Auto Generated cves.json [Tue Oct 17 06:06:18 UTC 2023] 🤖

patch-1
GitHub Action 2023-10-17 06:06:18 +00:00
parent 81bdc0f8b8
commit a5ce59f756
2 changed files with 19 additions and 15 deletions

View File

@ -965,6 +965,7 @@
{"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-6287.yaml"} {"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-6287.yaml"}
{"ID":"CVE-2020-6308","Info":{"Name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-6308.yaml"} {"ID":"CVE-2020-6308","Info":{"Name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-6308.yaml"}
{"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6637.yaml"} {"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6637.yaml"}
{"ID":"CVE-2020-6950","Info":{"Name":"Eclipse Mojarra - Local File Read","Severity":"medium","Description":"Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-6950.yaml"}
{"ID":"CVE-2020-7107","Info":{"Name":"WordPress Ultimate FAQ \u003c1.8.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-7107.yaml"} {"ID":"CVE-2020-7107","Info":{"Name":"WordPress Ultimate FAQ \u003c1.8.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-7107.yaml"}
{"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7136.yaml"} {"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7136.yaml"}
{"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7209.yaml"} {"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7209.yaml"}
@ -1136,6 +1137,7 @@
{"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24997.yaml"} {"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24997.yaml"}
{"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25003.yaml"} {"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25003.yaml"}
{"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25008.yaml"} {"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25008.yaml"}
{"ID":"CVE-2021-25016","Info":{"Name":"Chaty \u003c 2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25016.yaml"}
{"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25028.yaml"} {"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25028.yaml"}
{"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25033.yaml"} {"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25033.yaml"}
{"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"} {"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"}
@ -1441,7 +1443,7 @@
{"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0271.yaml"} {"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0271.yaml"}
{"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0281.yaml"} {"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0281.yaml"}
{"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0288.yaml"} {"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0288.yaml"}
{"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"} {"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"}
{"ID":"CVE-2022-0346","Info":{"Name":"WordPress XML Sitemap Generator for Google \u003c2.0.4 - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0346.yaml"} {"ID":"CVE-2022-0346","Info":{"Name":"WordPress XML Sitemap Generator for Google \u003c2.0.4 - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0346.yaml"}
{"ID":"CVE-2022-0349","Info":{"Name":"WordPress NotificationX \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0349.yaml"} {"ID":"CVE-2022-0349","Info":{"Name":"WordPress NotificationX \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0349.yaml"}
{"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0378.yaml"} {"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0378.yaml"}
@ -1612,7 +1614,7 @@
{"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"} {"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"}
{"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"} {"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"}
{"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"} {"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"}
{"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"} {"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"}
{"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"} {"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"}
{"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"} {"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"}
{"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"} {"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"}
@ -1893,12 +1895,12 @@
{"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"}
{"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"}
{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"} {"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"}
{"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"} {"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"}
{"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"} {"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"}
{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"} {"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"}
{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"} {"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"}
{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"} {"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"}
{"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a privilege escalation vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"} {"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a privilege escalation vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"}
{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"} {"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"}
{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} {"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"}
{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"} {"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"}
@ -1995,7 +1997,7 @@
{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"} {"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"}
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"} {"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"} {"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"high","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"} {"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"high","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"} {"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"high","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"} {"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"}
{"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"} {"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"}
@ -2016,8 +2018,9 @@
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"} {"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"} {"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"} {"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"medium","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"} {"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"} {"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
{"ID":"CVE-2023-3710","Info":{"Name":"Honeywell PM43 Printers - Command Injection","Severity":"critical","Description":"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3710.yaml"}
{"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"} {"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"}
{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"} {"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"}
{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"} {"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"}
@ -2026,6 +2029,7 @@
{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"} {"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"}
{"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"} {"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"}
{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"} {"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"}
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Webmail Server contains a cross-site scripting vulnerability in the /webmail/ color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} {"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} {"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} {"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
@ -2038,20 +2042,20 @@
{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"} {"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"}
{"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"} {"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"}
{"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"} {"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"}
{"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"} {"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"}
{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"} {"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"}
{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"} {"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"}
{"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"low","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"} {"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"high","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"}
{"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"} {"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"}
{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"} {"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"}
{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"} {"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"}
{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"} {"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"}
{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"high","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} {"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"}
{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} {"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"}
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} {"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"} {"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"} {"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"} {"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"} {"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} {"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"}
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} {"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}

View File

@ -1 +1 @@
d075f81058a2f85a9dc9fb3cbac58ec9 c58c529199e7ba365d7d4110f5d5a716