "column" parameter of index.php in PHPJabbers Document Creator v1.0.

6.1
2023-08-10 CVE-2023-36313 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Document Creator 1.0

PHPJabbers Document Creator v1.0 is vulnerable to Cross Site Scripting (XSS) via all post parameters of "Export Requests" aside from "request_feed".

6.1
2023-08-10 CVE-2023-36314 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0

There is a Cross Site Scripting (XSS) vulnerability in the value-text-o_sms_email_request_message parameters of index.php in PHPJabbers Callback Widget v1.0.

6.1
2023-08-10 CVE-2023-36315 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Callback Widget v1.0.

6.1
2023-08-10 CVE-2023-39955 Nextcloud Cross-site Scripting vulnerability in Nextcloud Notes

Notes is a note-taking app for Nextcloud, an open-source cloud platform.

6.1
2023-08-10 CVE-2023-28779 Simplecoding Cross-site Scripting vulnerability in Simplecoding Terms Descriptions 3.4.4

Unauth.

6.1
2023-08-10 CVE-2023-39314 TE ST Cross-site Scripting vulnerability in Te-St Leyka

Unauth.

6.1
2023-08-10 CVE-2023-23900 Yikesinc Cross-site Scripting vulnerability in Yikesinc Easy Forms for Mailchimp

Unauth.

6.1
2023-08-10 CVE-2023-30481 Profosbox Cross-site Scripting vulnerability in Profosbox AGP Font Awesome Collection 3.2.4

Unauth.

6.1
2023-08-10 CVE-2023-37988 Creative Solutions Cross-site Scripting vulnerability in Creative-Solutions Contact Form Generator 2.5.5

Unauth.

6.1
2023-08-10 CVE-2022-27861 Arscode Open Redirect vulnerability in Arscode Ninja Popups

Unauth.

6.1
2023-08-09 CVE-2023-38347 LW Systems Cross-site Scripting vulnerability in Lw-Systems Benno Mailarchiv

An issue was discovered in LWsystems Benno MailArchiv 2.10.1.

6.1
2023-08-09 CVE-2023-38998 Opnsense Open Redirect vulnerability in Opnsense

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.

6.1
2023-08-09 CVE-2023-39000 Opnsense Cross-site Scripting vulnerability in Opnsense

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.

6.1
2023-08-09 CVE-2023-39002 Opnsense Cross-site Scripting vulnerability in Opnsense

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1
2023-08-08 CVE-2023-38761 Churchcrm Cross-site Scripting vulnerability in Churchcrm 5.0.0

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.

6.1
2023-08-08 CVE-2023-36306 Adiscon Cross-site Scripting vulnerability in Adiscon Loganalyzer

A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.

6.1
2023-08-08 CVE-2023-3652 Digital ANT Cross-site Scripting vulnerability in Digital-Ant Digital ANT

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.

6.1
2023-08-08 CVE-2023-38384 Syntacticsinc Cross-site Scripting vulnerability in Syntacticsinc Easync

Unauth.

6.1
2023-08-08 CVE-2023-24409 I13Websolution Cross-site Scripting vulnerability in I13Websolution WP Responsive Tabs Horizontal Vertical and Accordion Tabs

Unauth.

6.1
2023-08-08 CVE-2023-24413 I13Websolution Cross-site Scripting vulnerability in I13Websolution Wordpress Vertical Image Slider

Unauth.

6.1
2023-08-08 CVE-2023-27627 Eggemplo Cross-site Scripting vulnerability in Eggemplo Woocommerce Email Report 2.4

Unauth.

6.1
2023-08-08 CVE-2023-27412 Everestthemes Cross-site Scripting vulnerability in Everestthemes Mocho Blog 1.0.4

Unauth.

6.1
2023-08-08 CVE-2023-27421 Everestthemes Cross-site Scripting vulnerability in Everestthemes Everest News 1.1.0

Unauth.

6.1
2023-08-08 CVE-2023-32503 Gtmetrix Cross-site Scripting vulnerability in Gtmetrix

Unauth.

6.1
2023-08-08 CVE-2023-37488 SAP Cross-site Scripting vulnerability in SAP Netweaver Process Integration 7.50

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack.

