US-CERT Bulletin (SB23-037):Vulnerability Summary for the Week of January 30, 2023

Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
qnap — qts A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later 2023-01-30 9.8 CVE-2022-27596
MISC
changingtec — megaservisignadapter ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service. 2023-01-31 9.8 CVE-2022-39060
MISC
sscms — siteserver_cms SiteServer CMS 7.1.3 is vulnerable to SQL Injection. 2023-01-27 9.8 CVE-2022-44298
MISC
limesurvey — limesurvey An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file. 2023-01-27 9.8 CVE-2022-48008
MISC
opencats — opencats Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function. 2023-01-27 9.8 CVE-2022-48011
MISC
MISC
bank_locker_management_system_project — bank_locker_management_system A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716. 2023-01-28 9.8 CVE-2023-0562
MISC
MISC
MISC
thinking_software_technology — efence Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database. 2023-01-31 9.8 CVE-2023-22900
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-219702 is the identifier assigned to this vulnerability. 2023-01-28 8.8 CVE-2023-0561
MISC
MISC
MISC
phicomm — k2_firmware Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. 2023-01-27 7.8 CVE-2022-48070
MISC
phicomm — k2_firmware Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function. 2023-01-27 7.8 CVE-2022-48072
MISC
changingtec — megaservisignadapter
 
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files. 2023-01-31 7.5 CVE-2022-39059
MISC
phicomm — k2_firmware Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. 2023-01-27 7.5 CVE-2022-48071
MISC
phicomm — k2_firmware Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext. 2023-01-27 7.5 CVE-2022-48073
MISC
froxlor — froxlor Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-01-29 7.5 CVE-2023-0564
CONFIRM
MISC
openmage — magento OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue. 2023-01-27 7.2 CVE-2021-39217
MISC
MISC
MISC
MISC
ayacms_project — ayacms AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php. 2023-01-27 7.2 CVE-2022-48116
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability. 2023-01-28 7.2 CVE-2023-0560
MISC
MISC
MISC
Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
changingtec — megaservisignadapter ChangingTech MegaServiSignAdapter component has a vulnerability of Out-of-bounds Read due to insufficient validation for parameter length. An unauthenticated remote attacker can exploit this vulnerability to access partial sensitive content in memory and disrupts partial services. 2023-01-31 6.5 CVE-2022-39061
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability. 2023-01-27 6.3 CVE-2023-0528
MISC
MISC
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability. 2023-01-27 6.3 CVE-2023-0529
MISC
MISC
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6. 2023-01-27 6.1 CVE-2022-44024
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6. 2023-01-27 6.1 CVE-2022-44025
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6. 2023-01-27 6.1 CVE-2022-44026
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6. 2023-01-27 6.1 CVE-2022-44027
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6. 2023-01-27 6.1 CVE-2022-44028
MISC
netscout — ngeniusone An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6. 2023-01-27 6.1 CVE-2022-44029
MISC
opencats — opencats Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd. 2023-01-27 6.1 CVE-2022-48012
MISC
MISC
jorani_project — jorani Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter. 2023-01-27 6.1 CVE-2022-48118
MISC
piwigo — piwigo A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent. 2023-01-27 5.4 CVE-2022-48007
MISC
limesurvey — limesurvey LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. 2023-01-27 5.4 CVE-2022-48010
MISC
opencats — opencats Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields. 2023-01-27 5.4 CVE-2022-48013
MISC
MISC
bank_locker_management_system_project — bank_locker_management_system A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability. 2023-01-28 4.8 CVE-2023-0563
MISC
MISC
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600. 2023-01-27 4.7 CVE-2023-0531
MISC
MISC
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability. 2023-01-27 4.7 CVE-2023-0532
MISC
MISC
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability. 2023-01-27 4.7 CVE-2023-0533
MISC
MISC
MISC
online_tours_&_travels_management_system_project — online_tours_&_travels_management_system A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603. 2023-01-27 4.7 CVE-2023-0534
MISC
MISC
MISC
Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
There were no low vulnerabilities recorded this week.
Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
wordcraft — wordcraft
 
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is able to address this issue. The name of the patch is be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the affected component. VDB-219714 is the identifier assigned to this vulnerability. 2023-01-29 not yet calculated CVE-2009-10003
MISC
MISC
MISC
MISC
fanzila — webfinance A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. 2023-02-03 not yet calculated CVE-2013-10015
MISC
MISC
MISC
fanzila — webfinance A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. 2023-02-03 not yet calculated CVE-2013-10016
MISC
MISC
MISC
fanzila — webfinance A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. 2023-02-04 not yet calculated CVE-2013-10017
MISC
MISC
MISC
fanzila — webfinance A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2013-10018
MISC
MISC
MISC
nrel — api-umbrella-web A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. 2023-02-04 not yet calculated CVE-2015-10072
MISC
MISC
MISC
MISC
mosbth — cimage A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER[‘SERVER_SOFTWARE’] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is able to address this issue. The name of the patch is 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715. 2023-01-29 not yet calculated CVE-2016-15022
MISC
MISC
MISC
MISC
sitefusion — application_server A vulnerability, which was classified as problematic, was found in SiteFusion Application Server up to 6.6.6. This affects an unknown part of the file getextension.php of the component Extension Handler. The manipulation leads to path traversal. Upgrading to version 6.6.7 is able to address this issue. The name of the patch is 49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the affected component. The identifier VDB-219765 was assigned to this vulnerability. 2023-01-31 not yet calculated CVE-2016-15023
MISC
MISC
MISC
MISC
MISC
segmentio — is-url A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2018-25079
MISC
MISC
MISC
MISC
MISC
mobiledetect — mobiledetect A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2018-25080
MISC
MISC
MISC
MISC
MISC
sage — frp_1000 A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL. 2023-01-27 not yet calculated CVE-2019-25053
MISC
onshift — turbogears A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. 2023-02-04 not yet calculated CVE-2019-25101
MISC
MISC
MISC
MISC
MISC
portfoliocms — portfoliocms Westbrookadmin portfolioCMS v1.05 allows attackers to bypass password validation and access sensitive information via session fixation. 2023-01-31 not yet calculated CVE-2020-20402
MISC
mremoteng — mremoteng An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. 2023-02-02 not yet calculated CVE-2020-24307
MISC
MISC
schnieder_electric — multiple_products
 
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions) 2023-02-01 not yet calculated CVE-2021-22786
MISC
hewlett_packard — hp_pc_bios
 
