US-CERT Bulletin (SB23-037):Vulnerability Summary for the Week of January 30, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
qnap — qts | A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later | 2023-01-30 | 9.8 | CVE-2022-27596 MISC |
changingtec — megaservisignadapter | ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service. | 2023-01-31 | 9.8 | CVE-2022-39060 MISC |
sscms — siteserver_cms | SiteServer CMS 7.1.3 is vulnerable to SQL Injection. | 2023-01-27 | 9.8 | CVE-2022-44298 MISC |
limesurvey — limesurvey | An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. | 2023-01-27 | 9.8 | CVE-2022-48008 MISC |
opencats — opencats | Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. | 2023-01-27 | 9.8 | CVE-2022-48011 MISC MISC |
bank_locker_management_system_project — bank_locker_management_system | A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716. | 2023-01-28 | 9.8 | CVE-2023-0562 MISC MISC MISC |
thinking_software_technology — efence | Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. | 2023-01-31 | 9.8 | CVE-2023-22900 MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-219702 is the identifier assigned to this vulnerability. | 2023-01-28 | 8.8 | CVE-2023-0561 MISC MISC MISC |
phicomm — k2_firmware | Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | 2023-01-27 | 7.8 | CVE-2022-48070 MISC |
phicomm — k2_firmware | Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. | 2023-01-27 | 7.8 | CVE-2022-48072 MISC |
changingtec — megaservisignadapter |
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. | 2023-01-31 | 7.5 | CVE-2022-39059 MISC |
phicomm — k2_firmware | Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | 2023-01-27 | 7.5 | CVE-2022-48071 MISC |
phicomm — k2_firmware | Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. | 2023-01-27 | 7.5 | CVE-2022-48073 MISC |
froxlor — froxlor | Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-01-29 | 7.5 | CVE-2023-0564 CONFIRM MISC |
openmage — magento | OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. | 2023-01-27 | 7.2 | CVE-2021-39217 MISC MISC MISC MISC |
ayacms_project — ayacms | AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. | 2023-01-27 | 7.2 | CVE-2022-48116 MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability. | 2023-01-28 | 7.2 | CVE-2023-0560 MISC MISC MISC |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
changingtec — megaservisignadapter | ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services. | 2023-01-31 | 6.5 | CVE-2022-39061 MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability. | 2023-01-27 | 6.3 | CVE-2023-0528 MISC MISC MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability. | 2023-01-27 | 6.3 | CVE-2023-0529 MISC MISC MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. | 2023-01-27 | 6.1 | CVE-2022-44024 MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. | 2023-01-27 | 6.1 | CVE-2022-44025 MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. | 2023-01-27 | 6.1 | CVE-2022-44026 MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. | 2023-01-27 | 6.1 | CVE-2022-44027 MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. | 2023-01-27 | 6.1 | CVE-2022-44028 MISC |
netscout — ngeniusone | An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. | 2023-01-27 | 6.1 | CVE-2022-44029 MISC |
opencats — opencats | Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. | 2023-01-27 | 6.1 | CVE-2022-48012 MISC MISC |
jorani_project — jorani | Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. | 2023-01-27 | 6.1 | CVE-2022-48118 MISC |
piwigo — piwigo | A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. | 2023-01-27 | 5.4 | CVE-2022-48007 MISC |
limesurvey — limesurvey | LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. | 2023-01-27 | 5.4 | CVE-2022-48010 MISC |
opencats — opencats | Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields. | 2023-01-27 | 5.4 | CVE-2022-48013 MISC MISC |
bank_locker_management_system_project — bank_locker_management_system | A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability. | 2023-01-28 | 4.8 | CVE-2023-0563 MISC MISC MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600. | 2023-01-27 | 4.7 | CVE-2023-0531 MISC MISC MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability. | 2023-01-27 | 4.7 | CVE-2023-0532 MISC MISC MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability. | 2023-01-27 | 4.7 | CVE-2023-0533 MISC MISC MISC |
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603. | 2023-01-27 | 4.7 | CVE-2023-0534 MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
wordcraft — wordcraft |
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. | 2023-01-29 | not yet calculated | CVE-2009-10003 MISC MISC MISC MISC |
fanzila — webfinance | A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. | 2023-02-03 | not yet calculated | CVE-2013-10015 MISC MISC MISC |
fanzila — webfinance | A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. | 2023-02-03 | not yet calculated | CVE-2013-10016 MISC MISC MISC |
fanzila — webfinance | A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. | 2023-02-04 | not yet calculated | CVE-2013-10017 MISC MISC MISC |
fanzila — webfinance | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2013-10018 MISC MISC MISC |
nrel — api-umbrella-web | A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. | 2023-02-04 | not yet calculated | CVE-2015-10072 MISC MISC MISC MISC |
mosbth — cimage | A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER[‘SERVER_SOFTWARE’] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715. | 2023-01-29 | not yet calculated | CVE-2016-15022 MISC MISC MISC MISC |
sitefusion — application_server | A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. | 2023-01-31 | not yet calculated | CVE-2016-15023 MISC MISC MISC MISC MISC |
segmentio — is-url | A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2018-25079 MISC MISC MISC MISC MISC |
mobiledetect — mobiledetect | A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2018-25080 MISC MISC MISC MISC MISC |
sage — frp_1000 | A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. | 2023-01-27 | not yet calculated | CVE-2019-25053 MISC |
onshift — turbogears | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | 2023-02-04 | not yet calculated | CVE-2019-25101 MISC MISC MISC MISC MISC |
portfoliocms — portfoliocms | Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. | 2023-01-31 | not yet calculated | CVE-2020-20402 MISC |
mremoteng — mremoteng | An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. | 2023-02-02 | not yet calculated | CVE-2020-24307 MISC MISC |
schnieder_electric — multiple_products |
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions) | 2023-02-01 | not yet calculated | CVE-2021-22786 MISC |
hewlett_packard — hp_pc_bios |
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. | 2023-02-01 | not yet calculated | CVE-2021-3439 MISC |
phpwcms — phpwcms | An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | 2023-02-03 | not yet calculated | CVE-2021-36424 MISC |
phpwcms — phpwcms | Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 2023-02-03 | not yet calculated | CVE-2021-36425 MISC |
phpwcms — phpwcms | File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | 2023-02-03 | not yet calculated | CVE-2021-36426 MISC |
jcoms — jcoms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | 2023-02-03 | not yet calculated | CVE-2021-36431 MISC |
jcoms — jcoms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | 2023-02-03 | not yet calculated | CVE-2021-36432 MISC |
jcoms — jcoms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | 2023-02-03 | not yet calculated | CVE-2021-36433 MISC |
jcoms — jcoms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | 2023-02-03 | not yet calculated | CVE-2021-36434 MISC |
imcat — imcat | Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | 2023-02-03 | not yet calculated | CVE-2021-36443 MISC |
imcat — imcat | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | 2023-02-03 | not yet calculated | CVE-2021-36444 MISC |
jizhicms — jizhicms | SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | 2023-02-03 | not yet calculated | CVE-2021-36484 MISC |
allegro — allegro | Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. | 2023-02-03 | not yet calculated | CVE-2021-36489 MISC |
xpdfreader — xpdfimages | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | 2023-02-03 | not yet calculated | CVE-2021-36493 MISC |
native-php-cms — native-php-cms | SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | 2023-02-03 | not yet calculated | CVE-2021-36503 MISC |
portfoliocms — portfoliocms | Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. | 2023-02-03 | not yet calculated | CVE-2021-36532 MISC |
cesanta_software — mjs | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | 2023-02-03 | not yet calculated | CVE-2021-36535 MISC |
gurock_holding_gmbh — testrail | Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | 2023-02-03 | not yet calculated | CVE-2021-36538 MISC |
tcpms — tcpms | Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | 2023-02-03 | not yet calculated | CVE-2021-36544 MISC |