6.1
2023-08-07 CVE-2023-39527 Prestashop Improper Encoding or Escaping of Output vulnerability in Prestashop

PrestaShop is an open source e-commerce web application.

6.1
2023-08-07 CVE-2023-38045 Admiror Design Studio Cross-site Scripting vulnerability in Admiror-Design-Studio Admiror Gallery

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla.

6.1
2023-08-07 CVE-2023-3524 Wpcode Unspecified vulnerability in Wpcode

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting

6.1
2023-08-07 CVE-2023-3671 Multiparcels Unspecified vulnerability in Multiparcels Shipping for Woocommerce

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1
2023-08-07 CVE-2023-38392 Wpgogo Cross-site Scripting vulnerability in Wpgogo Custom Field Template

Unauth.

6.1
2023-08-08 CVE-2023-36873 Microsoft Unspecified vulnerability in Microsoft .Net Framework

.NET Framework Spoofing Vulnerability

5.9
2023-08-07 CVE-2023-39363 Vyperlang Incorrect Authorization vulnerability in Vyperlang Vyper 0.2.15/0.2.16/0.3.0

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM).

5.9
2023-08-08 CVE-2023-39436 SAP Information Exposure vulnerability in SAP Supplier Relationship Management

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

5.8
2023-08-09 CVE-2023-35838 Wireguard Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wireguard 0.5.3

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked.

5.7
2023-08-09 CVE-2023-36672 Clario Cleartext Transmission of Sensitive Information vulnerability in Clario VPN 5.9.1.1662

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS.

5.7
2023-08-11 CVE-2020-24187 Jerryscript NULL Pointer Dereference vulnerability in Jerryscript 2.3.0

An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference).

5.5
2023-08-11 CVE-2020-24221 Miniupnp Project Infinite Loop vulnerability in Miniupnp Project Ngiflib 0.4

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

5.5
2023-08-11 CVE-2020-35990 Foxit Classic Buffer Overflow vulnerability in Foxit PDF Reader 8.3.2.25013/9.0.1.1049

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

5.5
2023-08-11 CVE-2020-36024 Freedesktop NULL Pointer Dereference vulnerability in Freedesktop Poppler 20.12.1

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

5.5
2023-08-11 CVE-2021-28025 QT Integer Overflow or Wraparound vulnerability in QT

Integer Overflow vulnerability in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allows local attackers to cause a denial of service (DoS).

5.5
2023-08-11 CVE-2021-28429 Ffmpeg Integer Overflow or Wraparound vulnerability in Ffmpeg 4.3.2

Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service (DoS) via crafted .mov file.

5.5
2023-08-11 CVE-2021-3236 VIM NULL Pointer Dereference vulnerability in VIM 8.2.2348

vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.

5.5
2023-08-11 CVE-2022-44612 Intel Use of Hard-coded Credentials vulnerability in Intel Unison

Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.

5.5
2023-08-11 CVE-2023-22338 Intel
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds read in some Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-08-11 CVE-2023-22840 Intel
Fedoraproject
Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access.
5.5
2023-08-11 CVE-2023-28711 Intel Always-Incorrect Control Flow Implementation vulnerability in Intel Hyperscan Library

Insufficient control flow management in the Hyperscan Library maintained by Intel(R) before version 5.4.1 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2023-08-11 CVE-2023-30760 Intel Out-of-bounds Read vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Out-of-bounds read in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-08-11 CVE-2023-32609 Intel Unspecified vulnerability in Intel Unite

Improper access control in the Intel Unite(R) android application before version 4.2.3504 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2023-08-11 CVE-2023-37512 Hcltech Unspecified vulnerability in Hcltech Traveler Companion

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

5.5
2023-08-11 CVE-2023-37513 Hcltech Unspecified vulnerability in Hcltech Traveler to DO

When the app is put to the background and the user goes to the task switcher of iOS, the app snapshot is not blurred which may reveal sensitive information.

5.5
2023-08-10 CVE-2023-40216 Openbsd Missing Authorization vulnerability in Openbsd 7.3

OpenBSD 7.3 before errata 014 is missing an argument-count bounds check in console terminal emulation.