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3439
MISC
phpwcms — phpwcms An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. 2023-02-03 not yet calculated CVE-2021-36424
MISC
phpwcms — phpwcms Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. 2023-02-03 not yet calculated CVE-2021-36425
MISC
phpwcms — phpwcms File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. 2023-02-03 not yet calculated CVE-2021-36426
MISC
jcoms — jcoms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. 2023-02-03 not yet calculated CVE-2021-36431
MISC
jcoms — jcoms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. 2023-02-03 not yet calculated CVE-2021-36432
MISC
jcoms — jcoms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. 2023-02-03 not yet calculated CVE-2021-36433
MISC
jcoms — jcoms SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. 2023-02-03 not yet calculated CVE-2021-36434
MISC
imcat — imcat Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. 2023-02-03 not yet calculated CVE-2021-36443
MISC
imcat — imcat Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. 2023-02-03 not yet calculated CVE-2021-36444
MISC
jizhicms — jizhicms SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. 2023-02-03 not yet calculated CVE-2021-36484
MISC
allegro — allegro Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. 2023-02-03 not yet calculated CVE-2021-36489
MISC
xpdfreader — xpdfimages Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. 2023-02-03 not yet calculated CVE-2021-36493
MISC
native-php-cms — native-php-cms SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. 2023-02-03 not yet calculated CVE-2021-36503
MISC
portfoliocms  — portfoliocms Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. 2023-02-03 not yet calculated CVE-2021-36532
MISC
cesanta_software — mjs Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. 2023-02-03 not yet calculated CVE-2021-36535
MISC
gurock_holding_gmbh — testrail Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. 2023-02-03 not yet calculated CVE-2021-36538
MISC
tcpms — tcpms Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. 2023-02-03 not yet calculated CVE-2021-36544
MISC
tcpms — tcpms Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. 2023-02-03 not yet calculated CVE-2021-36545
MISC
kitecms — kitecms Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. 2023-02-03 not yet calculated CVE-2021-36546
MISC
fuel-cms — fuel-cms Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. 2023-02-03 not yet calculated CVE-2021-36569
MISC
fuel-cms — fuel-cms Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2—. 2023-02-03 not yet calculated CVE-2021-36570
MISC
yzmcms — yzmcms Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. 2023-02-03 not yet calculated CVE-2021-36712
MISC
MISC
modern_honey_network — modern_honey_network Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. 2023-02-03 not yet calculated CVE-2021-37234
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. 2023-02-03 not yet calculated CVE-2021-37304
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. 2023-02-03 not yet calculated CVE-2021-37305
MISC
jeecg — jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. 2023-02-03 not yet calculated CVE-2021-37306
MISC
fcitx5 — fcitx5 Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application’s listening port. 2023-02-03 not yet calculated CVE-2021-37311
MISC
MISC
asus — rt-ac68u Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations. 2023-02-03 not yet calculated CVE-2021-37315
MISC
asus — rt-ac68u SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. 2023-02-03 not yet calculated CVE-2021-37316
MISC
asus — rt-ac68u Directory Traversal vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the target for COPY and MOVE operations. 2023-02-03 not yet calculated CVE-2021-37317
MISC
pbootcms — pbootcms SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. 2023-02-03 not yet calculated CVE-2021-37497
MISC
MISC
hdfgroup — hdf5-h5dump Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. 2023-02-03 not yet calculated CVE-2021-37501
MISC
MISC
automad — automad Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. 2023-02-03 not yet calculated CVE-2021-37502
MISC
vimium_extension — vimium_extension Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. 2023-02-03 not yet calculated CVE-2021-37518
MISC
MISC
memcached — memcached Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. 2023-02-03 not yet calculated CVE-2021-37519
MISC
MISC
hp — bios Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3808
MISC
hp — bios Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3809
MISC
nyuccl — psiturk A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676. 2023-01-28 not yet calculated CVE-2021-4315
MISC
MISC
MISC
MISC
MISC
wireguard — wireguard WireGuard, such as WireGuard 0.5.3 on Windows, does not fully account for the possibility that an adversary might be able to set a victim’s system time to a future value, e.g., because unauthenticated NTP is used. This can lead to an outcome in which one static private key becomes permanently useless. 2023-01-29 not yet calculated CVE-2021-46873
MISC
schneider_electric — ecostruxure_power_commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause unauthenticated code execution. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) 2023-01-30 not yet calculated CVE-2022-0223
MISC
nemo-appium — nemo-appium Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the ‘module.exports.setup’ function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. 2023-01-31 not yet calculated CVE-2022-21129
MISC
MISC
MISC
ibm — tivoli_workload_scheduler IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. 2023-02-03 not yet calculated CVE-2022-22486
MISC
MISC
schneider_electric — ecostruxure_power_commission A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists in a function that could allow an attacker to create or overwrite critical files that are used to execute code, such as programs or libraries and cause path traversal attacks. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) 2023-01-30 not yet calculated CVE-2022-22731
MISC
schneider_electric — ecostruxure_power_commission A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) 2023-01-30 not yet calculated CVE-2022-22732
MISC
schneider_electric — igss_data_server A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22073) 2023-02-01 not yet calculated CVE-2022-2329
MISC
ip-label — newtest The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing NEWTESTREMOTEMANAGER.EXE. 2023-01-30 not yet calculated CVE-2022-23334
MISC
MISC
MISC
hp_inc — hp_support_assistant Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. 2023-02-01 not yet calculated CVE-2022-23453
MISC
hp_inc — hp_support_assistant Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. 2023-02-01 not yet calculated CVE-2022-23454
MISC
hp_inc — hp_support_assistant Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. 2023-02-01 not yet calculated CVE-2022-23455
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. 2023-02-03 not yet calculated CVE-2022-23498
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren’t properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the `data:` scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. 2023-01-27 not yet calculated CVE-2022-23552
MISC
MISC
MISC
MISC
MISC
schneider_electric – igss_data_server_igssdataserverexe A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22073) 2023-02-01 not yet calculated CVE-2022-24324
MISC
symfony — symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4. 2023-02-03 not yet calculated CVE-2022-24894
MISC
MISC
symfony — symfony Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. 2023-02-03 not yet calculated CVE-2022-24895
MISC
MISC
MISC
MISC
apache — portable_runtime_utility
 
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. 2023-01-31 not yet calculated CVE-2022-24963
MISC
apache — portable_runtime_utility Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. 2023-01-31 not yet calculated CVE-2022-25147
MISC
wordpress — wordpress The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key 2023-02-02 not yet calculated CVE-2022-2546
MISC
cache_semantics — cache_semantics This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library. 2023-01-31 not yet calculated CVE-2022-25881
MISC
MISC
MISC
snyk — is-http2 All versions of the package is-http2 are vulnerable to Command Injection due to missing input sanitization or other checks, and sandboxes being employed to the isH2 function. 2023-02-01 not yet calculated CVE-2022-25906
MISC
MISC
snyk — mt7688-wiscan Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the ‘wiscan.scan’ function. 2023-02-01 not yet calculated CVE-2022-25916
MISC
MISC
MISC
snyk — servst Versions of the package servst before 2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the filePath variable. 2023-01-30 not yet calculated CVE-2022-25936
MISC
MISC
MISC
snyk — eta Versions of the package eta before 2.0.0 are vulnerable to Remote Code Execution (RCE) by overwriting template engine configuration variables with view options received from The Express render API. **Note:** This is exploitable only for users who are rendering templates with user-defined data. 2023-01-30 not yet calculated CVE-2022-25967
MISC
MISC
MISC
MISC
snyk — jsuites Versions of the package jsuites before 5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization in the Editor() function. 2023-01-31 not yet calculated CVE-2022-25979
MISC
MISC
MISC
MISC
ami — megarac_spx-12 AMI Megarac Password reset interception via API 2023-01-30 not yet calculated CVE-2022-26872
MISC
hp — bios Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2022-27537
MISC
hp — bios A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. 2023-02-01 not yet calculated CVE-2022-27538
MISC
apache — portable_runtime_utility On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow. 2023-01-31 not yet calculated CVE-2022-28331
MISC
schneider_electric — somachine_hvac A CWE-787: Out-of-bounds Write vulnerability exists that could cause sensitive information leakage when accessing a malicious web page from the commissioning software. Affected Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert – HVAC (Versions prior to V1.4.0) 2023-01-30 not yet calculated CVE-2022-2988
MISC
toshiba — storage_security_software Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. 2023-01-31 not yet calculated CVE-2022-30421
MISC
MISC
MISC
MISC
landisgyr – e850_zmq200 All versions of Landis+Gyr E850 (ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and Integrity. The device’s web application navigation depends on the value of the session cookie. The web application could become inaccessible for the user if an attacker changes the cookie values. 2023-02-01 not yet calculated CVE-2022-3083
MISC
bestechnic — bluetooth_mesh_sdk In Bestechnic Bluetooth Mesh SDK (BES2300) V1.0, a buffer overflow vulnerability can be triggered during provisioning, because there is no check for the SegN field of the Transaction Start PDU. 2023-02-01 not yet calculated CVE-2022-30904
MISC
cypress — bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. 2023-02-01 not yet calculated CVE-2022-31363
MISC
cypress — bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. 2023-02-01 not yet calculated CVE-2022-31364
MISC
cloud_foundry — diego/cf_deployment
 
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate. 2023-02-03 not yet calculated CVE-2022-31733
MISC
notepad++ — notepad++ Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). 2023-02-01 not yet calculated CVE-2022-31902
MISC
MISC
dell — bios Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. 2023-02-01 not yet calculated CVE-2022-32482
MISC
schneider_electric — canbrass A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause remote code execution when a command which exploits this vulnerability is utilized. Affected Products: CanBRASS (Versions prior to V7.5.1) 2023-01-30 not yet calculated CVE-2022-32512
MISC
schneider_electric — multiple_products A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0) 2023-01-30 not yet calculated CVE-2022-32513
MISC
schneider_electric — multiple_products A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to gain control of the device when logging into a web page. Affected Products: C-Bus Network Automation Controller – LSS5500NAC (Versions prior to V1.10.0), Wiser for C-Bus Automation Controller – LSS5500SHAC (Versions prior to V1.10.0), Clipsal C-Bus Network Automation Controller – 5500NAC (Versions prior to V1.10.0), Clipsal Wiser for C-Bus Automation Controller – 5500SHAC (Versions prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller – 5500NAC2 (Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller – 5500AC2 (Versions prior to V1.10.0) 2023-01-30 not yet calculated CVE-2022-32514
MISC
schneider_electric — context_combox A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause brute force attacks to take over the admin account when the product does not implement a rate limit mechanism on the admin authentication form. Affected Products: Conext™ ComBox (All Versions) 2023-01-30 not yet calculated CVE-2022-32515
MISC
schneider_electric — context_combox A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s configurations override and cause a reboot loop when the product suffers from POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox (All Versions) 2023-01-30 not yet calculated CVE-2022-32516
MISC
schneider_electric — context_combox A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause an adversary to trick the interface user/admin into interacting with the application in an unintended way when the product does not implement restrictions on the ability to render within frames on external addresses. Affected Products: Conext™ ComBox (All Versions) 2023-01-30 not yet calculated CVE-2022-32517
MISC
schneider_electric — data_center_expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated CVE-2022-32518
MISC
schneider_electric — data_center_expert A CWE-257: Storing Passwords in a Recoverable Format vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. Affected Products: Data Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated CVE-2022-32519
MISC
schneider_electric — data_center_expert A CWE-522: Insufficiently Protected Credentials vulnerability exists that could result in unwanted access to a DCE instance when performed over a network by a malicious third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated CVE-2022-32520
MISC
schneider_electric — data_center_expert A CWE 502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated CVE-2022-32521
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted mathematically reduced data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32522
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted online data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32523
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted time reduced data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32524
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32525
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted setting value messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32526
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted alarm cache data messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32527
MISC
schneider_electric — igss_data_server A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause access to manipulate and read files in the IGSS project report directory when an attacker sends specific messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32528
MISC
schneider_electric — igss_data_server A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server – IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32529
MISC
schneider_electric — ecostruxure_cybersecurity_admin_expert
 