tcpms — tcpms | Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | 2023-02-03 | not yet calculated | CVE-2021-36545 MISC |
kitecms — kitecms | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | 2023-02-03 | not yet calculated | CVE-2021-36546 MISC |
fuel-cms — fuel-cms | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | 2023-02-03 | not yet calculated | CVE-2021-36569 MISC |
fuel-cms — fuel-cms | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2—. | 2023-02-03 | not yet calculated | CVE-2021-36570 MISC |
yzmcms — yzmcms | Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | 2023-02-03 | not yet calculated | CVE-2021-36712 MISC MISC |
modern_honey_network — modern_honey_network | Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | 2023-02-03 | not yet calculated | CVE-2021-37234 MISC |
jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 2023-02-03 | not yet calculated | CVE-2021-37304 MISC |
jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | 2023-02-03 | not yet calculated | CVE-2021-37305 MISC |
jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | 2023-02-03 | not yet calculated | CVE-2021-37306 MISC |
fcitx5 — fcitx5 | Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application’s listening port. | 2023-02-03 | not yet calculated | CVE-2021-37311 MISC MISC |
asus — rt-ac68u | Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. | 2023-02-03 | not yet calculated | CVE-2021-37315 MISC |
asus — rt-ac68u | SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 2023-02-03 | not yet calculated | CVE-2021-37316 MISC |
asus — rt-ac68u | Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. | 2023-02-03 | not yet calculated | CVE-2021-37317 MISC |
pbootcms — pbootcms | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | 2023-02-03 | not yet calculated | CVE-2021-37497 MISC MISC |
hdfgroup — hdf5-h5dump | Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. | 2023-02-03 | not yet calculated | CVE-2021-37501 MISC MISC |
automad — automad | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | 2023-02-03 | not yet calculated | CVE-2021-37502 MISC |
vimium_extension — vimium_extension | Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. | 2023-02-03 | not yet calculated | CVE-2021-37518 MISC MISC |
memcached — memcached | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. | 2023-02-03 | not yet calculated | CVE-2021-37519 MISC MISC |
hp — bios | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | 2023-02-01 | not yet calculated | CVE-2021-3808 MISC |
hp — bios | Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. | 2023-02-01 | not yet calculated | CVE-2021-3809 MISC |
nyuccl — psiturk | A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676. | 2023-01-28 | not yet calculated | CVE-2021-4315 MISC MISC MISC MISC MISC |
wireguard — wireguard | WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim’s system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. | 2023-01-29 | not yet calculated | CVE-2021-46873 MISC |
schneider_electric — ecostruxure_power_commission | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | 2023-01-30 | not yet calculated | CVE-2022-0223 MISC |
nemo-appium — nemo-appium | Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports.setup’ function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | 2023-01-31 | not yet calculated | CVE-2022-21129 MISC MISC MISC |
ibm — tivoli_workload_scheduler | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. | 2023-02-03 | not yet calculated | CVE-2022-22486 MISC MISC |
schneider_electric — ecostruxure_power_commission | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | 2023-01-30 | not yet calculated | CVE-2022-22731 MISC |
schneider_electric — ecostruxure_power_commission | A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | 2023-01-30 | not yet calculated | CVE-2022-22732 MISC |
schneider_electric — igss_data_server | A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22073) | 2023-02-01 | not yet calculated | CVE-2022-2329 MISC |
ip-label — newtest | The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. | 2023-01-30 | not yet calculated | CVE-2022-23334 MISC MISC MISC |
hp_inc — hp_support_assistant | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | 2023-02-01 | not yet calculated | CVE-2022-23453 MISC |
hp_inc — hp_support_assistant | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | 2023-02-01 | not yet calculated | CVE-2022-23454 MISC |
hp_inc — hp_support_assistant | Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | 2023-02-01 | not yet calculated | CVE-2022-23455 MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. | 2023-02-03 | not yet calculated | CVE-2022-23498 MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. | 2023-01-27 | not yet calculated | CVE-2022-23552 MISC MISC MISC MISC MISC |
schneider_electric – igss_data_server_igssdataserverexe | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22073) | 2023-02-01 | not yet calculated | CVE-2022-24324 MISC |
symfony — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4. | 2023-02-03 | not yet calculated | CVE-2022-24894 MISC MISC |
symfony — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. | 2023-02-03 | not yet calculated | CVE-2022-24895 MISC MISC MISC MISC |
apache — portable_runtime_utility |
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. | 2023-01-31 | not yet calculated | CVE-2022-24963 MISC |
apache — portable_runtime_utility | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. | 2023-01-31 | not yet calculated | CVE-2022-25147 MISC |
wordpress — wordpress | The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key | 2023-02-02 | not yet calculated | CVE-2022-2546 MISC |
cache_semantics — cache_semantics | This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. | 2023-01-31 | not yet calculated | CVE-2022-25881 MISC MISC MISC |
snyk — is-http2 | All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. | 2023-02-01 | not yet calculated | CVE-2022-25906 MISC MISC |
snyk — mt7688-wiscan | Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the ‘wiscan.scan’ function. | 2023-02-01 | not yet calculated | CVE-2022-25916 MISC MISC MISC |
snyk — servst | Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. | 2023-01-30 | not yet calculated | CVE-2022-25936 MISC MISC MISC |
snyk — eta | Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. | 2023-01-30 | not yet calculated | CVE-2022-25967 MISC MISC MISC MISC |
snyk — jsuites | Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. | 2023-01-31 | not yet calculated | CVE-2022-25979 MISC MISC MISC MISC |
ami — megarac_spx-12 | AMI Megarac Password reset interception via API | 2023-01-30 | not yet calculated | CVE-2022-26872 MISC |
hp — bios | Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. | 2023-02-01 | not yet calculated | CVE-2022-27537 MISC |
hp — bios | A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. | 2023-02-01 | not yet calculated | CVE-2022-27538 MISC |
apache — portable_runtime_utility | On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. | 2023-01-31 | not yet calculated | CVE-2022-28331 MISC |
schneider_electric — somachine_hvac | A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0) | 2023-01-30 | not yet calculated | CVE-2022-2988 MISC |
toshiba — storage_security_software | Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | 2023-01-31 | not yet calculated | CVE-2022-30421 MISC MISC MISC MISC |
landisgyr – e850_zmq200 | All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device’s web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values. | 2023-02-01 | not yet calculated | CVE-2022-3083 MISC |
bestechnic — bluetooth_mesh_sdk | In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. | 2023-02-01 | not yet calculated | CVE-2022-30904 MISC |
cypress — bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. | 2023-02-01 | not yet calculated | CVE-2022-31363 MISC |
cypress — bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 | Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. | 2023-02-01 | not yet calculated | CVE-2022-31364 MISC |
cloud_foundry — diego/cf_deployment |
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate. | 2023-02-03 | not yet calculated | CVE-2022-31733 MISC |
notepad++ — notepad++ | Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). | 2023-02-01 | not yet calculated | CVE-2022-31902 MISC MISC |
dell — bios | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | 2023-02-01 | not yet calculated | CVE-2022-32482 MISC |
schneider_electric — canbrass | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1) | 2023-01-30 | not yet calculated | CVE-2022-32512 MISC |
schneider_electric — multiple_products | A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0) | 2023-01-30 | not yet calculated | CVE-2022-32513 MISC |
schneider_electric — multiple_products | A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0) | 2023-01-30 | not yet calculated | CVE-2022-32514 MISC |
schneider_electric — context_combox | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions) | 2023-01-30 | not yet calculated | CVE-2022-32515 MISC |
schneider_electric — context_combox | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) | 2023-01-30 | not yet calculated | CVE-2022-32516 MISC |
