| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2023-34362 |
|
|
Sql |
2023-06-02 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. |
|
2 |
CVE-2023-34339 |
209 |
|
|
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains Ktor before 2.3.1 headers containing authentication data could be added to the exception's message |
|
3 |
CVE-2023-34312 |
|
|
|
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Tencent QQ through 9.7.8.29039 and TIM through 3.4.7.22084, QQProtect.exe and QQProtectEngine.dll do not validate pointers from inter-process communication, which leads to a write-what-where condition. |
|
4 |
CVE-2023-34258 |
|
|
Exec Code |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This account can then be used to achieve remote code execution. |
|
5 |
CVE-2023-34257 |
|
|
Exec Code |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
** DISPUTED ** An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g., masterAgentName or masterAgentStartLine) result in code execution when the agent is restarted. NOTE: the vendor's perspective is "These are not vulnerabilities for us as we have provided the option to implement the authentication." |
|
6 |
CVE-2023-34256 |
|
|
|
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an offset. |
|
7 |
CVE-2023-34255 |
|
|
|
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
An issue was discovered in the Linux kernel through 6.3.5. There is a use-after-free in xfs_btree_lookup_get_block in fs/xfs/libxfs/xfs_btree.c because fs/xfs/xfs_buf_item_recover.c does not perform buffer content verification when log replay is skipped. |
|
8 |
CVE-2023-34229 |
79 |
|
XSS |
2023-05-31 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible |
|
9 |
CVE-2023-34228 |
308 |
|
|
2023-05-31 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions |
|
10 |
CVE-2023-34227 |
749 |
|
|
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks |
|
11 |
CVE-2023-34226 |
79 |
|
XSS |
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible |
|
12 |
CVE-2023-34225 |
79 |
|
XSS |
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible |
|
13 |
CVE-2023-34224 |
601 |
|
|
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible |
|
14 |
CVE-2023-34223 |
532 |
|
|
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases |
|
15 |
CVE-2023-34222 |
79 |
|
XSS |
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible |
|
16 |
CVE-2023-34221 |
79 |
|
XSS |
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible |
|
17 |
CVE-2023-34220 |
79 |
|
XSS |
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible |
|
18 |
CVE-2023-34219 |
863 |
|
|
2023-05-31 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API |
|
19 |
CVE-2023-34218 |
863 |
|
Bypass |
2023-05-31 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible |
|
20 |
CVE-2023-34205 |
|
|
Bypass |
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Thus, signature validation can be bypassed via a Signature Wrapping attack (aka XSW). |
|
21 |
CVE-2023-34204 |
|
|
|
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Both of these are typically world-writable, and thus (for example) an attacker can modify imapsync's cache and overwrite files belonging to the user who runs it. |
|
22 |
CVE-2023-34153 |
|
|
|
2023-05-30 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in ImageMagick. This security flaw causes a shell command injection vulnerability via video:vsync or video:pixel-format options in VIDEO encoding/decoding. |
|
23 |
CVE-2023-34152 |
|
|
Exec Code |
2023-05-30 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. |
|
24 |
CVE-2023-34151 |
|
|
|
2023-05-30 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to size_t in svg, mvg and other coders (recurring bugs of CVE-2022-32546). |
|
25 |
CVE-2023-34094 |
|
|
|
2023-06-02 |
2023-06-02 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability. |
|
26 |
CVE-2023-34092 |
|
|
Bypass |
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Vite provides frontend tooling. Prior to versions 2.9.16, 3.2.7, 4.0.5, 4.1.5, 4.2.3, and 4.3.9, Vite Server Options (`server.fs.deny`) can be bypassed using double forward-slash (//) allows any unauthenticated user to read file from the Vite root-path of the application including the default `fs.deny` settings (`['.env', '.env.*', '*.{crt,pem}']`). Only users explicitly exposing the Vite dev server to the network (using `--host` or `server.host` config option) are affected, and only files in the immediate Vite project root folder could be exposed. This issue is fixed in [email protected], [email protected], [email protected], [email protected], [email protected], and [email protected] |
|
27 |
CVE-2023-34091 |
|
|
Bypass |
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Kyverno is a policy engine designed for Kubernetes. In versions of Kyverno prior to 1.10.0, resources which have the `deletionTimestamp` field defined can bypass validate, generate, or mutate-existing policies, even in cases where the `validationFailureAction` field is set to `Enforce`. This situation occurs as resources pending deletion were being consciously exempted by Kyverno, as a way to reduce processing load as policies are typically not applied to objects which are being deleted. However, this could potentially result in allowing a malicious user to leverage the Kubernetes finalizers feature by setting a finalizer which causes the Kubernetes API server to set the `deletionTimestamp` and then not completing the delete operation as a way to explicitly to bypass a Kyverno policy. Note that this is not applicable to Kubernetes Pods but, as an example, a Kubernetes Service resource can be manipulated using an indefinite finalizer to bypass policies. This is resolved in Kyverno 1.10.0. There is no known workaround. |
|
28 |
CVE-2023-34088 |
|
|
XSS |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker could create a document with an XSS payload as a document name. Later, if an administrator opened the admin console and navigated to the history page, the document name was injected as unescaped HTML and executed as a script inside the context of the admin console. The administrator JSON web token (JWT) used for the websocket connection could be leaked through this flaw. Users should upgrade to Collabora Online 22.05.13 or higher; Collabora Online 21.11.9.1 or higher; Collabora Online 6.4.27 or higher to receive a patch. |
|
29 |
CVE-2023-33983 |
862 |
|
|
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. An introducer can launch man-in-the-middle attacks against later private communication between two introduced parties. |
|
30 |
CVE-2023-33982 |
326 |
|
|
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden service protocol. |
|
31 |
CVE-2023-33981 |
354 |
|
|
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed alongside the spoofed one. |
|
32 |
CVE-2023-33980 |
400 |
|
DoS |
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. |
|
33 |
CVE-2023-33979 |
|
|
+Info |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the `/file` route, leading to sensitive information leakage. This affects users that uses file configurations via `config.py`, `config_private.py`, `Dockerfile`. A patch is available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a workaround, one may use environment variables instead of `config*.py` files to configure this project, or use docker-compose installation to configure this project. |
|
34 |
CVE-2023-33975 |
|
|
DoS Exec Code Overflow |
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. This issue is fixed in pull request 19680. As a workaround, disable support for fragmented IP datagrams. |
|
35 |
CVE-2023-33974 |
|
|
DoS |
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions about the program state and leads to an invalid memory access resulting in denial of service. This issue is patched in pull request 19679. There are no known workarounds. |
|
36 |
CVE-2023-33973 |
|
|
DoS |
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference occurs. This crashes the device leading to denial of service. A patch is available at pull request 19678. There are no known workarounds. |
|
37 |
CVE-2023-33971 |
|
|
Exec Code XSS |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. A probable stored cross-site scripting vulnerability is present in Formcreator 2.13.5 and prior via the use of the use of `##FULLFORM##` for rendering. This could result in arbitrary javascript code execution in an admin/tech context. A patch is unavailable as of time of publication. As a workaround, one may use a regular expression to remove `< > "` in all fields. |
|
38 |
CVE-2023-33967 |
|
|
Sql |
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
EaseProbe is a tool that can do health/status checking. An SQL injection issue was discovered in EaseProbe before 2.1.0 when using MySQL/PostgreSQL data checking. This problem has been fixed in v2.1.0. |
|
39 |
CVE-2023-33966 |
|
|
|
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Deno is a runtime for JavaScript and TypeScript. In deno 1.34.0 and deno_runtime 0.114.0, outbound HTTP requests made using the built-in `node:http` or `node:https` modules are incorrectly not checked against the network permission allow list (`--allow-net`). Dependencies relying on these built-in modules are subject to the vulnerability too. Users of Deno versions prior to 1.34.0 are unaffected. Deno Deploy users are unaffected. This problem has been patched in Deno v1.34.1 and deno_runtime 0.114.1 and all users are recommended to update to this version. No workaround is available for this issue.
|
|
40 |
CVE-2023-33965 |
|
|
Exec Code |
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Brook is a cross-platform programmable network tool. The `tproxy` server is vulnerable to a drive-by command injection. An attacker may fool a victim into visiting a malicious web page which will trigger requests to the local `tproxy` service leading to remote code execution. A patch is available in version 20230606. |
|
41 |
CVE-2023-33964 |
|
|
|
2023-05-31 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Metachain cannot process a cross-shard miniblock. Prior to version 1.4.16, an invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor. This is strictly a processing issue that could have happened on MultiversX chain. If an error like this had occurred, the metachain would have stopped notarizing blocks from the shard chains. The resuming of notarization is possible only after applying a patched binary version. A patch in version 1.4.16 introduces `processIfTxErrorCrossShard` for the metachain transaction processor. There are no known workarounds for this issue.
|
|
42 |
CVE-2023-33963 |
|
|
Exec Code |
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading. |
|
43 |
CVE-2023-33962 |
|
|
Exec Code |
2023-05-30 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
JStachio is a type-safe Java Mustache templating engine. Prior to version 1.0.1, JStachio fails to escape single quotes `'` in HTML, allowing an attacker to inject malicious code. This vulnerability can be exploited by an attacker to execute arbitrary JavaScript code in the context of other users visiting pages that use this template engine. This can lead to various consequences, including session hijacking, defacement of web pages, theft of sensitive information, or even the propagation of malware.
Version 1.0.1 contains a patch for this issue. To mitigate this vulnerability, the template engine should properly escape special characters, including single quotes. Common practice is to escape `'` as `'`. As a workaround, users can avoid this issue by using only double quotes `"` for HTML attributes. |
|
44 |
CVE-2023-33961 |
|
|
Exec Code |
2023-05-30 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time of publication, a patch does not exist. |
|
45 |
CVE-2023-33960 |
|
|
|
2023-06-01 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
OpenProject is web-based project management software. For any OpenProject installation, a `robots.txt` file is generated through the server to denote which routes shall or shall not be accessed by crawlers. These routes contain project identifiers of all public projects in the instance. Prior to version 12.5.6, even if the entire instance is marked as `Login required` and prevents all truly anonymous access, the `/robots.txt` route remains publicly available.
Version 12.5.6 has a fix for this issue. Alternatively, users can download a patchfile to apply the patch to any OpenProject version greater than 10.0 As a workaround, one may mark any public project as non-public and give anyone in need of access to the project a membership. |
|
46 |
CVE-2023-33955 |
|
|
|
2023-05-30 |
2023-05-30 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0.
|
|
47 |
CVE-2023-33950 |
1333 |
|
|
2023-05-24 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs. |
|
48 |
CVE-2023-33949 |
1188 |
|
|
2023-05-24 |
2023-05-31 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property `company.security.strangers.verify` should be set to true. |
|
49 |
CVE-2023-33948 |
862 |
|
|
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote attackers to download any file from Document and Media via a crafted URL. |
|
50 |
CVE-2023-33947 |
|
|
|
2023-05-24 |
2023-06-01 |
0.0 |
None |
??? |
??? |
??? |
??? |
??? |
??? |
|
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition. |