5.5
2023-08-10 CVE-2023-29303 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38210 Adobe Resource Exhaustion vulnerability in Adobe XMP Toolkit Software Development KIT

Adobe XMP Toolkit versions 2022.06 is affected by a Uncontrolled Resource Consumption vulnerability.

5.5
2023-08-10 CVE-2023-38230 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38232 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38235 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38236 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38237 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38238 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38239 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38240 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38241 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38242 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38243 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by a Use-After-Free vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38244 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38245 Adobe Information Exposure vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Information Disclosure vulnerability.

5.5
2023-08-10 CVE-2023-38247 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-38248 Adobe Out-of-bounds Read vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-10 CVE-2023-30654 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.

5.5
2023-08-10 CVE-2023-30698 Samsung Unspecified vulnerability in Samsung Android 13.0

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

5.5
2023-08-10 CVE-2023-30701 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.

5.5
2023-08-10 CVE-2023-30705 Samsung Incorrect Authorization vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4/4.5.41.8

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

5.5
2023-08-09 CVE-2023-38213 Adobe Out-of-bounds Read vulnerability in Adobe Dimension

Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2023-08-08 CVE-2023-39210 Zoom Cleartext Storage of Sensitive Information vulnerability in Zoom Meeting Software Development KIT 5.14.10/5.14.7

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.

5.5
2023-08-08 CVE-2023-39212 Zoom Untrusted Search Path vulnerability in Zoom Rooms

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.

5.5
2023-08-08 CVE-2023-20556 AMD Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.

5.5
2023-08-08 CVE-2023-20561 AMD Unspecified vulnerability in AMD Uprof 3.4.494/3.4.502

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD µProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.

5.5
2023-08-08 CVE-2023-20588 Debian
AMD
XEN
Fedoraproject
Microsoft
Divide By Zero vulnerability in multiple products

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 

5.5
2023-08-08 CVE-2023-36889 Microsoft Unspecified vulnerability in Microsoft products

Windows Group Policy Security Feature Bypass Vulnerability

5.5
2023-08-08 CVE-2023-36914 Microsoft Unspecified vulnerability in Microsoft products

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

5.5
2023-08-08 CVE-2023-38532 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens Parasolid and Teamcenter Visualization

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.3).

5.5
2023-08-07 CVE-2023-27373 Insyde Improper Input Validation vulnerability in Insyde Insydeh2O

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5.

5.5
2023-08-07 CVE-2023-4194 Linux
Redhat
Fedoraproject
Debian
Incorrect Authorization vulnerability in multiple products

A flaw was found in the Linux kernel's TUN/TAP functionality.

5.5
2023-08-07 CVE-2023-33906 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5
2023-08-07 CVE-2023-33907 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In Contacts Service, there is a possible missing permission check.

5.5
2023-08-07 CVE-2023-33908 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In ims service, there is a possible missing permission check.

5.5
2023-08-07 CVE-2023-33909 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5
2023-08-07 CVE-2023-33910 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5
2023-08-07 CVE-2023-33911 Google Missing Authorization vulnerability in Google Android 10.0/11.0/9.0

In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5
2023-08-07 CVE-2023-33912 Google Missing Authorization vulnerability in Google Android 11.0/12.0/13.0

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges

5.5
2023-08-11 CVE-2020-25915 Thinkcmf Cross-site Scripting vulnerability in Thinkcmf 5.1.5

Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login.

5.4
2023-08-11 CVE-2020-28849 Churchcrm Cross-site Scripting vulnerability in Churchcrm

Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.

5.4
2023-08-10 CVE-2023-37625 Netbox Cross-site Scripting vulnerability in Netbox 3.4.7

A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.

5.4
2023-08-10 CVE-2023-36312 Phpjabbers Cross-site Scripting vulnerability in PHPjabbers Callback Widget 1.0

There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0.

5.4
2023-08-10 CVE-2023-23828 Swas Cross-site Scripting vulnerability in Swas WP Category Post List

Auth.

5.4
2023-08-10 CVE-2023-24393 Wpmart Cross-site Scripting vulnerability in Wpmart Animated Number Counters 1.6

Auth.

5.4
2023-08-10 CVE-2023-37983 Keegnotrub Cross-site Scripting vulnerability in Keegnotrub ART Direction

Auth.