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate users to be locked out of devices or facilitate backdoor account creation by spoofing a device on the local network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) 2023-01-30 not yet calculated CVE-2022-32747
MISC
schneider_electric — ecostruxure_cybersecurity_admin_expert A CWE-295: Improper Certificate Validation vulnerability exists that could cause the CAE software to give wrong data to end users when using CAE to configure devices. Additionally, credentials could leak which would enable an attacker the ability to log into the configuration tool and compromise other devices in the network. Affected Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) 2023-01-30 not yet calculated CVE-2022-32748
MISC
btcpay_server — btcpay_server BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn’t using the internal lightning node, the credentials of a lightning node are exposed. 2023-01-31 not yet calculated CVE-2022-32984
MISC
mitsubishi_electric_corporation — multiple_products Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric’s advisory which is listed in [References] section. 2023-02-02 not yet calculated CVE-2022-33323
MISC
MISC
MISC
biltema — ip/baby_camera_software Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. 2023-02-03 not yet calculated CVE-2022-34138
MISC
MISC
dell – openmanage_server_administrator Dell OpenManage Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL Injection Vulnerability. A local low privileged authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary executable on the operating system with elevated privileges. Exploitation may lead to a complete system compromise. 2023-02-01 not yet calculated CVE-2022-34396
MISC
dell — bios
 
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system. 2023-02-01 not yet calculated CVE-2022-34398
MISC
dell — bios
 
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM. 2023-02-01 not yet calculated CVE-2022-34400
MISC
dell — bios
 
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM. 2023-02-01 not yet calculated CVE-2022-34403
MISC
dell — rugged _control_center Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. 2023-02-01 not yet calculated CVE-2022-34443
MISC
dell — multiple_products Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. 2023-02-01 not yet calculated CVE-2022-34458
MISC
dell — multiple_products Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution. 2023-02-01 not yet calculated CVE-2022-34459
MISC
lenovo — xclarity_controller A buffer overflow exists in the Remote Presence subsystem which can potentially allow valid, authenticated users to cause a recoverable subsystem denial of service. 2023-01-30 not yet calculated CVE-2022-34884
MISC
motorola — mr2600 An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. 2023-01-30 not yet calculated CVE-2022-34885
MISC
lenovo — xclarity_controller The Remote Mount feature can potentially be abused by valid, authenticated users to make connections to internal services that may not normally be accessible to users. Internal service access controls, as applicable, remain in effect. 2023-01-30 not yet calculated CVE-2022-34888
MISC
pesign — pesign A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the ‘pesign’ group. However, the script doesn’t check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack. 2023-02-02 not yet calculated CVE-2022-3560
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions. 2023-02-02 not yet calculated CVE-2022-36401
MISC
dotcms — tempfileapi In dotCMS 5.x-22.06, TempFileAPI allows a user to create a temporary file based on a passed in URL, while attempting to block any SSRF access to local IP addresses or private subnets. In resolving this URL, the TempFileAPI follows any 302 redirects that the remote URL returns. Because there is no re-validation of the redirect URL, the TempFileAPI can be used to return data from those local/private hosts that should not be accessible remotely. 2023-02-01 not yet calculated CVE-2022-37033
MISC
dotcms — tempfileresource
 
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests. 2023-02-01 not yet calculated CVE-2022-37034
MISC
docker — docker Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container. 2023-01-31 not yet calculated CVE-2022-37708
MISC
MISC
MISC
ibm — trivoli_workload_scheduler IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. 2023-02-03 not yet calculated CVE-2022-38389
MISC
MISC
talos — freshtomato A directory traversal vulnerability exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. 2023-01-30 not yet calculated CVE-2022-38451
MISC
rapid7 — multiple_products Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the legitimate endpoint. The attacker would need some pre-existing access to at least one node on the network path between the Rapid7-controlled update server and the Nexpose/InsightVM application, and the ability to either spoof the update server’s FQDN or redirect legitimate traffic to the attacker’s server in order to exploit this vulnerability. Note that even in this scenario, an attacker could not normally replace an update package with a malicious package, since the update process validates a separate, code-signing certificate, distinct from the HTTPS certificate used for communication. This issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and InsightVM. 2023-02-01 not yet calculated CVE-2022-3913
MISC
MISC
grafana — grafana Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the `originalUrl` parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The `Open original dashboard` button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8. 2023-01-27 not yet calculated CVE-2022-39324
MISC
MISC
MISC
MISC
MISC
wire — web-app Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result. 2023-01-27 not yet calculated CVE-2022-39380
MISC
italtel — netmatch-s_ci Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity). 2023-01-27 not yet calculated CVE-2022-39811
MISC
italtel — netmatch-s_ci Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server. 2023-01-27 not yet calculated CVE-2022-39812
MISC
italtel — netmatch-s_ci Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it. 2023-01-27 not yet calculated CVE-2022-39813
MISC
hewlett_packard — hpfsviewer HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation. 2023-02-01 not yet calculated CVE-2022-3990
MISC
lenovo — multiple_products An information leak vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. 2023-01-30 not yet calculated CVE-2022-40134
MISC
lenovo — multiple_products An information leak vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. 2023-01-30 not yet calculated CVE-2022-40135
MISC
lenovo — multiple_products An information leak vulnerability in SMI Handler used to configure platform settings over WMI in some Lenovo models may allow an attacker with local access and elevated privileges to read SMM memory. 2023-01-30 not yet calculated CVE-2022-40136
MISC
lenovo — multiple_products A buffer overflow in the WMI SMI Handler in some Lenovo models may allow an attacker with local access and elevated privileges to execute arbitrary code. 2023-01-30 not yet calculated CVE-2022-40137
MISC
ami — megarac AMI Megarac Weak password hashes for Redfish & API 2023-01-31 not yet calculated CVE-2022-40258
MISC
mitsubishi_electric — multiple_products Improper Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to lead legitimate users to perform unintended operations through clickjacking. 2023-02-02 not yet calculated CVE-2022-40268
MISC
MISC
mitsubishi_electric — multiple_products Authentication Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows a remote unauthenticated attacker to disclose sensitive information from users’ browsers or spoof legitimate users by abusing inappropriate HTML attributes. 2023-02-02 not yet calculated CVE-2022-40269
MISC
MISC
hitachi — storage_plug-in_for_vmware_vcenter Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1. 2023-01-31 not yet calculated CVE-2022-4041
MISC
schneider_electric — ecostruxure_power_commission A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) 2023-02-01 not yet calculated CVE-2022-4062
MISC
wordpress — wordpress
 
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. 2023-02-02 not yet calculated CVE-2022-40692
MISC
gitlab — gitlab A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner. 2023-01-27 not yet calculated CVE-2022-4201
CONFIRM
MISC
gitlab — gitlab In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash. 2023-01-27 not yet calculated CVE-2022-4205
MISC
CONFIRM
gitlab — gitlab A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report 2023-02-01 not yet calculated CVE-2022-4206
CONFIRM
MISC
talos — freshtomato An OS command injection vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato 2022.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. 2023-01-30 not yet calculated CVE-2022-42484
MISC
sssd — sssd sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters 2023-02-01 not yet calculated CVE-2022-4254
MISC
MISC
MISC
MISC
gitlab — gitlab An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload. 2023-01-27 not yet calculated CVE-2022-4255
MISC
CONFIRM
wepa — print_away WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions. 2023-02-03 not yet calculated CVE-2022-42908
CONFIRM
CONFIRM
wepa — print_away WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. 2023-02-03 not yet calculated CVE-2022-42909
CONFIRM
CONFIRM
schneider_electric — multiple_products A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42970
MISC
schneider_electric — multiple_products
 