schneider_electric — context_combox | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions) | 2023-01-30 | not yet calculated | CVE-2022-32517 MISC |
schneider_electric — data_center_expert | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) | 2023-01-30 | not yet calculated | CVE-2022-32518 MISC |
schneider_electric — data_center_expert | A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) | 2023-01-30 | not yet calculated | CVE-2022-32519 MISC |
schneider_electric — data_center_expert | A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) | 2023-01-30 | not yet calculated | CVE-2022-32520 MISC |
schneider_electric — data_center_expert | A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) | 2023-01-30 | not yet calculated | CVE-2022-32521 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32522 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32523 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32524 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32525 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32526 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32527 MISC |
schneider_electric — igss_data_server | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32528 MISC |
schneider_electric — igss_data_server | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) | 2023-01-30 | not yet calculated | CVE-2022-32529 MISC |
schneider_electric — ecostruxure_cybersecurity_admin_expert |
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | 2023-01-30 | not yet calculated | CVE-2022-32747 MISC |
schneider_electric — ecostruxure_cybersecurity_admin_expert | A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) | 2023-01-30 | not yet calculated | CVE-2022-32748 MISC |
btcpay_server — btcpay_server | BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn’t using the internal lightning node, the credentials of a lightning node are exposed. | 2023-01-31 | not yet calculated | CVE-2022-32984 MISC |
mitsubishi_electric_corporation — multiple_products | Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. | 2023-02-02 | not yet calculated | CVE-2022-33323 MISC MISC MISC |
biltema — ip/baby_camera_software | Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | 2023-02-03 | not yet calculated | CVE-2022-34138 MISC MISC |
dell – openmanage_server_administrator | Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. | 2023-02-01 | not yet calculated | CVE-2022-34396 MISC |
dell — bios |
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. | 2023-02-01 | not yet calculated | CVE-2022-34398 MISC |
dell — bios |
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. | 2023-02-01 | not yet calculated | CVE-2022-34400 MISC |
dell — bios |
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. | 2023-02-01 | not yet calculated | CVE-2022-34403 MISC |
dell — rugged _control_center | Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. | 2023-02-01 | not yet calculated | CVE-2022-34443 MISC |
dell — multiple_products | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | 2023-02-01 | not yet calculated | CVE-2022-34458 MISC |
dell — multiple_products | Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. | 2023-02-01 | not yet calculated | CVE-2022-34459 MISC |
lenovo — xclarity_controller | A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. | 2023-01-30 | not yet calculated | CVE-2022-34884 MISC |
motorola — mr2600 | An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. | 2023-01-30 | not yet calculated | CVE-2022-34885 MISC |
lenovo — xclarity_controller | The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. | 2023-01-30 | not yet calculated | CVE-2022-34888 MISC |
pesign — pesign | A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the ‘pesign’ group. However, the script doesn’t check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. | 2023-02-02 | not yet calculated | CVE-2022-3560 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. | 2023-02-02 | not yet calculated | CVE-2022-36401 MISC |
dotcms — tempfileapi | In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. | 2023-02-01 | not yet calculated | CVE-2022-37033 MISC |
dotcms — tempfileresource |
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. | 2023-02-01 | not yet calculated | CVE-2022-37034 MISC |
docker — docker | Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. | 2023-01-31 | not yet calculated | CVE-2022-37708 MISC MISC MISC |
ibm — trivoli_workload_scheduler | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. | 2023-02-03 | not yet calculated | CVE-2022-38389 MISC MISC |
talos — freshtomato | A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | 2023-01-30 | not yet calculated | CVE-2022-38451 MISC |
rapid7 — multiple_products | Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server’s FQDN or redirect legitimate traffic to the attacker’s server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. | 2023-02-01 | not yet calculated | CVE-2022-3913 MISC MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. | 2023-01-27 | not yet calculated | CVE-2022-39324 MISC MISC MISC MISC MISC |
wire — web-app | Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result. | 2023-01-27 | not yet calculated | CVE-2022-39380 MISC |
italtel — netmatch-s_ci | Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). | 2023-01-27 | not yet calculated | CVE-2022-39811 MISC |
italtel — netmatch-s_ci | Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. | 2023-01-27 | not yet calculated | CVE-2022-39812 MISC |
italtel — netmatch-s_ci | Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it. | 2023-01-27 | not yet calculated | CVE-2022-39813 MISC |
hewlett_packard — hpfsviewer | HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. | 2023-02-01 | not yet calculated | CVE-2022-3990 MISC |
lenovo — multiple_products | An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | 2023-01-30 | not yet calculated | CVE-2022-40134 MISC |
lenovo — multiple_products | An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | 2023-01-30 | not yet calculated | CVE-2022-40135 MISC |
lenovo — multiple_products | An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. | 2023-01-30 | not yet calculated | CVE-2022-40136 MISC |
lenovo — multiple_products | A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2023-01-30 | not yet calculated | CVE-2022-40137 MISC |
ami — megarac | AMI Megarac Weak password hashes for Redfish & API | 2023-01-31 | not yet calculated | CVE-2022-40258 MISC |
mitsubishi_electric — multiple_products | Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. | 2023-02-02 | not yet calculated | CVE-2022-40268 MISC MISC |
mitsubishi_electric — multiple_products | Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users’ browsers or spoof legitimate users by abusing inappropriate HTML attributes. | 2023-02-02 | not yet calculated | CVE-2022-40269 MISC MISC |
hitachi — storage_plug-in_for_vmware_vcenter | Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. | 2023-01-31 | not yet calculated | CVE-2022-4041 MISC |
schneider_electric — ecostruxure_power_commission | A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | 2023-02-01 | not yet calculated | CVE-2022-4062 MISC |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. | 2023-02-02 | not yet calculated | CVE-2022-40692 MISC |
gitlab — gitlab | A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. | 2023-01-27 | not yet calculated | CVE-2022-4201 CONFIRM MISC |
gitlab — gitlab | In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. | 2023-01-27 | not yet calculated | CVE-2022-4205 MISC CONFIRM |
gitlab — gitlab | A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | 2023-02-01 | not yet calculated | CVE-2022-4206 CONFIRM MISC |
talos — freshtomato | An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2023-01-30 | not yet calculated | CVE-2022-42484 MISC |
sssd — sssd | sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters | 2023-02-01 | not yet calculated | CVE-2022-4254 MISC MISC MISC MISC |
gitlab — gitlab | An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. | 2023-01-27 | not yet calculated | CVE-2022-4255 MISC CONFIRM |
wepa — print_away | WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions. | 2023-02-03 | not yet calculated | CVE-2022-42908 CONFIRM CONFIRM |
wepa — print_away | WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. | 2023-02-03 | not yet calculated | CVE-2022-42909 CONFIRM CONFIRM |
schneider_electric — multiple_products | A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) | 2023-02-01 | not yet calculated | CVE-2022-42970 MISC |
schneider_electric — multiple_products |
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) | 2023-02-01 | not yet calculated | CVE-2022-42971 MISC |
schneider_electric — multiple_products | A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) | 2023-02-01 | not yet calculated | CVE-2022-42972 MISC |
schneider_electric — multiple_products | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) | 2023-02-01 | not yet calculated | CVE-2022-42973 MISC |
wordpress — wordpress | The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. | 2023-01-30 | not yet calculated | CVE-2022-4306 MISC |