5.4
2023-08-10 CVE-2023-4283 Wpdeveloper Unspecified vulnerability in Wpdeveloper Embedpress

The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping on user supplied attributes.

5.4
2023-08-10 CVE-2023-23798 WEB Settler Cross-site Scripting vulnerability in Web-Settler Layer Slider

Auth.

5.4
2023-08-10 CVE-2023-24009 Wpazure Cross-site Scripting vulnerability in Wpazure Upfrontwp 1.1

Auth.

5.4
2023-08-10 CVE-2023-23826 Webmechanix Cross-site Scripting vulnerability in Webmechanix ADD Posts to Pages 1.4.1

Auth.

5.4
2023-08-09 CVE-2023-39006 Opnsense Cross-site Scripting vulnerability in Opnsense

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.

5.4
2023-08-08 CVE-2023-39518 Fobybus Cross-site Scripting vulnerability in Fobybus Social-Media-Skeleton

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML.

5.4
2023-08-08 CVE-2023-38758 Wger Cross-site Scripting vulnerability in Wger Workout Manager 2.2.0

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.

5.4
2023-08-08 CVE-2023-38766 Churchcrm Cross-site Scripting vulnerability in Churchcrm 5.0.0

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.

5.4
2023-08-08 CVE-2023-3653 Digital ANT Cross-site Scripting vulnerability in Digital-Ant Digital ANT

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.

5.4
2023-08-08 CVE-2023-28773 Kolja Nolte Cross-site Scripting vulnerability in Kolja-Nolte Secondary Title

Auth.

5.4
2023-08-08 CVE-2023-30482 Villatheme Cross-site Scripting vulnerability in Villatheme Wpbulky

Auth.

5.4
2023-08-08 CVE-2022-45821 Nootheme Cross-site Scripting vulnerability in Nootheme NOO Timetable 2.1.3

Auth.

5.4
2023-08-08 CVE-2023-23877 Bkmacdaddy Cross-site Scripting vulnerability in Bkmacdaddy Pinterest RSS Widget 2.3.1

Auth.

5.4
2023-08-08 CVE-2023-23880 Monsterinsights Cross-site Scripting vulnerability in Monsterinsights Exactmetrics

Auth.

5.4
2023-08-08 CVE-2023-29099 Elegant Themes Cross-site Scripting vulnerability in Elegant Themes Divi 4.20.2

Auth.

5.4
2023-08-08 CVE-2023-4202 Advantech Cross-site Scripting vulnerability in Advantech products

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.

5.4
2023-08-08 CVE-2023-4203 Advantech Cross-site Scripting vulnerability in Advantech products

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.

5.4
2023-08-08 CVE-2023-39437 SAP Cross-site Scripting vulnerability in SAP Business ONE 10.0

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting.

5.4
2023-08-07 CVE-2023-0604 Wpfoodmanager Unspecified vulnerability in Wpfoodmanager WP Food Manager

The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4
2023-08-07 CVE-2023-3575 Expresstech Unspecified vulnerability in Expresstech Quiz and Survey Master

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attacks

5.4
2023-08-13 CVE-2023-39387 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Vulnerability of permission control in the window management module.

5.3
2023-08-11 CVE-2021-25786 Qpdf Project Use After Free vulnerability in Qpdf Project Qpdf 10.0.4

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

5.3
2023-08-10 CVE-2023-40014 Openzeppelin Improper Encoding or Escaping of Output vulnerability in Openzeppelin products

OpenZeppelin Contracts is a library for secure smart contract development.

5.3
2023-08-10 CVE-2023-39958 Nextcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

5.3
2023-08-10 CVE-2023-39959 Nextcloud Improper Access Control vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

5.3
2023-08-09 CVE-2023-3953 Schneider Electric Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Schneider-Electric Pro-Face Gp-Pro EX

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause memory corruption when an authenticated user opens a tampered log file from GP-Pro EX.

5.3
2023-08-08 CVE-2023-36926 SAP Improper Authentication vulnerability in SAP Host Agent 7.22

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions.

5.3
2023-08-08 CVE-2023-37484 SAP Information Exposure vulnerability in SAP Powerdesigner 16.7

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.