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could cause remote code execution when the attacker uploads a malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42971
MISC
schneider_electric — multiple_products A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42972
MISC
schneider_electric — multiple_products A CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause local privilege escalation when local attacker connects to the database. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 – Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 – Versions prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42973
MISC
wordpress — wordpress The Panda Pods Repeater Field WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a user having at least Contributor permission. 2023-01-30 not yet calculated CVE-2022-4306
MISC
estsoft — alyac A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. 2023-02-02 not yet calculated CVE-2022-43665
MISC
ibm — app_connect_enterprise_certified_container IBM App Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and 6.2 could disclose sensitive information to an attacker due to a weak hash of an API Key in the configuration. IBM X-Force ID: 241583. 2023-02-01 not yet calculated CVE-2022-43922
MISC
MISC
wordpress — wordpress The Membership For WooCommerce WordPress plugin before 2.1.7 does not validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as malicious PHP code, and achieve RCE. 2023-01-30 not yet calculated CVE-2022-4395
MISC
pandora_fms — pandora_fms There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. 2023-01-27 not yet calculated CVE-2022-43978
CONFIRM
pandora_fms — pandora_fms There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution. 2023-01-27 not yet calculated CVE-2022-43979
CONFIRM
pandora_fms — pandora_fms There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie. 2023-01-27 not yet calculated CVE-2022-43980
CONFIRM
hitachi — storage_plug-in_for_vmware_vcenter Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1. 2023-01-31 not yet calculated CVE-2022-4441
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions. 2023-02-02 not yet calculated CVE-2022-44585
MISC
apache — linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3 2023-01-31 not yet calculated CVE-2022-44644
MISC
apache — linkis In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users to upgrade the version of Linkis to version 1.3.1. 2023-01-31 not yet calculated CVE-2022-44645
MISC
wordpress — wordpress The Widgets for Google Reviews WordPress plugin before 9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4470
MISC
wordpress — wordpress The Simple Sitemap WordPress plugin before 3.5.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4472
MISC
apollotheme — ap_pagebuilder A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter. 2023-01-31 not yet calculated CVE-2022-44897
MISC
MISC
wordpress — wordpress The SAML SSO Standard WordPress plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version 12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version 20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO login endpoint points to an internal site URL, making it vulnerable to an Open Redirect issue when the user is already logged in. 2023-01-30 not yet calculated CVE-2022-4496
MISC
MISC
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. 2023-02-02 not yet calculated CVE-2022-45067
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion. 2023-02-01 not yet calculated CVE-2022-45095
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information. 2023-02-01 not yet calculated CVE-2022-45096
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. 2023-02-01 not yet calculated CVE-2022-45097
MISC
dell — powerscale_onefs Dell PowerScale OneFS, 9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information vulnerability in S3 component. An authenticated local attacker could potentially exploit this vulnerability, leading to information disclosure. 2023-02-01 not yet calculated CVE-2022-45098
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise 2023-02-01 not yet calculated CVE-2022-45099
MISC
dell — powerscale_onefs Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system. 2023-02-01 not yet calculated CVE-2022-45100
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.0.0.x – 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution. 2023-02-01 not yet calculated CVE-2022-45101
MISC
dell — emc_data_protection_central Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections. 2023-02-01 not yet calculated CVE-2022-45102
MISC
livebox — collaboration_vdesk An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system. 2023-01-31 not yet calculated CVE-2022-45172
MISC
eq — eq EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter. 2023-01-31 not yet calculated CVE-2022-45297
MISC
identityiq — multiple_products IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6, and all prior versions allow authenticated users assigned the Identity Administrator capability or any custom capability that contains the SetIdentityForwarding right to modify the work item forwarding configuration for identities other than the ones that should be allowed by Lifecycle Manager Quicklink Population configuration. 2023-01-31 not yet calculated CVE-2022-45435
MISC
json.h — json_parse_string Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated CVE-2022-45491
MISC
MISC
json.h — json_parse_string Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated CVE-2022-45492
MISC
MISC
json.h — json_parse_string Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated CVE-2022-45493
MISC
json.h — json_parse_string Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-01-31 not yet calculated CVE-2022-45494
MISC
MISC
MISC
MISC
json.h — json_parse_string Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated CVE-2022-45496
MISC
MISC
wordpress — wordpress The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack 2023-01-30 not yet calculated CVE-2022-4552
MISC
wordpress — wordpress The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydl_posts & lydl_poststimestamp DB tables 2023-01-30 not yet calculated CVE-2022-4553
MISC
talend — remote_engine_gen_2 XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. 2023-02-03 not yet calculated CVE-2022-45588
MISC
MISC
joplin — desktop_app Cross Site Scripting vulnerability in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code via improper santization. 2023-01-31 not yet calculated CVE-2022-45598
MISC
MISC
dotcms — dotcms An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm for password-reset token generation leads to account takeover. 2023-02-01 not yet calculated CVE-2022-45782
MISC
dotcms — dotcms An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can lead to Remote Code Execution. 2023-02-01 not yet calculated CVE-2022-45783
MISC
apache — age
 
There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn’t careful. The developer of the Golang and Pyton drivers didn’t fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn’t a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters – that would be passed in and that the cypher() function transform needs to be resolved – are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can’t be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session’s pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks. 2023-02-04 not yet calculated CVE-2022-45786
MISC
schneider_electric — multiple_products A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause arbitrary code execution, denial of service and loss of confidentiality & integrity when a malicious project file is loaded onto the controller. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU – part numbers BMXP34* (All Versions), Modicon M580 CPU – part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety – part numbers BMEP58*S and BMEH58*S (All Versions), Modicon Momentum Unity M1E Processor – 171CBU* (All Versions), Modicon MC80 – BMKC80 (All Versions), Legacy Modicon Quantum – 140CPU65* and Premium CPUs – TSXP57* (All Versions) 2023-01-30 not yet calculated CVE-2022-45788
MISC
schneider_electric — multiple_products A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon M340 CPU – part numbers BMXP34* (All Versions), Modicon M580 CPU – part numbers BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety – part numbers BMEP58*S and BMEH58*S (All Versions) 2023-01-31 not yet calculated CVE-2022-45789
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. 2023-02-02 not yet calculated CVE-2022-45807
MISC
xerox — workcentre On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings. 2023-01-31 not yet calculated CVE-2022-45897
MISC
MISC
cloudschool — cloudschool CloudSchool v3.0.1 is vulnerable to Cross Site Scripting (XSS). A normal user can steal session cookies of the admin users through notification received by the admin user. 2023-01-30 not yet calculated CVE-2022-46087
MISC
MISC
delta_electronics — cncsoft_screeneditor All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. 2023-02-03 not yet calculated CVE-2022-4634
MISC
hp — security_manager Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. 2023-01-30 not yet calculated CVE-2022-46356
MISC
hp — security_manager Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. 2023-01-30 not yet calculated CVE-2022-46357
MISC
hp — security_manager
 
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. 2023-01-30 not yet calculated CVE-2022-46358
MISC
hp — security_manager Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure. 2023-01-30 not yet calculated CVE-2022-46359
MISC
wordpress — wordpress The WP Extended Search WordPress plugin before 2.1.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4649
MISC
wordpress — wordpress
 
The Justified Gallery WordPress plugin before 1.7.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4651
MISC
wordpress — wordpress
 
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4654
MISC
d-link — dir-846
 
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request. 2023-02-02 not yet calculated CVE-2022-46552
MISC
MISC
MISC
MISC
MISC
MISC
responsive_filemanager — responsive_filemanager An issue in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass the file extension check mechanism and upload a crafted PHP file, leading to arbitrary code execution. 2023-02-02 not yet calculated CVE-2022-46604
MISC
MISC
MISC
wordpress — wordpress The RSS Aggregator by Feedzy WordPress plugin before 4.1.1 does not validate and escape some of its block options before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4667
MISC
dell — powerscale_onefs Dell PowerScale OneFS 8.2.x, 9.0.0.x – 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. 2023-02-01 not yet calculated CVE-2022-46679
MISC
wordpress — wordpress The PixCodes WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4671
MISC
dell — vxrail
 
Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container’s underlying OS. Exploitation may lead to a system take over by an attacker. 2023-02-01 not yet calculated CVE-2022-46756
MISC
wordpress — wordpress The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. 2023-01-30 not yet calculated CVE-2022-4680
MISC
conditional_shipping_for_woocommerce — conditional_shipping_for_woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. 2023-02-02 not yet calculated CVE-2022-46815
MISC
identityiq — identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the application server filesystem due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. 2023-01-31 not yet calculated CVE-2022-46835
MISC
wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. 2023-02-02 not yet calculated CVE-2022-46842
MISC
kkfileview — kkfileview kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. 2023-02-01 not yet calculated CVE-2022-46934
MISC
prestashop — prestashop PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. 2023-02-02 not yet calculated CVE-2022-46965
MISC
MISC
MISC
revenue_collection_system — revenue_collection_system A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages. 2023-01-27 not yet calculated CVE-2022-46968
MISC
wordpress — wordpress The MediaElement.js WordPress plugin through 4.2.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4699
MISC
masa_cms — masa_cms A vulnerability in the Remember Me function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass authentication via a crafted web request. 2023-02-01 not yet calculated CVE-2022-47002
MISC
MISC
mura_cms — mura_cms A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. 2023-02-01 not yet calculated CVE-2022-47003
MISC
MISC
MISC
MISC
d-link — dir-825 Buffer Overflow Vulnerability in D-Link DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary code via the GetConfig method to the /CPE endpoint. 2023-01-31 not yet calculated CVE-2022-47035
MISC
MISC
nvs365 — nvs365 NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. 2023-02-03 not yet calculated CVE-2022-47070
MISC
MISC
academy_lms — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. 2023-02-03 not yet calculated CVE-2022-47130
MISC
MISC
MISC
academy_lms — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. 2023-02-03 not yet calculated CVE-2022-47131
MISC
MISC
MISC
MISC
MISC
academy_lms — academy_lms A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. 2023-02-03 not yet calculated CVE-2022-47132
MISC
MISC
MISC
wordpress — wordpress The Posts List Designer by Category WordPress plugin before 3.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4749
MISC
wordpress — wordpress The Icon Widget WordPress plugin before 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4763
MISC
wordpress — wordpress The Portfolio for Elementor WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4765
MISC
comfast — cf-wr623n COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts. 2023-01-31 not yet calculated CVE-2022-47697
MISC
comfast — cf-wr623n COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS) via the URL filtering feature in the router. 2023-01-31 not yet calculated CVE-2022-47698
MISC
comfast — cf-wr623n COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Incorrect Access Control. 2023-01-31 not yet calculated CVE-2022-47699
MISC
comfast — cf-wr623n COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Incorrect Access Control. Improper authentication allows requests to be made to back-end scripts without a valid session or authentication. 2023-01-31 not yet calculated CVE-2022-47700
MISC
comfast — cf-wr623n COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to Cross Site Scripting (XSS). 2023-01-31 not yet calculated CVE-2022-47701
MISC
last_yard_22.09.8-1 — last_yard_22.09.8-1 Last Yard 22.09.8-1 does not enforce HSTS headers 2023-02-01 not yet calculated CVE-2022-47714
MISC
last_yard_22.09.8-1 — last_yard_22.09.8-1 In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. 2023-02-01 not yet calculated CVE-2022-47715
MISC
last_yard_22.09.8-1 — last_yard_22.09.8-1 Last Yard 22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). 2023-02-01 not yet calculated CVE-2022-47717
MISC
wordpress — wordpress The CC Child Pages WordPress plugin before 1.43 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4776
MISC
gin-vue-admin — gin-vue-admin In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. 2023-02-03 not yet calculated CVE-2022-47762
MISC
serenissima — informatica_fast_checkin Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. 2023-02-01 not yet calculated CVE-2022-47768
MISC
MISC
serenissima — informatica_fast_checkin An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell. 2023-02-01 not yet calculated CVE-2022-47769
MISC
MISC
serenissima — informatica_fast_checkin Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. 2023-02-01 not yet calculated CVE-2022-47770
MISC
MISC
MISC
bangresto — bangresto SQL Injection vulnerability in Bangresto 1.0 via the itemID parameter. 2023-01-31 not yet calculated CVE-2022-47780
MISC
wordpress — wordpress The Accordion Shortcodes WordPress plugin through 2.4.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4781
MISC
i-librarian — i-librarian i-librarian 4.10 is vulnerable to Arbitrary file upload in ajaxsupplement.php. 2023-01-31 not yet calculated CVE-2022-47854
MISC
MISC
wordpress — wordpress Themify Shortcodes WordPress plugin before 2.0.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4787
MISC
maccms10 — maccms10 maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF). 2023-02-01 not yet calculated CVE-2022-47872
MISC
netcad_keos — netcad_keos Netcad KEOS 1.0 is vulnerable to XML External Entity (XXE) resulting in SSRF with XXE (remote). 2023-01-31 not yet calculated CVE-2022-47873
MISC
wordpress — wordpress The News & Blog Designer Pack WordPress plugin before 3.3 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4792
MISC
wordpress — wordpress The Blog Designer WordPress plugin before 2.4.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4793
MISC
wordpress — wordpress The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies. 2023-01-30 not yet calculated CVE-2022-4794
MISC
ibm — infosphere_information_server IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 243161. 2023-02-01 not yet calculated CVE-2022-47983
MISC
MISC
taocms — taocms An arbitrary file upload vulnerability in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploited via manipulation of the upext variable at /include/Model/Upload.php. 2023-01-30 not yet calculated CVE-2022-48006
MISC
zammad — zammad A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. 2023-02-03 not yet calculated CVE-2022-48021
MISC
zammad — zammad An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. 2023-02-03 not yet calculated CVE-2022-48022
MISC
zammad — zammad Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. 2023-02-03 not yet calculated CVE-2022-48023
MISC
nomachine — nomachine An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. 2023-02-03 not yet calculated CVE-2022-48074
MISC
aapanel — aapanel Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. 2023-02-02 not yet calculated CVE-2022-48079
MISC
MISC
easyone_crm — easyone_crm Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. 2023-02-02 not yet calculated CVE-2022-48082
MISC
seacms — seacms Seacms v12.7 was discovered to contain a remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php. 2023-02-01 not yet calculated CVE-2022-48093
MISC
lmxcms — lmxcms lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction.class.php. 2023-02-01 not yet calculated CVE-2022-48094
MISC
d-link — dir-878 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload. 2023-01-27 not yet calculated CVE-2022-48107
MISC
MISC
d-link — dir-878 D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload. 2023-01-27 not yet calculated CVE-2022-48108
MISC
MISC
totolink — n200re_v5 A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request. Attackers are also able to leverage this vulnerability to login as root via hardcoded credentials. 2023-02-02 not yet calculated CVE-2022-48113
MISC
ruoyi — ruoyi RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. 2023-02-02 not yet calculated CVE-2022-48114
MISC
tenda — w20e Tenda W20E v15.11.0.6 was discovered to contain multiple stack overflows in the function formSetStaticRoute via the parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN. 2023-02-02 not yet calculated CVE-2022-48130
MISC
dedecms — dedecms DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename. 2023-02-02 not yet calculated CVE-2022-48140
MISC
easy_images_v2.0 — easy_images_v2.0 Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the component /application/down.php. This vulnerability is exploited via a crafted GET request. 2023-02-01 not yet calculated CVE-2022-48161
MISC
wavlink — wl-wn530h4 An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. 2023-02-03 not yet calculated CVE-2022-48165
MISC
MISC
rukovoditel — rukovoditel Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request. 2023-01-30 not yet calculated CVE-2022-48175
MISC
netgear — multiple_products Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow. 2023-01-31 not yet calculated CVE-2022-48176
MISC
MISC
MISC
wordpress — wordpress The Bold Timeline Lite WordPress plugin before 1.1.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4828
MISC
jszip — jszip loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive. 2023-01-29 not yet calculated CVE-2022-48285
MISC
MISC
MISC
MISC
gnu — tar GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archive in which mtime has approximately 11 whitespace characters. 2023-01-30 not yet calculated CVE-2022-48303
MISC
MISC
wordpress — wordpress The Custom User Profile Fields for User Registration WordPress plugin before 1.8.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4831
MISC
wordpress — wordpress The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4834
MISC
wordpress — wordpress The Social Sharing Toolkit WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4835
MISC
wordpress — wordpress The CPO Companion WordPress plugin before 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. 2023-01-30 not yet calculated CVE-2022-4837
MISC
wordpress — wordpress The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to ‘no’ 2023-01-30 not yet calculated CVE-2022-4872
MISC
octopus_deploy — octopus_server In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. This was initially resolved in advisory 2022-07 however it was identified that the fix could be bypassed in certain circumstances. A different approach was taken to prevent the possibility of the support link being susceptible to XSS 2023-01-31 not yet calculated CVE-2022-4898
MISC
wordpress — wordpress The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2023-0033
MISC
wordpress — wordpress The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-01-30 not yet calculated CVE-2023-0071
MISC
wordpress — wordpress The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-01-30 not yet calculated CVE-2023-0074
MISC
wordpress — wordpress The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. 2023-01-30 not yet calculated CVE-2023-0097
MISC
delta_electronics — dopsoft Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. 2023-02-03 not yet calculated CVE-2023-0123
MISC
delta_electronics — dopsoft Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. 2023-02-03 not yet calculated CVE-2023-0124
MISC
linux — kernel There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161. 2023-01-30 not yet calculated CVE-2023-0240
MISC
MISC
MISC
wordpress — wordpress The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-02-02 not yet calculated CVE-2023-0253
MISC
MISC
MISC
linux — kernel A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e 2023-01-30 not yet calculated CVE-2023-0266
MISC
MISC
MISC
editorconfig — editorconfig_c_core A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability by bound checking all write operations over the p_pcre buffer. 2023-02-01 not yet calculated CVE-2023-0341
MISC
MISC
trellix — data_loss_prevention The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. 2023-02-02 not yet calculated CVE-2023-0400
MISC
orangescrum — orangescrum OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path. 2023-02-01 not yet calculated CVE-2023-0454
MISC
MISC
google — chrome Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-01-30 not yet calculated CVE-2023-0471
MISC
MISC
google — chrome Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) 2023-01-30 not yet calculated CVE-2023-0472
MISC
MISC
google — chrome Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) 2023-01-30 not yet calculated CVE-2023-0473
MISC
MISC
google — chrome Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) 2023-01-30 not yet calculated CVE-2023-0474
MISC
MISC
vim — vim Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. 2023-01-30 not yet calculated CVE-2023-0512
MISC
CONFIRM
tenable — multiple_products As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. 2023-02-01 not yet calculated CVE-2023-0524
MISC
yafnet — yafnet A vulnerability, which was classified as problematic, has been found in YAFNET up to 3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability. 2023-01-27 not yet calculated CVE-2023-0549
MISC
MISC
MISC
MISC
MISC
MISC
wordpress — wordpress The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts. 2023-01-27 not yet calculated CVE-2023-0550
MISC
MISC
MISC
wordpress — wordpress The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 2023-01-27 not yet calculated CVE-2023-0553
MISC
MISC
MISC
wordpress — wordpress The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. 2023-01-27 not yet calculated CVE-2023-0554
MISC
MISC
MISC
wordpress — wordpress The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration. 2023-01-27 not yet calculated CVE-2023-0555
MISC
MISC
MISC
wordpress — wordpress The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin’s contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating. 2023-01-27 not yet calculated CVE-2023-0556
MISC
MISC
MISC
wordpress — wordpress The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts. 2023-01-27 not yet calculated CVE-2023-0557
MISC
MISC
MISC
wordpress — wordpress The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys. 2023-01-27 not yet calculated CVE-2023-0558
MISC
MISC
MISC
froxlor — froxlor Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated CVE-2023-0565
CONFIRM
MISC
froxlor — froxlor Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated CVE-2023-0566
CONFIRM
MISC
publify — publify Weak Password Requirements in GitHub repository publify/publify prior to 9.2.10. 2023-01-29 not yet calculated CVE-2023-0569
CONFIRM
MISC
sourcecodester — online_tours_&_travels_management_system A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file user\operations\payment_operation.php. The manipulation of the argument booking_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219729 was assigned to this vulnerability. 2023-01-29 not yet calculated CVE-2023-0570
MISC
MISC
MISC
sourcecodester — canteen_management_system A vulnerability has been found in SourceCodester Canteen Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file createcustomer.php of the component Add Customer. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219730 is the identifier assigned to this vulnerability. 2023-01-29 not yet calculated CVE-2023-0571
MISC
MISC
MISC
froxlor — froxlor Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated CVE-2023-0572
CONFIRM
MISC
yugabyte — yugabyte Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte DB: v2.17.0.0. 2023-02-02 not yet calculated CVE-2023-0576
MISC
wordpress — wordpress The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. This is due to the plugin checking if an IP had been blocklist via client-side scripts rather than server-side. This makes it possible for unauthenticated attackers to bypass any login restrictions that may prevent a brute force attack. 2023-01-30 not yet calculated CVE-2023-0581
MISC
MISC
tenable — micro_apex_one_server_build A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed. 2023-02-01 not yet calculated CVE-2023-0587
MISC
ubireader — ubireader ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_node.name) is considered trusted and joined to the extraction directory path during processing, then the node content is written to that joined path. By crafting a malicious UBIFS file with node names holding path traversal payloads (e.g. ../../tmp/outside.txt), it’s possible to force ubi_reader to write outside of the extraction directory. This issue affects ubi-reader before 0.8.5. 2023-01-31 not yet calculated CVE-2023-0591
MISC
MISC
jefferson — jffs2 A path traversal vulnerability affects jefferson’s JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1. 2023-01-31 not yet calculated CVE-2023-0592
MISC
MISC
yaffshiv –yaffshiv 
 