estsoft — alyac | A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | 2023-02-02 | not yet calculated | CVE-2022-43665 MISC |
ibm — app_connect_enterprise_certified_container | IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. | 2023-02-01 | not yet calculated | CVE-2022-43922 MISC MISC |
wordpress — wordpress | The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. | 2023-01-30 | not yet calculated | CVE-2022-4395 MISC |
pandora_fms — pandora_fms | There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | 2023-01-27 | not yet calculated | CVE-2022-43978 CONFIRM |
pandora_fms — pandora_fms | There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. | 2023-01-27 | not yet calculated | CVE-2022-43979 CONFIRM |
pandora_fms — pandora_fms | There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. | 2023-01-27 | not yet calculated | CVE-2022-43980 CONFIRM |
hitachi — storage_plug-in_for_vmware_vcenter | Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. | 2023-01-31 | not yet calculated | CVE-2022-4441 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. | 2023-02-02 | not yet calculated | CVE-2022-44585 MISC |
apache — linkis | In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3 | 2023-01-31 | not yet calculated | CVE-2022-44644 MISC |
apache — linkis | In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1. | 2023-01-31 | not yet calculated | CVE-2022-44645 MISC |
wordpress — wordpress | The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4470 MISC |
wordpress — wordpress | The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4472 MISC |
apollotheme — ap_pagebuilder | A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. | 2023-01-31 | not yet calculated | CVE-2022-44897 MISC MISC |
wordpress — wordpress | The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in. | 2023-01-30 | not yet calculated | CVE-2022-4496 MISC MISC MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. | 2023-02-02 | not yet calculated | CVE-2022-45067 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. | 2023-02-01 | not yet calculated | CVE-2022-45095 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. | 2023-02-01 | not yet calculated | CVE-2022-45096 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | 2023-02-01 | not yet calculated | CVE-2022-45097 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. | 2023-02-01 | not yet calculated | CVE-2022-45098 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | 2023-02-01 | not yet calculated | CVE-2022-45099 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. | 2023-02-01 | not yet calculated | CVE-2022-45100 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.0.0.x – 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. | 2023-02-01 | not yet calculated | CVE-2022-45101 MISC |
dell — emc_data_protection_central | Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections. | 2023-02-01 | not yet calculated | CVE-2022-45102 MISC |
livebox — collaboration_vdesk | An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. | 2023-01-31 | not yet calculated | CVE-2022-45172 MISC |
eq — eq | EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. | 2023-01-31 | not yet calculated | CVE-2022-45297 MISC |
identityiq — multiple_products | IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. | 2023-01-31 | not yet calculated | CVE-2022-45435 MISC |
json.h — json_parse_string | Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | not yet calculated | CVE-2022-45491 MISC MISC |
json.h — json_parse_string | Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | not yet calculated | CVE-2022-45492 MISC MISC |
json.h — json_parse_string | Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | not yet calculated | CVE-2022-45493 MISC |
json.h — json_parse_string | Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-01-31 | not yet calculated | CVE-2022-45494 MISC MISC MISC MISC |
json.h — json_parse_string | Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | not yet calculated | CVE-2022-45496 MISC MISC |
wordpress — wordpress | The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 2023-01-30 | not yet calculated | CVE-2022-4552 MISC |
wordpress — wordpress | The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables | 2023-01-30 | not yet calculated | CVE-2022-4553 MISC |
talend — remote_engine_gen_2 | XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. | 2023-02-03 | not yet calculated | CVE-2022-45588 MISC MISC |
joplin — desktop_app | Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. | 2023-01-31 | not yet calculated | CVE-2022-45598 MISC MISC |
dotcms — dotcms | An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. | 2023-02-01 | not yet calculated | CVE-2022-45782 MISC |
dotcms — dotcms | An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. | 2023-02-01 | not yet calculated | CVE-2022-45783 MISC |
apache — age |
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn’t careful. The developer of the Golang and Pyton drivers didn’t fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn’t a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters – that would be passed in and that the cypher() function transform needs to be resolved – are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can’t be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session’s pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks. | 2023-02-04 | not yet calculated | CVE-2022-45786 MISC |
schneider_electric — multiple_products | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU – part numbers BMXP34* (All Versions), Modicon M580 CPU – part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety – part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor – 171CBU* (All Versions), Modicon MC80 – BMKC80 (All Versions), Legacy Modicon Quantum – 140CPU65* and Premium CPUs – TSXP57* (All Versions) | 2023-01-30 | not yet calculated | CVE-2022-45788 MISC |
schneider_electric — multiple_products | A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU – part numbers BMXP34* (All Versions), Modicon M580 CPU – part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety – part numbers BMEP58*S and BMEH58*S (All Versions) | 2023-01-31 | not yet calculated | CVE-2022-45789 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. | 2023-02-02 | not yet calculated | CVE-2022-45807 MISC |
xerox — workcentre | On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. | 2023-01-31 | not yet calculated | CVE-2022-45897 MISC MISC |
cloudschool — cloudschool | CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. | 2023-01-30 | not yet calculated | CVE-2022-46087 MISC MISC |
delta_electronics — cncsoft_screeneditor | All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | 2023-02-03 | not yet calculated | CVE-2022-4634 MISC |
hp — security_manager | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | 2023-01-30 | not yet calculated | CVE-2022-46356 MISC |
hp — security_manager | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | 2023-01-30 | not yet calculated | CVE-2022-46357 MISC |
hp — security_manager |
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | 2023-01-30 | not yet calculated | CVE-2022-46358 MISC |
hp — security_manager | Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. | 2023-01-30 | not yet calculated | CVE-2022-46359 MISC |
wordpress — wordpress | The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4649 MISC |
wordpress — wordpress |
The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4651 MISC |
wordpress — wordpress |
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4654 MISC |
d-link — dir-846 |
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. | 2023-02-02 | not yet calculated | CVE-2022-46552 MISC MISC MISC MISC MISC MISC |
responsive_filemanager — responsive_filemanager | An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. | 2023-02-02 | not yet calculated | CVE-2022-46604 MISC MISC MISC |
wordpress — wordpress | The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4667 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 8.2.x, 9.0.0.x – 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2023-02-01 | not yet calculated | CVE-2022-46679 MISC |
wordpress — wordpress | The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4671 MISC |
dell — vxrail |
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container’s underlying OS. Exploitation may lead to a system take over by an attacker. | 2023-02-01 | not yet calculated | CVE-2022-46756 MISC |
wordpress — wordpress | The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 2023-01-30 | not yet calculated | CVE-2022-4680 MISC |
conditional_shipping_for_woocommerce — conditional_shipping_for_woocommerce | Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. | 2023-02-02 | not yet calculated | CVE-2022-46815 MISC |
identityiq — identityiq | IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. | 2023-01-31 | not yet calculated | CVE-2022-46835 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. | 2023-02-02 | not yet calculated | CVE-2022-46842 MISC |
kkfileview — kkfileview | kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | 2023-02-01 | not yet calculated | CVE-2022-46934 MISC |
prestashop — prestashop | PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. | 2023-02-02 | not yet calculated | CVE-2022-46965 MISC MISC MISC |
revenue_collection_system — revenue_collection_system | A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. | 2023-01-27 | not yet calculated | CVE-2022-46968 MISC |
wordpress — wordpress | The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4699 MISC |
masa_cms — masa_cms | A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. | 2023-02-01 | not yet calculated | CVE-2022-47002 MISC MISC |
mura_cms — mura_cms | A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | 2023-02-01 | not yet calculated | CVE-2022-47003 MISC MISC MISC MISC |
d-link — dir-825 | Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. | 2023-01-31 | not yet calculated | CVE-2022-47035 MISC MISC |
nvs365 — nvs365 | NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | 2023-02-03 | not yet calculated | CVE-2022-47070 MISC MISC |
academy_lms — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | 2023-02-03 | not yet calculated | CVE-2022-47130 MISC MISC MISC |
academy_lms — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | 2023-02-03 | not yet calculated | CVE-2022-47131 MISC MISC MISC MISC MISC |
academy_lms — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | 2023-02-03 | not yet calculated | CVE-2022-47132 MISC MISC MISC |
wordpress — wordpress | The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4749 MISC |
wordpress — wordpress | The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4763 MISC |
wordpress — wordpress | The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4765 MISC |
comfast — cf-wr623n | COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. | 2023-01-31 | not yet calculated | CVE-2022-47697 MISC |
comfast — cf-wr623n | COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router. | 2023-01-31 | not yet calculated | CVE-2022-47698 MISC |
comfast — cf-wr623n | COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. | 2023-01-31 | not yet calculated | CVE-2022-47699 MISC |
comfast — cf-wr623n | COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. | 2023-01-31 | not yet calculated | CVE-2022-47700 MISC |
comfast — cf-wr623n | COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS). | 2023-01-31 | not yet calculated | CVE-2022-47701 MISC |
last_yard_22.09.8-1 — last_yard_22.09.8-1 | Last Yard 22.09.8-1 does not enforce HSTS headers | 2023-02-01 | not yet calculated | CVE-2022-47714 MISC |
last_yard_22.09.8-1 — last_yard_22.09.8-1 | In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. | 2023-02-01 | not yet calculated | CVE-2022-47715 MISC |
last_yard_22.09.8-1 — last_yard_22.09.8-1 | Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). | 2023-02-01 | not yet calculated | CVE-2022-47717 MISC |
wordpress — wordpress | The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4776 MISC |
gin-vue-admin — gin-vue-admin | In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | 2023-02-03 | not yet calculated | CVE-2022-47762 MISC |
serenissima — informatica_fast_checkin | Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. | 2023-02-01 | not yet calculated | CVE-2022-47768 MISC MISC |
serenissima — informatica_fast_checkin | An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. | 2023-02-01 | not yet calculated | CVE-2022-47769 MISC MISC |
serenissima — informatica_fast_checkin | Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. | 2023-02-01 | not yet calculated | CVE-2022-47770 MISC MISC MISC |
bangresto — bangresto | SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter. | 2023-01-31 | not yet calculated | CVE-2022-47780 MISC |
wordpress — wordpress | The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4781 MISC |
i-librarian — i-librarian | i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. | 2023-01-31 | not yet calculated | CVE-2022-47854 MISC MISC |
wordpress — wordpress | Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4787 MISC |
maccms10 — maccms10 | maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). | 2023-02-01 | not yet calculated | CVE-2022-47872 MISC |
netcad_keos — netcad_keos | Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). | 2023-01-31 | not yet calculated | CVE-2022-47873 MISC |
wordpress — wordpress | The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4792 MISC |
wordpress — wordpress | The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2022-4793 MISC |
wordpress — wordpress | The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. | 2023-01-30 | not yet calculated | CVE-2022-4794 MISC |
ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. | 2023-02-01 | not yet calculated | CVE-2022-47983 MISC MISC |
taocms — taocms | An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. | 2023-01-30 | not yet calculated | CVE-2022-48006 MISC |
zammad — zammad | A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. | 2023-02-03 | not yet calculated | CVE-2022-48021 MISC |
zammad — zammad | An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. | 2023-02-03 | not yet calculated | CVE-2022-48022 MISC |
zammad — zammad | Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | 2023-02-03 | not yet calculated | CVE-2022-48023 MISC |
nomachine — nomachine | An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. | 2023-02-03 | not yet calculated | CVE-2022-48074 MISC |
aapanel — aapanel | Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | 2023-02-02 | not yet calculated | CVE-2022-48079 MISC MISC |
easyone_crm — easyone_crm | Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. | 2023-02-02 | not yet calculated | CVE-2022-48082 MISC |
seacms — seacms | Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. | 2023-02-01 | not yet calculated | CVE-2022-48093 MISC |
lmxcms — lmxcms | lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. | 2023-02-01 | not yet calculated | CVE-2022-48094 MISC |
d-link — dir-878 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | 2023-01-27 | not yet calculated | CVE-2022-48107 MISC MISC |
d-link — dir-878 | D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. | 2023-01-27 | not yet calculated | CVE-2022-48108 MISC MISC |
totolink — n200re_v5 | A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. | 2023-02-02 | not yet calculated | CVE-2022-48113 MISC |
ruoyi — ruoyi | RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | 2023-02-02 | not yet calculated | CVE-2022-48114 MISC |
tenda — w20e | Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. | 2023-02-02 | not yet calculated | CVE-2022-48130 MISC |
dedecms — dedecms | DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. | 2023-02-02 | not yet calculated | CVE-2022-48140 MISC |
easy_images_v2.0 — easy_images_v2.0 | Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. | 2023-02-01 | not yet calculated | CVE-2022-48161 MISC |
wavlink — wl-wn530h4 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 2023-02-03 | not yet calculated | CVE-2022-48165 MISC MISC |
rukovoditel — rukovoditel | Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. | 2023-01-30 | not yet calculated | CVE-2022-48175 MISC |
netgear — multiple_products | Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. | 2023-01-31 | not yet calculated | CVE-2022-48176 MISC MISC MISC |
wordpress — wordpress | The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4828 MISC |
jszip — jszip | loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. | 2023-01-29 | not yet calculated | CVE-2022-48285 MISC MISC MISC MISC |
gnu — tar | GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. | 2023-01-30 | not yet calculated | CVE-2022-48303 MISC MISC |
wordpress — wordpress | The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4831 MISC |
wordpress — wordpress | The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4834 MISC |
wordpress — wordpress | The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4835 MISC |
wordpress — wordpress | The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-30 | not yet calculated | CVE-2022-4837 MISC |
wordpress — wordpress | The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to ‘no’ | 2023-01-30 | not yet calculated | CVE-2022-4872 MISC |
octopus_deploy — octopus_server | In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS | 2023-01-31 | not yet calculated | CVE-2022-4898 MISC |
wordpress — wordpress | The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-01-30 | not yet calculated | CVE-2023-0033 MISC |
wordpress — wordpress | The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-01-30 | not yet calculated | CVE-2023-0071 MISC |
wordpress — wordpress | The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-01-30 | not yet calculated | CVE-2023-0074 MISC |
wordpress — wordpress | The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-01-30 | not yet calculated | CVE-2023-0097 MISC |
delta_electronics — dopsoft | Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | 2023-02-03 | not yet calculated | CVE-2023-0123 MISC |
delta_electronics — dopsoft | Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | 2023-02-03 | not yet calculated | CVE-2023-0124 MISC |
linux — kernel | There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. | 2023-01-30 | not yet calculated | CVE-2023-0240 MISC MISC MISC |
wordpress — wordpress | The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-02-02 | not yet calculated | CVE-2023-0253 MISC MISC MISC |
linux — kernel | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e | 2023-01-30 | not yet calculated | CVE-2023-0266 MISC MISC MISC |
editorconfig — editorconfig_c_core | A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. | 2023-02-01 | not yet calculated | CVE-2023-0341 MISC MISC |
trellix — data_loss_prevention | The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | 2023-02-02 | not yet calculated | CVE-2023-0400 MISC |
orangescrum — orangescrum | OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. | 2023-02-01 | not yet calculated | CVE-2023-0454 MISC MISC |
google — chrome | Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-01-30 | not yet calculated | CVE-2023-0471 MISC MISC |
google — chrome | Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-01-30 | not yet calculated | CVE-2023-0472 MISC MISC |
google — chrome | Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-30 | not yet calculated | CVE-2023-0473 MISC MISC |
google — chrome | Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) | 2023-01-30 | not yet calculated | CVE-2023-0474 MISC MISC |
vim — vim | Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. | 2023-01-30 | not yet calculated | CVE-2023-0512 MISC CONFIRM |
tenable — multiple_products | As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | 2023-02-01 | not yet calculated | CVE-2023-0524 MISC |
yafnet — yafnet | A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. | 2023-01-27 | not yet calculated | CVE-2023-0549 MISC MISC MISC MISC MISC MISC |
wordpress — wordpress | The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts. | 2023-01-27 | not yet calculated | CVE-2023-0550 MISC MISC MISC |
wordpress — wordpress | The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-01-27 | not yet calculated | CVE-2023-0553 MISC MISC MISC |
wordpress — wordpress | The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-01-27 | not yet calculated | CVE-2023-0554 MISC MISC MISC |
wordpress — wordpress | The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration. | 2023-01-27 | not yet calculated | CVE-2023-0555 MISC MISC MISC |
wordpress — wordpress | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin’s contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating. | 2023-01-27 | not yet calculated | CVE-2023-0556 MISC MISC MISC |
wordpress — wordpress | The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts. | 2023-01-27 | not yet calculated | CVE-2023-0557 MISC MISC MISC |
wordpress — wordpress | The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. | 2023-01-27 | not yet calculated | CVE-2023-0558 MISC MISC MISC |
froxlor — froxlor | Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-01-29 | not yet calculated | CVE-2023-0565 CONFIRM MISC |
froxlor — froxlor | Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-01-29 | not yet calculated | CVE-2023-0566 CONFIRM MISC |
publify — publify | Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. | 2023-01-29 | not yet calculated | CVE-2023-0569 CONFIRM MISC |
sourcecodester — online_tours_&_travels_management_system | A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability. | 2023-01-29 | not yet calculated | CVE-2023-0570 MISC MISC MISC |
sourcecodester — canteen_management_system | A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability. | 2023-01-29 | not yet calculated | CVE-2023-0571 MISC MISC MISC |
froxlor — froxlor | Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-01-29 | not yet calculated | CVE-2023-0572 CONFIRM MISC |
yugabyte — yugabyte | Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0. | 2023-02-02 | not yet calculated | CVE-2023-0576 MISC |
wordpress — wordpress | The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack. | 2023-01-30 | not yet calculated | CVE-2023-0581 MISC MISC |
tenable — micro_apex_one_server_build | A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. | 2023-02-01 | not yet calculated | CVE-2023-0587 MISC |
ubireader — ubireader | ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it’s possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5. | 2023-01-31 | not yet calculated | CVE-2023-0591 MISC MISC |
jefferson — jffs2 | A path traversal vulnerability affects jefferson’s JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. | 2023-01-31 | not yet calculated | CVE-2023-0592 MISC MISC |
yaffshiv –yaffshiv |
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. | 2023-01-31 | not yet calculated | CVE-2023-0593 MISC MISC |
rapid7 — metasploit_pro | Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. | 2023-02-01 | not yet calculated | CVE-2023-0599 MISC |
ampache — ampache | Cross-site Scripting (XSS) – Reflected in GitHub repository ampache/ampache prior to 5.5.7. | 2023-02-01 | not yet calculated | CVE-2023-0606 MISC CONFIRM |
projectsend — projectsend | Cross-site Scripting (XSS) – Stored in GitHub repository projectsend/projectsend prior to r1606. | 2023-02-01 | not yet calculated | CVE-2023-0607 MISC CONFIRM |
microweber — microweber | Cross-site Scripting (XSS) – DOM in GitHub repository microweber/microweber prior to 1.3.2. | 2023-02-01 | not yet calculated | CVE-2023-0608 MISC CONFIRM |
wallabag — wallabag | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | 2023-02-01 | not yet calculated | CVE-2023-0609 MISC CONFIRM |
wallabag — wallabag | Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | 2023-02-01 | not yet calculated | CVE-2023-0610 MISC CONFIRM |
trendnet — tew-652brp_3.04b01 | A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935. | 2023-02-01 | not yet calculated | CVE-2023-0611 MISC MISC |
trendnet — tew-811dru | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936. | 2023-02-01 | not yet calculated | CVE-2023-0612 MISC MISC |
trendnet — tew-811dru | A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability. | 2023-02-01 | not yet calculated | CVE-2023-0613 MISC MISC |
trendnet — tew-811dru | A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability. | 2023-02-01 | not yet calculated | CVE-2023-0617 MISC MISC |
trendnet — tew-652brp_3.04b01 | A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability. | 2023-02-01 | not yet calculated | CVE-2023-0618 MISC MISC |
wordpress — wordpress | The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations. | 2023-02-01 | not yet calculated | CVE-2023-0619 MISC MISC |
shadow-utils — shadow-utils | An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command. | 2023-02-02 | not yet calculated | CVE-2023-0634 MISC MISC MISC MISC |
trendnet — tew-811dru | A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0637 MISC MISC |
trendnet — tew-811dru | A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0638 MISC MISC |
trendnet — tew-652brp_3.04b01 | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. | 2023-02-02 | not yet calculated | CVE-2023-0639 MISC MISC |
trendnet — tew-652brp_3.04b01 | A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. | 2023-02-02 | not yet calculated | CVE-2023-0640 MISC MISC |
phpgurukul — employee_leaves_management_system | A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0641 MISC MISC MISC |
squidex — squidex | Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. | 2023-02-02 | not yet calculated | CVE-2023-0642 MISC CONFIRM |
squidex — squidex | Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. | 2023-02-02 | not yet calculated | CVE-2023-0643 CONFIRM MISC |
dst-admin — dst-admin | A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0646 MISC MISC MISC |
dst-admin — dst-admin | A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0647 MISC MISC MISC |
dst-admin — dst-admin | A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. | 2023-02-02 | not yet calculated | CVE-2023-0648 MISC MISC MISC |
dst-admin — dst-admin | A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. | 2023-02-02 | not yet calculated | CVE-2023-0649 MISC MISC MISC |
yafnet — yafnet | A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0650 MISC MISC MISC MISC MISC MISC |
fastcms — fastcms | A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability. | 2023-02-02 | not yet calculated | CVE-2023-0651 MISC MISC MISC MISC |
multilaser — re057/ re170 | A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. | 2023-02-03 | not yet calculated | CVE-2023-0658 MISC MISC |
bdcom — 1704-wgl | A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. | 2023-02-03 | not yet calculated | CVE-2023-0659 MISC MISC |
calendar_event_management_system — calendar_event_management_system | A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175. | 2023-02-03 | not yet calculated | CVE-2023-0663 MISC MISC MISC |
froxlor — froxlor | Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-02-04 | not yet calculated | CVE-2023-0671 CONFIRM MISC |
sourcecodester — online_eyewear_shop | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195. | 2023-02-04 | not yet calculated | CVE-2023-0673 MISC MISC |
xxl-job — xxl-job | A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | 2023-02-04 | not yet calculated | CVE-2023-0674 MISC MISC MISC |
calendar_event_management_system — calendar_event_management_system | A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2023-0675 MISC MISC MISC |
phpipam — phpipam | Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | 2023-02-04 | not yet calculated | CVE-2023-0676 MISC CONFIRM |
phpipam — phpipam | Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | 2023-02-04 | not yet calculated | CVE-2023-0677 CONFIRM MISC |
phpipam — phpipam | Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | 2023-02-04 | not yet calculated | CVE-2023-0678 MISC CONFIRM |
vmware — workstation | VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim’s machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. | 2023-02-03 | not yet calculated | CVE-2023-20854 MISC |
vmware — vrealize_operations | VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. | 2023-02-01 | not yet calculated | CVE-2023-20856 MISC |
f5 — big-ip | On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22281 MISC |
f5 — apm_clients | On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22283 MISC |
f5 — big-ip | In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22302 MISC |
snap_one — wattbox_wb-300-ip-3 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code. | 2023-01-30 | not yet calculated | CVE-2023-22315 MISC |
omron — cx-motion_pro | Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. | 2023-01-30 | not yet calculated | CVE-2023-22322 MISC |
f5 — big-ip | In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22323 MISC |
contec — conprosys_hmi_system | SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. | 2023-01-30 | not yet calculated | CVE-2023-22324 MISC MISC MISC |
f5 — big-ip | In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22326 MISC |
pgpool_globabl_development_group — pgpool-ii | Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user’s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. | 2023-01-30 | not yet calculated | CVE-2023-22332 MISC MISC |
first_net_japan — easymail | Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. | 2023-01-30 | not yet calculated | CVE-2023-22333 MISC MISC |
f5 — big-ip | On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22340 MISC |
f5 — big-ip |
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to ‘/’ * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22341 MISC |
f5 — apm_clients |
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22358 MISC |
f5 — big-ip |
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22374 MISC |
snap_one – wattbox_wb-300-ip-3 |
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file. | 2023-01-30 | not yet calculated | CVE-2023-22389 MISC |
f5 — big-ip |
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22418 MISC |
f5 — big-ip |
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22422 MISC |
parse_server — parse_server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn’t run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`. | 2023-02-03 | not yet calculated | CVE-2023-22474 MISC MISC |
atlassian — jira | An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account. | 2023-02-01 | not yet calculated | CVE-2023-22501 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | 2023-02-01 | not yet calculated | CVE-2023-22572 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. | 2023-02-01 | not yet calculated | CVE-2023-22573 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.0.0.x – 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. | 2023-02-01 | not yet calculated | CVE-2023-22574 MISC |
dell — powerscale_onefs | Dell PowerScale OneFS 9.0.0.x – 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. | 2023-02-01 | not yet calculated | CVE-2023-22575 MISC |
ecostruxure — geo_scada_expert | A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 – 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) | 2023-01-31 | not yet calculated | CVE-2023-22610 MISC |
ecostruxure — geo_scada_expert | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 – 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) | 2023-01-31 | not yet calculated | CVE-2023-22611 MISC |
f5 — f5os | On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22657 MISC |
f5 — big-ip | On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22664 MISC |
wireapp — wire-server | wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds. | 2023-01-28 | not yet calculated | CVE-2023-22737 MISC MISC MISC MISC |
ckan — ckan | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn’t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images). | 2023-02-03 | not yet calculated | CVE-2023-22746 MISC MISC MISC |
f5 — big-ip | On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22839 MISC |
f5 — big-ip | On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-22842 MISC |
apache_software — apache_sling_app | An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | 2023-02-04 | not yet calculated | CVE-2023-22849 MISC |
jfinal_cms — jfinal_cms | jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). | 2023-02-03 | not yet calculated | CVE-2023-22975 MISC |
zoho — manageengine_servicedesk_plus | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. | 2023-02-01 | not yet calculated | CVE-2023-23073 MISC |
zoho — manageengine_servicedesk_plus | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. | 2023-02-01 | not yet calculated | CVE-2023-23074 MISC |
zoho — asset_explorer | Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. | 2023-02-01 | not yet calculated | CVE-2023-23075 MISC |
zoho — support_center | OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. | 2023-02-01 | not yet calculated | CVE-2023-23076 MISC |
zoho — manageengine_servicedesk_plus | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. | 2023-02-01 | not yet calculated | CVE-2023-23077 MISC |
zoho — manageengine_servicedesk_plus | Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. | 2023-02-01 | not yet calculated | CVE-2023-23078 MISC |
kodi — home_theater_software | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. | 2023-02-03 | not yet calculated | CVE-2023-23082 MISC MISC MISC MISC MISC |
mojojson — mojojson | Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. | 2023-02-03 | not yet calculated | CVE-2023-23086 MISC |
mojojson — mojojson | An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. | 2023-02-03 | not yet calculated | CVE-2023-23087 MISC |
json-parser — json-parser | Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. | 2023-02-03 | not yet calculated | CVE-2023-23088 MISC |
netgear — multiple_products | An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. | 2023-02-02 | not yet calculated | CVE-2023-23110 MISC MISC MISC MISC MISC MISC MISC MISC MISC MISC |
ubiquiti — airfiber_af2x_radio | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | 2023-02-02 | not yet calculated | CVE-2023-23119 MISC MISC |
trendnet — tv-ip651wi | The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. | 2023-02-02 | not yet calculated | CVE-2023-23120 MISC MISC |
selfwealth — ios_mobile_app_3.3.1 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. | 2023-02-01 | not yet calculated | CVE-2023-23131 MISC |
selfwealth — ios_mobile_app_3.3.1 | Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. | 2023-02-01 | not yet calculated | CVE-2023-23132 MISC |
ftdms — ftdms | An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. | 2023-02-01 | not yet calculated | CVE-2023-23135 MISC |
lmxcms — lmxcms | lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. | 2023-02-01 | not yet calculated | CVE-2023-23136 MISC |
ibm — automation_decision_services | IBM ICP4A – Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. | 2023-02-01 | not yet calculated | CVE-2023-23469 MISC MISC |
ibm — websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | 2023-02-03 | not yet calculated | CVE-2023-23477 MISC MISC |
f5 — big-ip | On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-23552 MISC |
f5 — big-ip |
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2023-02-01 | not yet calculated | CVE-2023-23555 MISC |
snap_one — wattbox_wb-300-ip-3 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. | 2023-01-30 | not yet calculated | CVE-2023-23582 MISC |
discourse — discourse | Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | 2023-02-03 | not yet calculated | CVE-2023-23615 MISC |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. | 2023-01-28 | not yet calculated | CVE-2023-23616 MISC CONFIRM MISC MISC |
openmage_lts — openmage_lts | OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. | 2023-01-28 | not yet calculated | CVE-2023-23617 MISC MISC MISC MISC |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-01-28 | not yet calculated | CVE-2023-23620 CONFIRM MISC MISC |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. | 2023-01-28 | not yet calculated | CVE-2023-23621 MISC MISC MISC |
discourse — discourse | Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use. | 2023-01-28 | not yet calculated | CVE-2023-23624 MISC MISC MISC |
sanitize — sanitize | Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize’s default configs or by ensuring that their custom config does not include `noscript` in the element allowlist. | 2023-01-28 | not yet calculated | CVE-2023-23627 MISC |
metabase — metabase | Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn’t be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds. | 2023-01-28 | not yet calculated | CVE-2023-23628 MISC |
metabase — metabase | Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the “Subscriptions and Alerts” permission for groups that have restricted data permissions, as a workaround. | 2023-01-28 | not yet calculated | CVE-2023-23629 MISC |
eta_dev — eta | Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack – anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don’t pass user supplied things directly to `res.render`. | 2023-02-01 | not yet calculated | CVE-2023-23630 MISC MISC MISC |
jellyfin — jellyfin-web | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | 2023-02-03 | not yet calculated | CVE-2023-23635 MISC MISC MISC |
jellyfin — jellyfin-web | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | 2023-02-03 | not yet calculated | CVE-2023-23636 MISC MISC MISC |
dell — data_domain | Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. | 2023-02-01 | not yet calculated | CVE-2023-23692 MISC |
joomla!_project — joomla!_cms | An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. | 2023-02-01 | not yet calculated | CVE-2023-23750 MISC |
joomla!_project — joomla!_cms | An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. | 2023-02-01 | not yet calculated | CVE-2023-23751 MISC |
open5gs — open5gs | Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C | 2023-02-01 | not yet calculated | CVE-2023-23846 MISC |
dompdf — dompdf | Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available. | 2023-02-01 | not yet calculated | CVE-2023-23924 MISC MISC MISC |
switcherapie — switcher-client-master | Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. | 2023-02-03 | not yet calculated | CVE-2023-23925 MISC MISC |
reason-jose — reason-jose | reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2. | 2023-02-01 | not yet calculated | CVE-2023-23928 MISC MISC MISC |
opendds — opendds | OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. | 2023-02-03 | not yet calculated | CVE-2023-23932 MISC MISC |
opensearch-project — anomaly-detection | OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue. | 2023-02-03 | not yet calculated | CVE-2023-23933 MISC |
pimcore — pimcore | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. | 2023-02-03 | not yet calculated | CVE-2023-23937 MISC MISC |
onezeppelin — cairo-contracts | OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1. | 2023-02-03 | not yet calculated | CVE-2023-23940 MISC MISC |
shopware — swagpaypal | SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21. | 2023-02-03 | not yet calculated | CVE-2023-23941 MISC MISC |
djangoproject — django | In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | 2023-02-01 | not yet calculated | CVE-2023-23969 MISC CONFIRM MISC MLIST |
snap_one — wattbox_wb-300-ip-3 | Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. | 2023-01-30 | not yet calculated | CVE-2023-24020 MISC |
progress — ws_ftp | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 2023-02-03 | not yet calculated | CVE-2023-24029 MISC MISC |
wordpress — wordpress | NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. | 2023-01-29 | not yet calculated | CVE-2023-24065 MISC MISC MISC MISC MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | 2023-02-03 | not yet calculated | CVE-2023-24138 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | 2023-02-03 | not yet calculated | CVE-2023-24139 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | 2023-02-03 | not yet calculated | CVE-2023-24140 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | 2023-02-03 | not yet calculated | CVE-2023-24141 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | 2023-02-03 | not yet calculated | CVE-2023-24142 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | 2023-02-03 | not yet calculated | CVE-2023-24143 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | 2023-02-03 | not yet calculated | CVE-2023-24144 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | 2023-02-03 | not yet calculated | CVE-2023-24145 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | 2023-02-03 | not yet calculated | CVE-2023-24146 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. | 2023-02-03 | not yet calculated | CVE-2023-24147 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | 2023-02-03 | not yet calculated | CVE-2023-24148 MISC |
totolink — ca300-poe | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | 2023-02-03 | not yet calculated | CVE-2023-24149 MISC |
totolink — t8 | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24150 MISC |
totolink — t8 | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24151 MISC |
totolink — t8 | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24152 MISC |
totolink — t8 | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24153 MISC |
totolink — t8 | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | 2023-02-03 | not yet calculated | CVE-2023-24154 MISC |
totolink — t8 | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | 2023-02-03 | not yet calculated | CVE-2023-24155 MISC |
totolink — t8 | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24156 MISC |
totolink — t8 | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | not yet calculated | CVE-2023-24157 MISC |
dromara — hutool | Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. | 2023-01-31 | not yet calculated | CVE-2023-24162 MISC MISC |
dromara — hutool |
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine. | 2023-01-31 | not yet calculated | CVE-2023-24163 MISC |
forget_heart_message_box — forget_heart_message_box | Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. | 2023-02-01 | not yet calculated | CVE-2023-24241 MISC |
dell — enterprise_somic_os | Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an “Uncontrolled Resource Consumption vulnerability” in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users. | 2023-02-02 | not yet calculated | CVE-2023-24574 MISC |
dell — networker_nve | EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. | 2023-02-03 | not yet calculated | CVE-2023-24576 MISC |
dell — networker_nve | NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the “practice logo” upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. | 2023-02-01 | not yet calculated | CVE-2023-24610 MISC MISC MISC MISC |
pdfbook — pdfbook | The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. | 2023-01-30 | not yet calculated | CVE-2023-24612 MISC |
array_networks — ag_vxag_ui | The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. | 2023-02-03 | not yet calculated | CVE-2023-24613 MISC |
safeurl-python — safeurl-python | isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. | 2023-01-30 | not yet calculated | CVE-2023-24622 MISC |
paranoidhttp — paranoidhttp | Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. | 2023-01-30 | not yet calculated | CVE-2023-24623 MISC MISC MISC |
apache — iotdb | Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. | 2023-01-31 | not yet calculated | CVE-2023-24829 MISC |
apache — iotdb | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3. | 2023-01-30 | not yet calculated | CVE-2023-24830 MISC |
forget_heart_message_box — forget_heart_message_box | Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. | 2023-02-01 | not yet calculated | CVE-2023-24956 MISC |
apache — inlong | Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. | 2023-02-01 | not yet calculated | CVE-2023-24977 MISC |
apache — inlong | Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it. | 2023-02-01 | not yet calculated | CVE-2023-24997 MISC |
linux — kernel | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | 2023-02-02 | not yet calculated | CVE-2023-25012 MISC MISC MLIST |
typo3 — femanger_extension | An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. | 2023-02-02 | not yet calculated | CVE-2023-25013 MISC MISC |
typo3 — femanger_extension | An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. | 2023-02-02 | not yet calculated | CVE-2023-25014 MISC MISC |
clockwork_web — clockwork_web | Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. | 2023-02-02 | not yet calculated | CVE-2023-25015 MISC CONFIRM MISC |
vbulletin — vbulletin | vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. | 2023-02-03 | not yet calculated | CVE-2023-25135 MISC MISC |
openssh — openssh_server | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that “exploiting this vulnerability will not be easy.” | 2023-02-03 | not yet calculated | CVE-2023-25136 MISC MISC MISC MISC |
glibc — glibc | sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | 2023-02-03 | not yet calculated | CVE-2023-25139 MISC |
harfbuzz — harfbuzz | hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | 2023-02-04 | not yet calculated | CVE-2023-25193 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.