5.3
2023-08-08 CVE-2023-37487 SAP Information Exposure vulnerability in SAP Business ONE 10.0

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application

5.3
2023-08-07 CVE-2023-39903 Fujitsu Cleartext Storage of Sensitive Information vulnerability in Fujitsu Software Infrastructure Manager

An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061.

5.0
2023-08-11 CVE-2021-25856 Supermicro CMS Project Unspecified vulnerability in Supermicro-Cms Project Supermicro-Cms 3.11

An issue was discovered in pcmt superMicro-CMS version 3.11, allows attackers to delete files via crafted image file in images.php.

4.9
2023-08-09 CVE-2023-23903 Nozominetworks Unspecified vulnerability in Nozominetworks CMC and Guardian

An authenticated administrator can upload a SAML configuration file with the wrong format, with the application not checking the correct file format.

4.9
2023-08-09 CVE-2023-37858 Phoenixcontact Missing Encryption of Sensitive Data vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated, remote attacker with admin privileges is able to read hardcoded cryptographic keys allowing to decrypt an encrypted web application login password.

4.9
2023-08-08 CVE-2023-39218 Zoom Unspecified vulnerability in Zoom

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

4.9
2023-08-08 CVE-2023-3569 Phoenixcontact XML Entity Expansion vulnerability in Phoenixcontact products

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.

4.9
2023-08-11 CVE-2023-3937 Snowsoftware Cross-site Scripting vulnerability in Snowsoftware Snow License Manager 9.27/9.29/9.30

Cross site scripting vulnerability in web portal in Snow Software License Manager from version 9.0.0 up to and including 9.30.1 on Windows allows an authenticated user with high privileges to trigger cross site scripting attack via the web browser

4.8
2023-08-10 CVE-2023-37388 Supito Cross-site Scripting vulnerability in Supito Mahato Simple Light Weight Social Share

Auth.

4.8
2023-08-10 CVE-2023-38397 Eggemplo Cross-site Scripting vulnerability in Eggemplo Gestion-Pymes

Auth.

4.8
2023-08-10 CVE-2023-39953 Nextcloud Incorrect Implementation of Authentication Algorithm vulnerability in Nextcloud User Oidc

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform.

4.8
2023-08-10 CVE-2023-24391 Spiderteams Cross-site Scripting vulnerability in Spiderteams Applyonline - Application Form Builder and Manager 2.5

Auth.

4.8
2023-08-10 CVE-2023-34374 Anspress Cross-site Scripting vulnerability in Anspress

Auth.

4.8
2023-08-10 CVE-2023-36530 Smartypantsplugins Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager

Auth.

4.8
2023-08-10 CVE-2023-23871 Webdzier Cross-site Scripting vulnerability in Webdzier Button 1.1.23

Auth.

4.8
2023-08-10 CVE-2022-44629 Catalystconnect Cross-site Scripting vulnerability in Catalystconnect Catalyst Connect Zoho CRM Client Portal 1.0/1.1/2.0.0

Auth.

4.8
2023-08-10 CVE-2023-24389 Brandid Cross-site Scripting vulnerability in Brandid Social Proof (Testimonial) Slider 2.2.3

Auth.

4.8
2023-08-09 CVE-2023-22843 Nozominetworks Cross-site Scripting vulnerability in Nozominetworks CMC and Guardian

An authenticated attacker with administrative access to the appliance can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will later be executed by another legitimate user viewing the details of such a rule. An attacker may be able to perform unauthorized actions on behalf of legitimate users.

4.8
2023-08-08 CVE-2023-26961 Alteryx Cross-site Scripting vulnerability in Alteryx Server 2022.1.1.42590

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files.

4.8
2023-08-08 CVE-2023-25984 Rigorous Digital Cross-site Scripting vulnerability in Rigorous-Digital Dovetail 1.2.13

Auth.

4.8
2023-08-08 CVE-2023-28931 Never5 Cross-site Scripting vulnerability in Never5 Post Connector 1.0.4/1.0.9

Auth.

4.8
2023-08-08 CVE-2023-28934 Paymentsplugin Cross-site Scripting vulnerability in Paymentsplugin WP Full Stripe Free 1.6.1

Auth.