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication. 2023-01-31 not yet calculated CVE-2023-0593
MISC
MISC
rapid7 — metasploit_pro Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metasploit Pro user using a specially crafted request. Note that in most deployments, all Metasploit Pro users tend to enjoy privileges equivalent to local administrator. 2023-02-01 not yet calculated CVE-2023-0599
MISC
ampache — ampache Cross-site Scripting (XSS) – Reflected in GitHub repository ampache/ampache prior to 5.5.7. 2023-02-01 not yet calculated CVE-2023-0606
MISC
CONFIRM
projectsend — projectsend Cross-site Scripting (XSS) – Stored in GitHub repository projectsend/projectsend prior to r1606. 2023-02-01 not yet calculated CVE-2023-0607
MISC
CONFIRM
microweber — microweber Cross-site Scripting (XSS) – DOM in GitHub repository microweber/microweber prior to 1.3.2. 2023-02-01 not yet calculated CVE-2023-0608
MISC
CONFIRM
wallabag — wallabag Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. 2023-02-01 not yet calculated CVE-2023-0609
MISC
CONFIRM
wallabag — wallabag Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. 2023-02-01 not yet calculated CVE-2023-0610
MISC
CONFIRM
trendnet — tew-652brp_3.04b01 A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219935. 2023-02-01 not yet calculated CVE-2023-0611
MISC
MISC
trendnet — tew-811dru A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is an unknown function of the file /wireless/basic.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219936. 2023-02-01 not yet calculated CVE-2023-0612
MISC
MISC
trendnet — tew-811dru A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /wireless/security.asp of the component httpd. The manipulation leads to memory corruption. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219937 was assigned to this vulnerability. 2023-02-01 not yet calculated CVE-2023-0613
MISC
MISC
trendnet — tew-811dru A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects an unknown part of the file /wireless/guestnetwork.asp of the component httpd. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219957 was assigned to this vulnerability. 2023-02-01 not yet calculated CVE-2023-0617
MISC
MISC
trendnet — tew-652brp_3.04b01 A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This vulnerability affects unknown code of the file cfg_op.ccp of the component Web Service. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219958 is the identifier assigned to this vulnerability. 2023-02-01 not yet calculated CVE-2023-0618
MISC
MISC
wordpress — wordpress The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to reset image optimizations. 2023-02-01 not yet calculated CVE-2023-0619
MISC
MISC
shadow-utils — shadow-utils An uncontrolled process operation was found in the newgrp command provided by the shadow-utils package. This issue could cause the execution of arbitrary code provided by a user when running the newgrp command. 2023-02-02 not yet calculated CVE-2023-0634
MISC
MISC
MISC
MISC
trendnet — tew-811dru A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the file wan.asp of the component Web Management Interface. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220017 was assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0637
MISC
MISC
trendnet — tew-811dru A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220018 is the identifier assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0638
MISC
MISC
trendnet — tew-652brp_3.04b01 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. 2023-02-02 not yet calculated CVE-2023-0639
MISC
MISC
trendnet — tew-652brp_3.04b01 A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of the file ping.ccp of the component Web Interface. The manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220020. 2023-02-02 not yet calculated CVE-2023-0640
MISC
MISC
phpgurukul — employee_leaves_management_system A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file changepassword.php. The manipulation of the argument newpassword/confirmpassword leads to weak password requirements. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220021 was assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0641
MISC
MISC
MISC
squidex — squidex Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. 2023-02-02 not yet calculated CVE-2023-0642
MISC
CONFIRM
squidex — squidex Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. 2023-02-02 not yet calculated CVE-2023-0643
CONFIRM
MISC
dst-admin — dst-admin A vulnerability classified as critical was found in dst-admin 1.5.0. Affected by this vulnerability is an unknown functionality of the file /home/cavesConsole. The manipulation of the argument command leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220033 was assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0646
MISC
MISC
MISC
dst-admin — dst-admin A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Affected by this issue is some unknown functionality of the file /home/kickPlayer. The manipulation of the argument userId leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-220034 is the identifier assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0647
MISC
MISC
MISC
dst-admin — dst-admin A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. This affects an unknown part of the file /home/masterConsole. The manipulation of the argument command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220035. 2023-02-02 not yet calculated CVE-2023-0648
MISC
MISC
MISC
dst-admin — dst-admin A vulnerability has been found in dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown code of the file /home/sendBroadcast. The manipulation of the argument message leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220036. 2023-02-02 not yet calculated CVE-2023-0649
MISC
MISC
MISC
yafnet — yafnet A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. This issue affects some unknown processing of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.12 is able to address this issue. The name of the patch is a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the affected component. The identifier VDB-220037 was assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0650
MISC
MISC
MISC
MISC
MISC
MISC
fastcms — fastcms A vulnerability was found in FastCMS 0.1.0. It has been classified as critical. Affected is an unknown function of the component Template Management. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-220038 is the identifier assigned to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0651
MISC
MISC
MISC
MISC
multilaser — re057/ re170 A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. 2023-02-03 not yet calculated CVE-2023-0658
MISC
MISC
bdcom — 1704-wgl A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. 2023-02-03 not yet calculated CVE-2023-0659
MISC
MISC
calendar_event_management_system — calendar_event_management_system A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175. 2023-02-03 not yet calculated CVE-2023-0663
MISC
MISC
MISC
froxlor — froxlor Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. 2023-02-04 not yet calculated CVE-2023-0671
CONFIRM
MISC
sourcecodester — online_eyewear_shop A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195. 2023-02-04 not yet calculated CVE-2023-0673
MISC
MISC
xxl-job — xxl-job A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. 2023-02-04 not yet calculated CVE-2023-0674
MISC
MISC
MISC
calendar_event_management_system — calendar_event_management_system A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability. 2023-02-04 not yet calculated CVE-2023-0675
MISC
MISC
MISC
phpipam — phpipam Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. 2023-02-04 not yet calculated CVE-2023-0676
MISC
CONFIRM
phpipam — phpipam Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. 2023-02-04 not yet calculated CVE-2023-0677
CONFIRM
MISC
phpipam — phpipam Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. 2023-02-04 not yet calculated CVE-2023-0678
MISC
CONFIRM
vmware  — workstation VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim’s machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed. 2023-02-03 not yet calculated CVE-2023-20854
MISC
vmware — vrealize_operations VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. A malicious user could execute actions on the vROps platform on behalf of the authenticated victim user. 2023-02-01 not yet calculated CVE-2023-20856
MISC
f5 — big-ip On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22281
MISC
f5 — apm_clients On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22283
MISC
f5 — big-ip In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control exist on the target pool member, undisclosed requests sent to the BIG-IP system can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22302
MISC
snap_one — wattbox_wb-300-ip-3 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code. 2023-01-30 not yet calculated CVE-2023-22315
MISC
omron — cx-motion_pro Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Motion Pro is installed may be disclosed. 2023-01-30 not yet calculated CVE-2023-22322
MISC
f5 — big-ip In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22323
MISC
contec — conprosys_hmi_system SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained. 2023-01-30 not yet calculated CVE-2023-22324
MISC
MISC
MISC
f5 — big-ip In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22326
MISC
pgpool_globabl_development_group — pgpool-ii Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user’s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. 2023-01-30 not yet calculated CVE-2023-22332
MISC
MISC
first_net_japan — easymail Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. 2023-01-30 not yet calculated CVE-2023-22333
MISC
MISC
f5 — big-ip On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22340
MISC
f5 — big-ip
 
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth Server that references an OAuth Provider * An OAuth profile with the Authorization Endpoint set to ‘/’ * An access profile that references the above OAuth profile and is associated with an HTTPS virtual server Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22341
MISC
f5 — apm_clients
 
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22358
MISC
f5 — big-ip
 
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22374
MISC
snap_one – wattbox_wb-300-ip-3
 
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–>Backup Settings, which could be read by any user accessing the file. 2023-01-30 not yet calculated CVE-2023-22389
MISC
f5 — big-ip
 
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled with a BIG-IP APM access policy. This vulnerability allows an unauthenticated malicious attacker to build an open redirect URI. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22418
MISC
f5 — big-ip
 
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22422
MISC
parse_server — parse_server Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn’t run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`. 2023-02-03 not yet calculated CVE-2023-22474
MISC
MISC
atlassian — jira An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances_._ With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to signup tokens sent to users with accounts that have never been logged into. Access to these tokens can be obtained in two cases: * If the attacker is included on Jira issues or requests with these users, or * If the attacker is forwarded or otherwise gains access to emails containing a “View Request” link from these users. Bot accounts are particularly susceptible to this scenario. On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account. 2023-02-01 not yet calculated CVE-2023-22501
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker could potentially exploit this vulnerability, leading to system takeover. 2023-02-01 not yet calculated CVE-2023-22572
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker could potentially exploit this vulnerability, leading to sensitive information disclosure. 2023-02-01 not yet calculated CVE-2023-22573
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.0.0.x – 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs on the cluster could potentially exploit this vulnerability, leading to Information disclosure and denial of service. 2023-02-01 not yet calculated CVE-2023-22574
MISC
dell — powerscale_onefs Dell PowerScale OneFS 9.0.0.x – 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user could potentially exploit this vulnerability, leading to information disclosure and escalation of privileges. 2023-02-01 not yet calculated CVE-2023-22575
MISC
ecostruxure — geo_scada_expert A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 – 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) 2023-01-31 not yet calculated CVE-2023-22610
MISC
ecostruxure — geo_scada_expert A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 – 2021 (formerly known as ClearSCADA) (Versions prior to October 2022) 2023-01-31 not yet calculated CVE-2023-22611
MISC
f5 — f5os On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22657
MISC
f5 — big-ip On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22664
MISC
wireapp — wire-server wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds. 2023-01-28 not yet calculated CVE-2023-22737
MISC
MISC
MISC
MISC
ckan — ckan CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn’t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images). 2023-02-03 not yet calculated CVE-2023-22746
MISC
MISC
MISC
f5 — big-ip On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting enabled is configured on a virtual server with hardware SYN cookies enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22839
MISC
f5 — big-ip On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22842
MISC
apache_software — apache_sling_app An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 2023-02-04 not yet calculated CVE-2023-22849
MISC
jfinal_cms — jfinal_cms jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). 2023-02-03 not yet calculated CVE-2023-22975
MISC
zoho — manageengine_servicedesk_plus Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. 2023-02-01 not yet calculated CVE-2023-23073
MISC
zoho — manageengine_servicedesk_plus Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. 2023-02-01 not yet calculated CVE-2023-23074
MISC
zoho — asset_explorer Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. 2023-02-01 not yet calculated CVE-2023-23075
MISC
zoho — support_center OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. 2023-02-01 not yet calculated CVE-2023-23076
MISC
zoho — manageengine_servicedesk_plus Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. 2023-02-01 not yet calculated CVE-2023-23077
MISC
zoho — manageengine_servicedesk_plus Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. 2023-02-01 not yet calculated CVE-2023-23078
MISC
kodi — home_theater_software A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. 2023-02-03 not yet calculated CVE-2023-23082
MISC
MISC
MISC
MISC
MISC
mojojson — mojojson Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. 2023-02-03 not yet calculated CVE-2023-23086
MISC
mojojson — mojojson An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. 2023-02-03 not yet calculated CVE-2023-23087
MISC
json-parser — json-parser Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. 2023-02-03 not yet calculated CVE-2023-23088
MISC
netgear — multiple_products An exploitable firmware modification vulnerability was discovered in certain Netgear products. The data integrity of the uploaded firmware image is ensured with a fixed checksum number. Therefore, an attacker can conduct a MITM attack to modify the user-uploaded firmware image and bypass the checksum verification. This affects WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22 and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2 Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7 and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and R9000 Smart WiFi Routers 1.0.3.6 and earlier. 2023-02-02 not yet calculated CVE-2023-23110
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
ubiquiti — airfiber_af2x_radio The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. 2023-02-02 not yet calculated CVE-2023-23119
MISC
MISC
trendnet — tv-ip651wi The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware modification attacks. An attacker can conduct a man-in-the-middle (MITM) attack to modify the new firmware image and bypass the checksum verification. 2023-02-02 not yet calculated CVE-2023-23120
MISC
MISC
selfwealth — ios_mobile_app_3.3.1 Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. 2023-02-01 not yet calculated CVE-2023-23131
MISC
selfwealth — ios_mobile_app_3.3.1 Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals hardcoded API keys. 2023-02-01 not yet calculated CVE-2023-23132
MISC
ftdms — ftdms An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. 2023-02-01 not yet calculated CVE-2023-23135
MISC
lmxcms — lmxcms lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. 2023-02-01 not yet calculated CVE-2023-23136
MISC
ibm — automation_decision_services IBM ICP4A – Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. 2023-02-01 not yet calculated CVE-2023-23469
MISC
MISC
ibm — websphere_application_server IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. 2023-02-03 not yet calculated CVE-2023-23477
MISC
MISC
f5 — big-ip On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-23552
MISC
f5 — big-ip
 