4.8
2023-08-08 CVE-2023-31221 Ransomchristofferson Cross-site Scripting vulnerability in Ransomchristofferson PDQ CSV 1.0.0

Auth.

4.8
2023-08-08 CVE-2023-32292 Getbutton Cross-site Scripting vulnerability in Getbutton Chat Button

Auth.

4.8
2023-08-08 CVE-2023-23829 Pierre Jehan Cross-site Scripting vulnerability in Pierre-Jehan OWL Carousel 0.5.3

Auth.

4.8
2023-08-08 CVE-2023-25063 Anadnet Cross-site Scripting vulnerability in Anadnet Quick Page/Post Redirect Plugin

Auth.

4.8
2023-08-08 CVE-2023-25459 Postsnippets Cross-site Scripting vulnerability in Postsnippets Post Snippets

Auth.

4.8
2023-08-08 CVE-2023-27415 Themeqx Cross-site Scripting vulnerability in Themeqx Letterpress 1.1.2

Auth.

4.8
2023-08-08 CVE-2023-37683 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.

4.8
2023-08-08 CVE-2023-37684 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.

4.8
2023-08-08 CVE-2023-37685 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.

4.8
2023-08-08 CVE-2023-37686 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Nurse Hiring System 1.0

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.

4.8
2023-08-08 CVE-2023-37688 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.

4.8
2023-08-08 CVE-2023-37689 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.

4.8
2023-08-08 CVE-2023-37690 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Maid Hiring Management System 1.0

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.

4.8
2023-08-08 CVE-2023-27416 Decondigital Cross-site Scripting vulnerability in Decondigital Decon WP SMS 1.1

Auth.

4.8
2023-08-08 CVE-2023-27422 Nsthemes Cross-site Scripting vulnerability in Nsthemes NS Coupon to Become Customer 1.2.2

Auth.

4.8
2023-08-08 CVE-2023-36692 WP Cirrus Project Cross-site Scripting vulnerability in Wp-Cirrus Project Wp-Cirrus 0.6.11

Auth.

4.8
2023-08-07 CVE-2023-3650 WOW Company Unspecified vulnerability in Wow-Company Bubble Menu

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).

4.8
2023-08-11 CVE-2023-22276 Intel Race Condition vulnerability in Intel products

Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.

4.7
2023-08-10 CVE-2023-29299 Adobe Untrusted Search Path vulnerability in Adobe products

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service.

4.7
2023-08-09 CVE-2023-31448 Paessler Path Traversal vulnerability in Paessler Prtg Network Monitor

A path traversal vulnerability was identified in the HL7 sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the HL7 sensor into behaving differently for existing files and non-existing files.

4.7
2023-08-09 CVE-2023-31449 Paessler Path Traversal vulnerability in Paessler Prtg Network Monitor

A path traversal vulnerability was identified in the WMI Custom sensor in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the WMI Custom sensor into behaving differently for existing files and non-existing files.

4.7
2023-08-09 CVE-2023-31450 Paessler Path Traversal vulnerability in Paessler Prtg Network Monitor

A path traversal vulnerability was identified in the SQL v2 sensors in PRTG 23.2.84.1566 and earlier versions where an authenticated user with write permissions could trick the SQL v2 sensors into behaving differently for existing files and non-existing files.

4.7
2023-08-08 CVE-2023-20569 Fedoraproject
Debian
AMD
Microsoft
Information Exposure Through Discrepancy vulnerability in multiple products

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction.

4.7
2023-08-10 CVE-2023-30704 Samsung Unspecified vulnerability in Samsung Internet

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.

4.6
2023-08-08 CVE-2023-35394 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure HDInsight Jupyter Notebook Spoofing Vulnerability

4.6
2023-08-08 CVE-2023-35393 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure Apache Hive Spoofing Vulnerability

4.5
2023-08-08 CVE-2023-36877 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure Apache Oozie Spoofing Vulnerability

4.5
2023-08-08 CVE-2023-36881 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure Apache Ambari Spoofing Vulnerability

4.5
2023-08-08 CVE-2023-38188 Microsoft Unspecified vulnerability in Microsoft Azure Hdinsights

Azure Apache Hadoop Spoofing Vulnerability

4.5
2023-08-11 CVE-2022-27879 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2022-34657 Intel Improper Input Validation vulnerability in Intel Pcsd Bios

Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2022-38083 Intel Improper Initialization vulnerability in Intel products

Improper initialization in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2022-38102 Intel Unspecified vulnerability in Intel Converged Security Management Engine Firmware

Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-08-11 CVE-2022-41984 Intel Unspecified vulnerability in Intel ARC A750 Firmware and ARC A770 Firmware

Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-08-11 CVE-2022-43505 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-08-11 CVE-2023-22330 Intel Use of Uninitialized Resource vulnerability in Intel products

Use of uninitialized resource in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-22356 Intel Improper Initialization vulnerability in Intel products

Improper initialization in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-22444 Intel Improper Initialization vulnerability in Intel products

Improper initialization in some Intel(R) NUC 13 Extreme Compute Element, Intel(R) NUC 13 Extreme Kit, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board and Intel(R) NUC Pro Mini PC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-23908 Intel
Debian
Fedoraproject
Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access.
4.4
2023-08-11 CVE-2023-27392 Intel Incorrect Default Permissions vulnerability in Intel Support 21.7.40/22.02.28

Incorrect default permissions in the Intel(R) Support android application before version v23.02.07 may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-27887 Intel Improper Initialization vulnerability in Intel products

Improper initialization in BIOS firmware for some Intel(R) NUCs may allow a privileged user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-28938 Mdadm Project Resource Exhaustion vulnerability in Mdadm Project Mdadm

Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.

4.4
2023-08-11 CVE-2023-29243 Intel Unchecked Return Value vulnerability in Intel Realsense 450 FA Firmware 0.25.0

Unchecked return value in some Intel(R) RealSense(TM) ID software for Intel(R) RealSense(TM) 450 FA in version 0.25.0 may allow a priviledged user to potentially enable denial of service via local access.

4.4
2023-08-11 CVE-2023-29500 Intel Unspecified vulnerability in Intel products

Exposure of sensitive information to an unauthorized actor in BIOS firmware for some Intel(R) NUCs may allow a privilege user to potentially enable information disclosure via local access.

4.4
2023-08-11 CVE-2023-32285 Intel Unspecified vulnerability in Intel products

Improper access control in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access.

4.4
2023-08-08 CVE-2023-39440 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence 420

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials.

4.4
2023-08-07 CVE-2023-20780 Google Unspecified vulnerability in Google Android 11.0/12.0/13.0

In keyinstall, there is a possible information disclosure due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20781 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In keyinstall, there is a possible memory corruption due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20782 Google Unspecified vulnerability in Google Android 12.0/13.0

In keyinstall, there is a possible information disclosure due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20789 Google Unspecified vulnerability in Google Android 12.0/13.0

In jpeg, there is a possible information disclosure due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20790 Linuxfoundation
Rdkcentral
Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In nvram, there is a possible out of bounds write due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20793 Google Out-of-bounds Write vulnerability in Google Android 12.0/13.0

In apu, there is a possible memory corruption due to a missing bounds check.

4.4
2023-08-07 CVE-2023-20796 Linuxfoundation
Rdkcentral
Google
Openwrt
Out-of-bounds Write vulnerability in multiple products

In power, there is a possible memory corruption due to an incorrect bounds check.

4.4
2023-08-07 CVE-2023-20798 Google Incorrect Calculation of Buffer Size vulnerability in Google Android 12.0/13.0

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size.

4.4
2023-08-07 CVE-2023-20810 Google
Linux
In IOMMU, there is a possible information disclosure due to improper input validation.
4.4
2023-08-07 CVE-2023-20812 Mediatek
Google
Out-of-bounds Write vulnerability in multiple products

In wlan driver, there is a possible out of bounds write due to improper input validation.

4.4
2023-08-07 CVE-2023-20813 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds read due to improper input validation.

4.4
2023-08-07 CVE-2023-20818 Google Out-of-bounds Read vulnerability in Google Android 12.0/13.0

In wlan service, there is a possible out of bounds read due to improper input validation.

4.4
2023-08-07 CVE-2022-47350 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In camera driver, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-08-07 CVE-2022-47351 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0/13.0

In camera driver, there is a possible out of bounds read due to a missing bounds check.

4.4
2023-08-11 CVE-2023-39418 Postgresql
Redhat
Debian
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT.
4.3
2023-08-11 CVE-2023-4105 Mattermost Missing Authorization vulnerability in Mattermost

Mattermost fails to delete the attachments when deleting a message in a thread allowing a simple user to still be able to access and download the attachment of a deleted message

4.3
2023-08-11 CVE-2023-37511 Hcltech Unspecified vulnerability in Hcltech Traveler to DO

If certain App Transport Security (ATS) settings are set in a certain manner, insecure loading of web content can be achieved.

4.3
2023-08-10 CVE-2023-39961 Nextcloud Improper Access Control vulnerability in Nextcloud Server

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform.

4.3
2023-08-10 CVE-2023-39965 Fit2Cloud Incorrect Authorization vulnerability in Fit2Cloud 1Panel 1.4.3

1Panel is an open source Linux server operation and maintenance management panel.

4.3
2023-08-10 CVE-2023-4282 Wpdeveloper Missing Authorization vulnerability in Wpdeveloper Embedpress

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including, 3.8.2.

4.3
2023-08-10 CVE-2023-30703 Samsung Unspecified vulnerability in Samsung Members

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.

4.3
2023-08-09 CVE-2023-24015 Nozominetworks Unspecified vulnerability in Nozominetworks CMC and Guardian

A partial DoS vulnerability has been detected in the Reports section, exploitable by a malicious authenticated user forcing a report to be saved with its name set as null. The reports section will be partially unavailable for all later attempts to use it, with the report list seemingly stuck on loading.

4.3
2023-08-09 CVE-2023-37855 Phoenixcontact Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem within the embedded Qt browser.

4.3
2023-08-09 CVE-2023-37856 Phoenixcontact Externally Controlled Reference to a Resource in Another Sphere vulnerability in Phoenixcontact products

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges is able to gain limited read-access to the device-filesystem through a configuration dialog within the embedded Qt browser .

4.3
2023-08-09 CVE-2023-38751 Jpcert Unspecified vulnerability in Jpcert Special Interest Group Network for Analysis and Liaison

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the organization information of the information receiver that is set as "non-disclosure" in the information provision operation.

4.3
2023-08-09 CVE-2023-38752 Jpcert Unspecified vulnerability in Jpcert Special Interest Group Network for Analysis and Liaison

Improper authorization vulnerability in Special Interest Group Network for Analysis and Liaison versions 4.4.0 to 4.7.7 allows the authorized API users to view the attribute information of the poster that is set as"non-disclosure" in the system settings.

4.3
2023-08-09 CVE-2023-4242 Full Incorrect Authorization vulnerability in Full - Customer

The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization.

4.3
2023-08-08 CVE-2023-36482 Samsung Classic Buffer Overflow vulnerability in Samsung products

An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2023-08-08 CVE-2023-39342 Freedom Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Freedom Dangerzone

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs.

3.6
2023-08-10 CVE-2023-30682 Samsung Unspecified vulnerability in Samsung Android 13.0

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.

3.3
2023-08-10 CVE-2023-30683 Samsung Unspecified vulnerability in Samsung Android 13.0

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.

3.3
2023-08-10 CVE-2023-30684 Samsung Unspecified vulnerability in Samsung Android 13.0

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.

3.3
2023-08-10 CVE-2023-30685 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.

3.3
2023-08-10 CVE-2023-30700 Samsung Unspecified vulnerability in Samsung Android 11.0/12.0

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.

3.3
2023-08-09 CVE-2023-39341 Ffri
Soliton
NEC
Skygroup
Improper Handling of Exceptional Conditions vulnerability in multiple products

"FFRI yarai", "FFRI yarai Home and Business Edition" and their OEM products handle exceptional conditions improperly, which may lead to denial-of-service (DoS) condition.

3.3
2023-08-08 CVE-2023-39978 Imagemagick
Fedoraproject
Memory Leak vulnerability in multiple products

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

3.3
2023-08-11 CVE-2023-4304 Froxlor Unspecified vulnerability in Froxlor

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0.

2.7