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-23555
MISC
snap_one — wattbox_wb-300-ip-3 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. 2023-01-30 not yet calculated CVE-2023-23582
MISC
discourse — discourse Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. 2023-02-03 not yet calculated CVE-2023-23615
MISC
discourse — discourse Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, a limit of 280 characters has been introduced for membership requests. 2023-01-28 not yet calculated CVE-2023-23616
MISC
CONFIRM
MISC
MISC
openmage_lts — openmage_lts OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds. 2023-01-28 not yet calculated CVE-2023-23617
MISC
MISC
MISC
MISC
discourse — discourse Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. 2023-01-28 not yet calculated CVE-2023-23620
CONFIRM
MISC
MISC
discourse — discourse Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known workarounds. 2023-01-28 not yet calculated CVE-2023-23621
MISC
MISC
MISC
discourse — discourse Discourse is an open-source discussion platform. Prior to version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the `exclude_tag param` to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the `stable` branch and version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use. 2023-01-28 not yet calculated CVE-2023-23624
MISC
MISC
MISC
sanitize — sanitize Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows `noscript` elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow `noscript` elements and are not vulnerable. This issue only affects users who are using a custom config that adds `noscript` to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize’s default configs or by ensuring that their custom config does not include `noscript` in the element allowlist. 2023-01-28 not yet calculated CVE-2023-23627
MISC
metabase — metabase Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn’t be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds. 2023-01-28 not yet calculated CVE-2023-23628
MISC
metabase — metabase Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the “Subscriptions and Alerts” permission for groups that have restricted data permissions, as a workaround. 2023-01-28 not yet calculated CVE-2023-23629
MISC
eta_dev — eta Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack – anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don’t pass user supplied things directly to `res.render`. 2023-02-01 not yet calculated CVE-2023-23630
MISC
MISC
MISC
jellyfin — jellyfin-web In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. 2023-02-03 not yet calculated CVE-2023-23635
MISC
MISC
MISC
jellyfin — jellyfin-web In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. 2023-02-03 not yet calculated CVE-2023-23636
MISC
MISC
MISC
dell — data_domain Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. 2023-02-01 not yet calculated CVE-2023-23692
MISC
joomla!_project — joomla!_cms An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages. 2023-02-01 not yet calculated CVE-2023-23750
MISC
joomla!_project — joomla!_cms An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs. 2023-02-01 not yet calculated CVE-2023-23751
MISC
open5gs — open5gs Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2023-02-01 not yet calculated CVE-2023-23846
MISC
dompdf — dompdf Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This may lead to arbitrary object unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit the vulnerability to call arbitrary URL with arbitrary protocols, if they can provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, that will lead to the very least to an arbitrary file deletion and even remote code execution, depending on classes that are available. 2023-02-01 not yet calculated CVE-2023-23924
MISC
MISC
MISC
switcherapie — switcher-client-master Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. 2023-02-03 not yet calculated CVE-2023-23925
MISC
MISC
reason-jose — reason-jose reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2. 2023-02-01 not yet calculated CVE-2023-23928
MISC
MISC
MISC
opendds — opendds OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. 2023-02-03 not yet calculated CVE-2023-23932
MISC
MISC
opensearch-project — anomaly-detection OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue. 2023-02-03 not yet calculated CVE-2023-23933
MISC
pimcore — pimcore Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. 2023-02-03 not yet calculated CVE-2023-23937
MISC
MISC
onezeppelin — cairo-contracts OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1. 2023-02-03 not yet calculated CVE-2023-23940
MISC
MISC
shopware — swagpaypal SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21. 2023-02-03 not yet calculated CVE-2023-23941
MISC
MISC
djangoproject — django In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. 2023-02-01 not yet calculated CVE-2023-23969
MISC
CONFIRM
MISC
MLIST
snap_one — wattbox_wb-300-ip-3 Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. 2023-01-30 not yet calculated CVE-2023-24020
MISC
progress — ws_ftp In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. 2023-02-03 not yet calculated CVE-2023-24029
MISC
MISC
wordpress — wordpress NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for health charting. 2023-01-29 not yet calculated CVE-2023-24065
MISC
MISC
MISC
MISC
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. 2023-02-03 not yet calculated CVE-2023-24138
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. 2023-02-03 not yet calculated CVE-2023-24139
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. 2023-02-03 not yet calculated CVE-2023-24140
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. 2023-02-03 not yet calculated CVE-2023-24141
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. 2023-02-03 not yet calculated CVE-2023-24142
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. 2023-02-03 not yet calculated CVE-2023-24143
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. 2023-02-03 not yet calculated CVE-2023-24144
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. 2023-02-03 not yet calculated CVE-2023-24145
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. 2023-02-03 not yet calculated CVE-2023-24146
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. 2023-02-03 not yet calculated CVE-2023-24147
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. 2023-02-03 not yet calculated CVE-2023-24148
MISC
totolink — ca300-poe TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. 2023-02-03 not yet calculated CVE-2023-24149
MISC
totolink — t8 A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24150
MISC
totolink — t8 A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24151
MISC
totolink — t8 A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24152
MISC
totolink — t8 A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24153
MISC
totolink — t8 TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. 2023-02-03 not yet calculated CVE-2023-24154
MISC
totolink — t8 TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. 2023-02-03 not yet calculated CVE-2023-24155
MISC
totolink — t8 A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24156
MISC
totolink — t8 A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03 not yet calculated CVE-2023-24157
MISC
dromara — hutool Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. 2023-01-31 not yet calculated CVE-2023-24162
MISC
MISC
dromara — hutool
 
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to execute arbitrary code via the aviator template engine. 2023-01-31 not yet calculated CVE-2023-24163
MISC
forget_heart_message_box — forget_heart_message_box Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. 2023-02-01 not yet calculated CVE-2023-24241
MISC
dell — enterprise_somic_os Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an “Uncontrolled Resource Consumption vulnerability” in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users. 2023-02-02 not yet calculated CVE-2023-24574
MISC
dell — networker_nve EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the Networker Client execution service (nsrexecd) when oldauth authentication method is used. An unauthenticated remote attacker could send arbitrary commands via RPC service to be executed on the host system with the privileges of the nsrexecd service, which runs with administrative privileges. 2023-02-03 not yet calculated CVE-2023-24576
MISC
dell — networker_nve NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the “practice logo” upload feature. The client-side checks can be bypassed. This may allow attackers to steal Protected Health Information because the product is for health charting. 2023-02-01 not yet calculated CVE-2023-24610
MISC
MISC
MISC
MISC
pdfbook — pdfbook The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. 2023-01-30 not yet calculated CVE-2023-24612
MISC
array_networks — ag_vxag_ui The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. 2023-02-03 not yet calculated CVE-2023-24613
MISC
safeurl-python — safeurl-python isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. 2023-01-30 not yet calculated CVE-2023-24622
MISC
paranoidhttp — paranoidhttp Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. 2023-01-30 not yet calculated CVE-2023-24623
MISC
MISC
MISC
apache — iotdb Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. 2023-01-31 not yet calculated CVE-2023-24829
MISC
apache — iotdb Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3. 2023-01-30 not yet calculated CVE-2023-24830
MISC
forget_heart_message_box — forget_heart_message_box Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. 2023-02-01 not yet calculated CVE-2023-24956
MISC
apache — inlong Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it. 2023-02-01 not yet calculated CVE-2023-24977
MISC
apache — inlong Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull/7223 https://github.com/apache/inlong/pull/7223 to solve it. 2023-02-01 not yet calculated CVE-2023-24997
MISC
linux — kernel The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. 2023-02-02 not yet calculated CVE-2023-25012
MISC
MISC
MLIST
typo3 — femanger_extension An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. 2023-02-02 not yet calculated CVE-2023-25013
MISC
MISC
typo3 — femanger_extension An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. 2023-02-02 not yet calculated CVE-2023-25014
MISC
MISC
clockwork_web — clockwork_web Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. 2023-02-02 not yet calculated CVE-2023-25015
MISC
CONFIRM
MISC
vbulletin — vbulletin vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. 2023-02-03 not yet calculated CVE-2023-25135
MISC
MISC
openssh — openssh_server OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that “exploiting this vulnerability will not be easy.” 2023-02-03 not yet calculated CVE-2023-25136
MISC
MISC
MISC
MISC
glibc — glibc sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. 2023-02-03 not yet calculated CVE-2023-25139
MISC
harfbuzz — harfbuzz hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. 2023-02-04 not yet calculated CVE-2023-25193
MISC
MISC
MISC
Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts.

CISA recently updated an anonymous product survey;they’d welcome your feedback.


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn