US-CERT Bulletin (SB23-045):Vulnerability Summary for the Week of February 6, 2023
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| webfinance_project — webfinance | A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. | 2023-02-03 | 9.8 | CVE-2013-10015 MISC MISC MISC |
| webfinance_project — webfinance | A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. | 2023-02-03 | 9.8 | CVE-2013-10016 MISC MISC MISC |
| webfinance_project — webfinance | A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. | 2023-02-04 | 9.8 | CVE-2013-10017 MISC MISC MISC |
| webfinance_project — webfinance | A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability. | 2023-02-04 | 9.8 | CVE-2013-10018 MISC MISC MISC |
| gimmie_project — gimmie | A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability. | 2023-02-06 | 9.8 | CVE-2014-125084 MISC MISC MISC MISC |
| gimmie_project — gimmie | A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability. | 2023-02-06 | 9.8 | CVE-2014-125085 MISC MISC MISC MISC |
| gimmie_project — gimmie | A vulnerability has been found in Gimmie Plugin 1.2.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The name of the patch is fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207. | 2023-02-06 | 9.8 | CVE-2014-125086 MISC MISC MISC MISC |
| phpwcms — phpwcms | An issue discovered in phpwcms 1.9.25 allows remote attackers to run arbitrary code via DB user field during installation. | 2023-02-03 | 9.8 | CVE-2021-36424 MISC |
| jizhicms — jizhicms | SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | 2023-02-03 | 9.8 | CVE-2021-36484 MISC |
| native-php-cms_project — native-php-cms | SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | 2023-02-03 | 9.8 | CVE-2021-36503 MISC |
| pbootcms — pbootcms | SQL injection vulnerability in route of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via crafted GET request. | 2023-02-03 | 9.8 | CVE-2021-37497 MISC MISC |
| zammad — zammad | A vulnerability in Zammad v5.3.0 allows attackers to execute arbitrary code or escalate privileges via a crafted message sent to the server. | 2023-02-03 | 9.8 | CVE-2022-48021 MISC |
| calendar_event_management_system_project — calendar_event_management_system | A vulnerability was found in Calendar Event Management System 2.3.0. It has been rated as critical. This issue affects some unknown processing of the component Login Page. The manipulation of the argument name/pwd leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-220175. | 2023-02-03 | 9.8 | CVE-2023-0663 MISC MISC MISC |
| online_eyewear_shop_project — online_eyewear_shop | A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Affected by this vulnerability is an unknown functionality of the file oews/?p=products/view_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-220195. | 2023-02-04 | 9.8 | CVE-2023-0673 MISC MISC |
| mojojson_project — mojojson | Buffer OverFlow Vulnerability in MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString function. | 2023-02-03 | 9.8 | CVE-2023-23086 MISC |
| mojojson_project — mojojson | An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function. | 2023-02-03 | 9.8 | CVE-2023-23087 MISC |
| json-parser_project — json-parser | Buffer OverFlow Vulnerability in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to execute arbitrary code via the json_value_parse function. | 2023-02-03 | 9.8 | CVE-2023-23088 MISC |
| ibm — websphere_application_server | IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. IBM X-Force ID: 245513. | 2023-02-03 | 9.8 | CVE-2023-23477 MISC MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the host_time parameter in the NTPSyncWithHost function. | 2023-02-03 | 9.8 | CVE-2023-24138 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagHost parameter in the setNetworkDiag function. | 2023-02-03 | 9.8 | CVE-2023-24139 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingNum parameter in the setNetworkDiag function. | 2023-02-03 | 9.8 | CVE-2023-24140 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingTimeOut parameter in the setNetworkDiag function. | 2023-02-03 | 9.8 | CVE-2023-24141 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagPingSize parameter in the setNetworkDiag function. | 2023-02-03 | 9.8 | CVE-2023-24142 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the NetDiagTracertHop parameter in the setNetworkDiag function. | 2023-02-03 | 9.8 | CVE-2023-24143 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the hour parameter in the setRebootScheCfg function. | 2023-02-03 | 9.8 | CVE-2023-24144 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the plugin_version parameter in the setUnloadUserData function. | 2023-02-03 | 9.8 | CVE-2023-24145 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the minute parameter in the setRebootScheCfg function. | 2023-02-03 | 9.8 | CVE-2023-24146 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadUserData function. | 2023-02-03 | 9.8 | CVE-2023-24148 MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for root which is stored in the component /etc/shadow. | 2023-02-03 | 9.8 | CVE-2023-24149 MISC |
| totolink — t8_firmware | A command injection vulnerability in the serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24150 MISC |
| totolink — t8_firmware | A command injection vulnerability in the ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24151 MISC |
| totolink — t8_firmware | A command injection vulnerability in the serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24152 MISC |
| totolink — t8_firmware | A command injection vulnerability in the version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24153 MISC |
| totolink — t8_firmware | TOTOLINK T8 V4.1.5cu was discovered to contain a command injection vulnerability via the slaveIpList parameter in the function setUpgradeFW. | 2023-02-03 | 9.8 | CVE-2023-24154 MISC |
| totolink — t8_firmware | TOTOLINK T8 V4.1.5cu was discovered to contain a hard code password for the telnet service which is stored in the component /web_cste/cgi-bin/product.ini. | 2023-02-03 | 9.8 | CVE-2023-24155 MISC |
| totolink — t8_firmware | A command injection vulnerability in the ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24156 MISC |
| totolink — t8_firmware | A command injection vulnerability in the serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT packet. | 2023-02-03 | 9.8 | CVE-2023-24157 MISC |
| raffle_draw_system_project — raffle_draw_system | Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. | 2023-02-06 | 9.8 | CVE-2023-24198 MISC MISC |
| raffle_draw_system_project — raffle_draw_system | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | 2023-02-06 | 9.8 | CVE-2023-24199 MISC MISC |
| raffle_draw_system_project — raffle_draw_system | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | 2023-02-06 | 9.8 | CVE-2023-24200 MISC MISC |
| raffle_draw_system_project — raffle_draw_system | Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | 2023-02-06 | 9.8 | CVE-2023-24201 MISC MISC |
| raffle_draw_system_project — raffle_draw_system | Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. | 2023-02-06 | 9.8 | CVE-2023-24202 MISC MISC |
| openssh — openssh | OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration. One third-party report states “remote code execution is theoretically possible.” | 2023-02-03 | 9.8 | CVE-2023-25136 MISC MISC MISC MISC MISC MISC |
| gnu — glibc | sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | 2023-02-03 | 9.8 | CVE-2023-25139 MISC MLIST |
| jocms_project — jocms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | 2023-02-03 | 9.1 | CVE-2021-36431 MISC |
| jocms_project — jocms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | 2023-02-03 | 9.1 | CVE-2021-36433 MISC |
| jocms_project — jocms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | 2023-02-03 | 9.1 | CVE-2021-36434 MISC |
| ibm — tivoli_workload_scheduler | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328. | 2023-02-03 | 9.1 | CVE-2022-22486 MISC MISC |
| cloudfoundry — diego | Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then an attacker could connect to an application that should be only reachable via mTLS, without presenting a client certificate. | 2023-02-03 | 9.1 | CVE-2022-31733 MISC |
| ibm — tivoli_workload_scheduler | IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. | 2023-02-03 | 9.1 | CVE-2022-38389 MISC MISC |
| phpwcms — phpwcms | File Upload vulnerability in phpwcms 1.9.25 allows remote attackers to run arbitrary code via crafted file upload to include/inc_lib/general.inc.php. | 2023-02-03 | 8.8 | CVE-2021-36426 MISC |
| txjia — imcat | Cross Site Request Forgery vulnerability in imcat 5.4 allows remote attackers to escalate privilege via lack of token verification. | 2023-02-03 | 8.8 | CVE-2021-36443 MISC |
| txjia — imcat | Cross Site Request Forgery (CSRF) vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges via flaws one time token generation on the add administrator page. | 2023-02-03 | 8.8 | CVE-2021-36444 MISC |
| thedaylightstudio — fuel_cms | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /users/delete/2. | 2023-02-03 | 8.8 | CVE-2021-36569 MISC |
| thedaylightstudio — fuel_cms | Cross Site Request Forgery vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code via post ID to /permissions/delete/2—. | 2023-02-03 | 8.8 | CVE-2021-36570 MISC |
| creativeitem — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add Administrator users. | 2023-02-03 | 8.8 | CVE-2022-47132 MISC MISC MISC |
| froxlor — froxlor | Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10. | 2023-02-04 | 8.8 | CVE-2023-0671 CONFIRM MISC |
| calendar_event_management_system_project — calendar_event_management_system | A vulnerability, which was classified as critical, was found in Calendar Event Management System 2.3.0. This affects an unknown part. The manipulation of the argument start/end leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220197 was assigned to this vulnerability. | 2023-02-04 | 8.8 | CVE-2023-0675 MISC MISC MISC |
| portfoliocms_project — portfoliocms | Race condition vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run arbitrary code via fileExt parameter to localhost/admin/uploads.php. | 2023-02-03 | 8.1 | CVE-2021-36532 MISC |
| parseplatform — parse-server | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server uses the request header `x-forwarded-for` to determine the client IP address. If Parse Server doesn’t run behind a proxy server, then a client can set this header and Parse Server will trust the value of the header. The incorrect client IP address will be used by various features in Parse Server. This allows to circumvent the security mechanism of the Parse Server option `masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header value. This issue has been patched in version 5.4.1. The mechanism to determine the client IP address has been rewritten. The correct IP address determination now requires to set the Parse Server option `trustProxy`. | 2023-02-03 | 8.1 | CVE-2023-22474 MISC MISC |
| json.h_project — json.h | Buffer overflow vulnerability in function json_parse_value in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | 7.8 | CVE-2022-45491 MISC MISC |
| json.h_project — json.h | Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | 7.8 | CVE-2022-45492 MISC MISC |
| json.h_project — json.h | Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | 7.8 | CVE-2022-45493 MISC |
| json.h_project — json.h | Buffer overflow vulnerability in function json_parse_string in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges. | 2023-02-03 | 7.8 | CVE-2022-45496 MISC MISC |
| deltaww — cncsoft | All versions prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | 2023-02-03 | 7.8 | CVE-2022-4634 MISC |
| deltaww — dopsoft | Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | 2023-02-03 | 7.8 | CVE-2023-0123 MISC |
| deltaww — dopsoft | Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to an out-of-bounds write, which could allow an attacker to remotely execute arbitrary code when a malformed file is introduced to the software. | 2023-02-03 | 7.8 | CVE-2023-0124 MISC |
| jocms_project — jocms | SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | 2023-02-03 | 7.5 | CVE-2021-36432 MISC |
| xpdfreader — xpdf | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | 2023-02-03 | 7.5 | CVE-2021-36493 MISC |
| tpcms_project — tpcms | Incorrect Access Control issue discovered in tpcms 3.2 allows remote attackers to view sensitive information via path in application URL. | 2023-02-03 | 7.5 | CVE-2021-36544 MISC |
| kitesky — kitecms | Incorrect Access Control issue discovered in KiteCMS 1.1 allows remote attackers to view sensitive information via path in application URL. | 2023-02-03 | 7.5 | CVE-2021-36546 MISC |
| jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 2023-02-03 | 7.5 | CVE-2021-37304 MISC |
| jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | 2023-02-03 | 7.5 | CVE-2021-37305 MISC |
| jeecg — jeecg | An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | 2023-02-03 | 7.5 | CVE-2021-37306 MISC |
| fcitx_5_project — fcitx_5 | Buffer Overflow vulnerability in fcitx5 5.0.8 allows attackers to cause a denial of service via crafted message to the application’s listening port. | 2023-02-03 | 7.5 | CVE-2021-37311 MISC MISC |
| asus — rt-ac68u_firmware | SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | 2023-02-03 | 7.5 | CVE-2021-37316 MISC |
| biltema — baby_camera_firmware | Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | 2023-02-03 | 7.5 | CVE-2022-34138 MISC MISC |
| gin-vue-admin_project — gin-vue-admin | In gin-vue-admin < 2.5.5, the download module has a Path Traversal vulnerability. | 2023-02-03 | 7.5 | CVE-2022-47762 MISC |
| multilaser — re057_firmware | A vulnerability, which was classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220053 was assigned to this vulnerability. | 2023-02-03 | 7.5 | CVE-2023-0658 MISC MISC |
| bdcom — 1704-wgl_firmware | A vulnerability was found in BDCOM 1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown part of the file /param.file.tgz of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The identifier VDB-220101 was assigned to this vulnerability. | 2023-02-03 | 7.5 | CVE-2023-0659 MISC MISC |
| totolink — ca300-poe_firmware | TOTOLINK CA300-PoE V6.2c.884 was discovered to contain a hard code password for the telnet service which is stored in the component /etc/config/product.ini. | 2023-02-03 | 7.5 | CVE-2023-24147 MISC |
| progress — ws_ftp_server | In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows. | 2023-02-03 | 7.2 | CVE-2023-24029 MISC MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| liballeg — allegro | Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. | 2023-02-03 | 6.5 | CVE-2021-36489 MISC |
| modern_honey_network_project — modern_honey_network | Incorrect Access Control vulnerability in Modern Honey Network commit 0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view sensitive information via crafted PUT request to Web API. | 2023-02-03 | 6.5 | CVE-2021-37234 MISC |
| xwp — stream | The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information. | 2023-02-06 | 6.5 | CVE-2022-4384 MISC |
| nrel — api_umbrella_web | A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address this issue. The name of the patch is bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220060. | 2023-02-04 | 6.1 | CVE-2015-10072 MISC MISC MISC MISC |
| share_on_diaspora_project — share_on_diaspora | A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initiated remotely. The name of the patch is fb6fae2f8a9b146471450b5b0281046a17d1ac8d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220204. | 2023-02-06 | 6.1 | CVE-2017-20176 MISC MISC MISC |
| vimium_project — vimium | Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature. | 2023-02-03 | 6.1 | CVE-2021-37518 MISC MISC |
| wpswings — pdf_generator_for_wordpress | The PDF Generator for WordPress plugin before 1.1.2 includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin | 2023-02-06 | 6.1 | CVE-2022-4321 MISC |
| phpipam — phpipam | Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to 1.5.1. | 2023-02-04 | 6.1 | CVE-2023-0676 MISC CONFIRM |
| phpipam — phpipam | Cross-site Scripting (XSS) – Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. | 2023-02-04 | 6.1 | CVE-2023-0677 CONFIRM MISC |
| apache — sling_cms | An improper neutralization of input during web page generation (‘Cross-site Scripting’) [CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 | 2023-02-04 | 6.1 | CVE-2023-22849 MISC |
| jflyfox — jfinal_cms | jfinal_cms 5.1.0 is vulnerable to Cross Site Scripting (XSS). | 2023-02-03 | 6.1 | CVE-2023-22975 MISC |
| online_food_ordering_system_project — online_food_ordering_system | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | 2023-02-06 | 6.1 | CVE-2023-24191 MISC MISC |
| online_food_ordering_system_project — online_food_ordering_system | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | 2023-02-06 | 6.1 | CVE-2023-24192 MISC MISC |
| online_food_ordering_system_project — online_food_ordering_system | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. | 2023-02-06 | 6.1 | CVE-2023-24194 MISC MISC |
| online_food_ordering_system_project — online_food_ordering_system | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. | 2023-02-06 | 6.1 | CVE-2023-24195 MISC MISC |
| online_food_ordering_system_project — online_food_ordering_system | Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | 2023-02-06 | 6.1 | CVE-2023-24197 MISC MISC |
| cesanta — mjs | Buffer Overflow vulnerability in Cesanta mJS 1.26 allows remote attackers to cause a denial of service via crafted .js file to mjs_set_errorf. | 2023-02-03 | 5.5 | CVE-2021-36535 MISC |
| memcached — memcached | Buffer Overflow vulnerability in authfile.c memcached 1.6.9 allows attackers to cause a denial of service via crafted authenticattion file. | 2023-02-03 | 5.5 | CVE-2021-37519 MISC MISC |
| phpwcms — phpwcms | Directory traversal vulnerability in phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered $file parameter to unlink method in include/inc_act/act_ftptakeover.php file. | 2023-02-03 | 5.4 | CVE-2021-36425 MISC |
| gurock — testrail | Cross Site Scripting (XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated attackers to run arbitrary code via the reference field in milestones or description fields in reports. | 2023-02-03 | 5.4 | CVE-2021-36538 MISC |
| tpcms_project — tpcms | Cross Site Scripting (XSS) vulnerability in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright or cfg_tel field in Site Configuration page. | 2023-02-03 | 5.4 | CVE-2021-36545 MISC |
| yzmcms — yzmcms | Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. | 2023-02-03 | 5.4 | CVE-2021-36712 MISC MISC |
| automad — automad | Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user. | 2023-02-03 | 5.4 | CVE-2021-37502 MISC |
| wepanow — print_away | WEPA Print Away is vulnerable to a stored XSS. It does not properly sanitize uploaded filenames, allowing an attacker to deceive a user into uploading a document with a malicious filename, which will be included in subsequent HTTP responses, allowing a stored XSS to occur. This attack is persistent across victim sessions. | 2023-02-03 | 5.4 | CVE-2022-42908 CONFIRM CONFIRM |
| wepanow — print_away | WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. | 2023-02-03 | 5.4 | CVE-2022-42909 CONFIRM CONFIRM |
| wp_show_posts_project — wp_show_posts | The WP Show Posts WordPress plugin before 1.1.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | 5.4 | CVE-2022-4459 MISC |
| goldplugins — easy_testimonials | The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | 5.4 | CVE-2022-4577 MISC |
| jellyfin — jellyfin | In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | 2023-02-03 | 5.4 | CVE-2023-23635 MISC MISC MISC |
| jellyfin — jellyfin | In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim. | 2023-02-03 | 5.4 | CVE-2023-23636 MISC MISC MISC |
| nomachine — nomachine | An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file. | 2023-02-03 | 5.3 | CVE-2022-48074 MISC |
| arraynetworks — arrayos_ag | The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. | 2023-02-03 | 4.9 | CVE-2023-24613 MISC |
| creativeitem — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a page. | 2023-02-03 | 4.8 | CVE-2022-47131 MISC MISC MISC MISC MISC |
| kodi — kodi | A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. | 2023-02-03 | 4.6 | CVE-2023-23082 MISC MISC MISC MISC MISC |
| google — android | In widevine, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446236; Issue ID: ALPS07446236. | 2023-02-06 | 4.4 | CVE-2022-32595 MISC |
| creativeitem — academy_lms | A Cross-Site Request Forgery (CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily created if an attacker with administrative privileges interacts on the CSRF page. | 2023-02-03 | 4.3 | CVE-2022-47130 MISC MISC MISC |
| zammad — zammad | An issue in the component /api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent permissions to view information about tickets they are not authorized to see. | 2023-02-03 | 4.3 | CVE-2022-48022 MISC |
| zammad — zammad | Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | 2023-02-03 | 4.3 | CVE-2022-48023 MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0684 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.. | 2023-02-08 | 4.3 | CVE-2023-0685 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0711 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0712 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0713 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0715 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0716 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0717 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0718 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0719 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0720 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0722 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0723 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0724 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0725 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-08 | 4.3 | CVE-2023-0726 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0727 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0728 MISC MISC MISC |
| wickedplugins — wicked_folders | The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin. | 2023-02-07 | 4.3 | CVE-2023-0730 MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| There were no low vulnerabilities recorded this week. | ||||
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
|
weblabyrinth — weblabyrinth |
A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The name of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | 2023-02-07 | not yet calculated | CVE-2011-10002 MISC MISC MISC MISC MISC |
|
xpressengine — xpressengine |
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The name of the patch is c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247. | 2023-02-07 | not yet calculated | CVE-2011-10003 MISC MISC MISC |
|
tinymighty — wikiseo |
A vulnerability, which was classified as problematic, was found in tinymighty WikiSEO 1.2.1. This affects the function modifyHTML of the file WikiSEO.body.php of the component Meta Property Tag Handler. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.2 is able to address this issue. The name of the patch is 089a5797be612b18a820f9f1e6593ad9a91b1dba. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220215. | 2023-02-06 | not yet calculated | CVE-2015-10073 MISC MISC MISC MISC MISC |
| openseamap — online_chart | A vulnerability was found in OpenSeaMap online_chart 1.2. It has been classified as problematic. Affected is the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version staging is able to address this issue. The name of the patch is 8649157158f921590d650e2d2f4bdf0df1017e9d. It is recommended to upgrade the affected component. VDB-220218 is the identifier assigned to this vulnerability. | 2023-02-07 | not yet calculated | CVE-2015-10074 MISC MISC MISC MISC MISC |
| custom-content-width — custom-content-width | A vulnerability was found in Custom-Content-Width 1.0. It has been declared as problematic. Affected by this vulnerability is the function override_content_width/register_settings of the file custom-content-width.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is e05e0104fc42ad13b57e2b2cb2d1857432624d39. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220219. NOTE: This attack is not very likely. | 2023-02-07 | not yet calculated | CVE-2015-10075 MISC MISC MISC |
|
dimtion — shaarlier |
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability. | 2023-02-09 | not yet calculated | CVE-2015-10076 MISC MISC MISC MISC |
| webbuilders-group — silverstripe-kapost-bridge | A vulnerability was found in webbuilders-group silverstripe-kapost-bridge 0.3.3. It has been declared as critical. Affected by this vulnerability is the function index/getPreview of the file code/control/KapostService.php. The manipulation leads to sql injection. The attack can be launched remotely. Upgrading to version 0.4.0 is able to address this issue. The name of the patch is 2e14b0fd0ea35034f90890f364b130fb4645ff35. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220471. | 2023-02-10 | not yet calculated | CVE-2015-10077 MISC MISC MISC MISC |
| daschtour — matomo-mediawiki-extension | A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.4.3 is able to address this issue. The name of the patch is 681324e4f518a8af4bd1f93867074c728eb9923d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220203. | 2023-02-05 | not yet calculated | CVE-2017-20175 MISC MISC MISC MISC MISC |
| wangguard — wangguard | A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipulation of the argument userIP leads to cross site scripting. The attack may be launched remotely. The name of the patch is 88414951e30773c8d2ec13b99642688284bf3189. It is recommended to apply a patch to fix this issue. VDB-220214 is the identifier assigned to this vulnerability. | 2023-02-06 | not yet calculated | CVE-2017-20177 MISC MISC MISC MISC |
| segmentio — is-url | A vulnerability was found in Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The attack may be launched remotely. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to upgrade the affected component. VDB-220058 is the identifier assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2018-25079 MISC MISC MISC MISC MISC |
| mobiledetect — mobiledetect | A vulnerability, which was classified as problematic, has been found in MobileDetect 2.8.31. This issue affects the function initLayoutType of the file examples/session_example.php of the component Example. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.8.32 is able to address this issue. The name of the patch is 31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the affected component. The identifier VDB-220061 was assigned to this vulnerability. | 2023-02-04 | not yet calculated | CVE-2018-25080 MISC MISC MISC MISC MISC |
| huawei — e5573cs-322 | There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. | 2023-02-10 | not yet calculated | CVE-2018-7935 MISC |
| onshift — turbogears | A vulnerability classified as critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown part of the file turbogears/controllers.py of the component HTTP Header Handler. The manipulation leads to http response splitting. It is possible to initiate the attack remotely. Upgrading to version 1.0.11.11 is able to address this issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220059. | 2023-02-04 | not yet calculated | CVE-2019-25101 MISC MISC MISC MISC MISC |
| paxswill — eve_ship_replacement_program | A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The name of the patch is 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211. | 2023-02-06 | not yet calculated | CVE-2020-36660 MISC MISC MISC MISC |
| mediatek — en7528/en7580 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | 2023-02-06 | not yet calculated | CVE-2021-31573 MISC |
| mediatek — en7528/en7580 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | 2023-02-06 | not yet calculated | CVE-2021-31574 MISC |
| mediatek — en7528/en7580 | In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234. | 2023-02-06 | not yet calculated | CVE-2021-31575 MISC |
| mediatek — en7528/en7580 | In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | 2023-02-06 | not yet calculated | CVE-2021-31576 MISC |
| mediatek — en7528/en7580 | In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | 2023-02-06 | not yet calculated | CVE-2021-31577 MISC |
| mediatek — en7528/en7580 | In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241. | 2023-02-06 | not yet calculated | CVE-2021-31578 MISC |
| western digital — my_cloud_network_storage_devices | Western Digital My Cloud devices before OS5 have a nobody account with a blank password. | 2023-02-06 | not yet calculated | CVE-2021-36224 MISC MISC MISC |
| western digital — my_cloud_network_storage_devices | Western Digital My Cloud devices before OS5 allow REST API access by low-privileged accounts, as demonstrated by API commands for firmware uploads and installation. | 2023-02-06 | not yet calculated | CVE-2021-36225 MISC MISC MISC |
| western digital — my_cloud_network_storage_devices | Western Digital My Cloud devices before OS5 do not use cryptographically signed Firmware upgrade files. | 2023-02-06 | not yet calculated | CVE-2021-36226 MISC MISC MISC |
| adminlte — adminlte | Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs. | 2023-02-07 | not yet calculated | CVE-2021-36471 MISC |
| dogecoin_project — dogecoin_core | An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. | 2023-02-07 | not yet calculated | CVE-2021-37491 MISC MISC MISC MISC MISC |
|
raven_project — ravencoin_core |
An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function. | 2023-02-07 | not yet calculated | CVE-2021-37492 MISC MISC MISC MISC |
| wordpress — wordpress | The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting | 2023-02-08 | not yet calculated | CVE-2022-2094 MISC |
| johnson_controls — system_configuration_tool | Sensitive Cookie Without ‘HttpOnly’ Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 2023-02-09 | not yet calculated | CVE-2022-21939 MISC MISC |
| johnson_controls — system_configuration_tool | Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 2023-02-09 | not yet calculated | CVE-2022-21940 MISC MISC |
| opensuse — paste | An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in paste allows remote attackers to place Javascript into SVG files. This issue affects: openSUSE paste paste version b57b9f87e303a3db9465776e657378e96845493b and prior versions. | 2023-02-07 | not yet calculated | CVE-2022-21948 CONFIRM |
| suse — rancher | A Missing Authorization vulnerability in of SUSE Rancher allows authenticated user to create an unauthorized shell pod and kubectl access in the local cluster This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 2023-02-07 | not yet calculated | CVE-2022-21953 CONFIRM |
| grafana — grafana | Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4. | 2023-02-03 | not yet calculated | CVE-2022-23498 MISC |
| dell — cpg_bios | Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. | 2023-02-10 | not yet calculated | CVE-2022-24410 MISC |
| symfony — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim’s session. This issue has been patched and is available for branch 4.4. | 2023-02-03 | not yet calculated | CVE-2022-24894 MISC MISC |
| symfony — symfony | Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. | 2023-02-03 | not yet calculated | CVE-2022-24895 MISC MISC MISC MISC |
| terramaster — nas | TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending “User-Agent: TNAS” to module/api.php?mobile/webNasIPS and then reading the PWD field in the response. | 2023-02-07 | not yet calculated | CVE-2022-24990 MISC MISC MISC MISC |
| semver-tags — semver-tags | All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | 2023-02-06 | not yet calculated | CVE-2022-25853 MISC MISC |
| create-choo-app3 — create-choo-app3 | All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | 2023-02-06 | not yet calculated | CVE-2022-25855 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions. | 2023-02-06 | not yet calculated | CVE-2022-27628 MISC |
| caddy — caddy | Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs. | 2023-02-06 | not yet calculated | CVE-2022-28923 MISC |
| wordpress — wordpress | The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromk_options_page function. This makes it possible for unauthenticated attackers to inject malicious web scripts via the ‘zeromk_user’ and ‘zeromk_apikluc’ parameters through a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-02-06 | not yet calculated | CVE-2022-2933 MISC MISC |
| wordpress — wordpress | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions. | 2023-02-06 | not yet calculated | CVE-2022-29416 MISC |
| dahua_technology — multiple_products | Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | 2023-02-09 | not yet calculated | CVE-2022-30564 MISC |
| suse — rancher | A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in wrangler of SUSE Rancher allows remote attackers to inject commands in the underlying host via crafted commands passed to Wrangler. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | 2023-02-07 | not yet calculated | CVE-2022-31249 CONFIRM |
| suse — multiple_products | A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | 2023-02-07 | not yet calculated | CVE-2022-31254 CONFIRM |
| nvidia — geforce_experience | NVIDIA GeForce Experience contains an uncontrolled search path vulnerability in all its client installers, where an attacker with user level privileges may cause the installer to load an arbitrary DLL when the installer is launched. A successful exploit of this vulnerability could lead to escalation of privileges and code execution. | 2023-02-07 | not yet calculated | CVE-2022-31611 MISC |
| unified_intents_ab — unified_remote | Because the web management interface for Unified Intents’ Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker’s choosing. | 2023-02-06 | not yet calculated | CVE-2022-3229 MISC |
| mediatek — multiple_products | In ccd, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07326547; Issue ID: ALPS07326547. | 2023-02-06 | not yet calculated | CVE-2022-32642 MISC |
| mediatek — multiple_products | In ccd, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07341261; Issue ID: ALPS07341261. | 2023-02-06 | not yet calculated | CVE-2022-32643 MISC |
| mediatek — multiple_products | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705011; Issue ID: GN20220705011. | 2023-02-06 | not yet calculated | CVE-2022-32654 MISC |
| mediatek — multiple_products | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705028; Issue ID: GN20220705028. | 2023-02-06 | not yet calculated | CVE-2022-32655 MISC |
| mediatek — multiple_products | In Wi-Fi driver, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220705035; Issue ID: GN20220705035. | 2023-02-06 | not yet calculated | CVE-2022-32656 MISC |
| mediatek — multiple_products | In Wi-Fi driver, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220720014; Issue ID: GN20220720014. | 2023-02-06 | not yet calculated | CVE-2022-32663 MISC |
| dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x through 9.4.x contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected fields. | 2023-02-10 | not yet calculated | CVE-2022-33934 MISC |
| ibm — api_connect | IBM API Connect 10.0.0.0 through 10.0.5.0, 10.0.1.0 through 10.0.1.7, and 2018.4.1.0 through 2018.4.1.20 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 230264. | 2023-02-08 | not yet calculated | CVE-2022-34350 MISC MISC |
| ibm — sterling_secure_proxy | IBM Sterling Secure Proxy 6.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 230523. | 2023-02-08 | not yet calculated | CVE-2022-34362 MISC MISC |
| dell — bsafe_ssl-j | Dell BSAFE SSL-J when used in debug mode can reveal unnecessary information. An attacker could potentially exploit this vulnerability and have access to private information. | 2023-02-10 | not yet calculated | CVE-2022-34364 MISC |
| dell — supportassist | Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | 2023-02-10 | not yet calculated | CVE-2022-34366 MISC |
| dell — poweredge_bios | Dell PowerEdge BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by manipulating an SMI to cause a denial of service during SMM. | 2023-02-10 | not yet calculated | CVE-2022-34376 MISC |
| dell — poweredge_bios | Dell PowerEdge BIOS contains an Improper SMM communication buffer verification vulnerability. A local malicious user with high Privileges may potentially exploit this vulnerability to perform arbitrary code execution or cause denial of service. | 2023-02-10 | not yet calculated | CVE-2022-34377 MISC |
| dell — multiple_products | Dell SupportAssist Client Consumer (version 3.11.1 and prior), SupportAssist Client Commercial (version 3.2 and prior), Dell Command | Update, Dell Update, and Alienware Update versions before 4.5 contain a Local Privilege Escalation Vulnerability in the Advanced Driver Restore component. A local malicious user may potentially exploit this vulnerability, leading to privilege escalation. | 2023-02-11 | not yet calculated | CVE-2022-34384 MISC |
| dell — supportassist | SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | 2023-02-11 | not yet calculated | CVE-2022-34385 MISC |
| dell — supportassist | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain cryptographic weakness vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | 2023-02-11 | not yet calculated | CVE-2022-34386 MISC |
| dell — supportassist | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain a privilege escalation vulnerability. A local authenticated malicious user could potentially exploit this vulnerability to elevate privileges and gain total control of the system. | 2023-02-11 | not yet calculated | CVE-2022-34387 MISC |
| dell — supportassist | Dell SupportAssist for Home PCs (version 3.11.4 and prior) and SupportAssist for Business PCs (version 3.2.0 and prior) contain information disclosure vulnerability. A local malicious user with low privileges could exploit this vulnerability to view and modify sensitive information in the database of the affected application. | 2023-02-11 | not yet calculated | CVE-2022-34388 MISC |
| dell — supportassist | Dell SupportAssist contains a rate limit bypass issues in screenmeet API third party component. An unauthenticated attacker could potentially exploit this vulnerability and impersonate a legitimate dell customer to a dell support technician. | 2023-02-11 | not yet calculated | CVE-2022-34389 MISC |
| dell — supportassist | SupportAssist for Home PCs (versions 3.11.4 and prior) contain an insufficient session expiration Vulnerability. An authenticated non-admin user can be able to obtain the refresh token and that leads to reuse the access token and fetch sensitive information. | 2023-02-11 | not yet calculated | CVE-2022-34392 MISC |
| dell — system_update | Dell System Update, version 2.0.0 and earlier, contains an Improper Certificate Validation in data parser module. A local attacker with high privileges could potentially exploit this vulnerability, leading to credential theft and/or denial of service. | 2023-02-11 | not yet calculated | CVE-2022-34404 MISC |
| dell — powerscale_onefs | Dell PowerScale OneFS, versions 9.2.0.x through 9.4.0.x contain an information vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to cause data leak. | 2023-02-11 | not yet calculated | CVE-2022-34444 MISC |
| dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x through 9.3.x contain a weak encoding for a password. A malicious local privileged attacker may potentially exploit this vulnerability, leading to information disclosure. | 2023-02-11 | not yet calculated | CVE-2022-34445 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | 2023-02-11 | not yet calculated | CVE-2022-34446 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains OS Command Injection vulnerability. An authenticated remote attacker with administrative privileges could potentially exploit the issue and execute commands on the system as the root user. | 2023-02-11 | not yet calculated | CVE-2022-34447 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Cross-site Request Forgery vulnerability. An unauthenticated non-privileged user could potentially exploit the issue and perform any privileged state-changing actions. | 2023-02-11 | not yet calculated | CVE-2022-34448 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3 & 3.2* contains a Hardcoded Cryptographic Keys vulnerability. Authenticated admin users can exploit the issue that leads to view and modifying sensitive information stored in the application. | 2023-02-11 | not yet calculated | CVE-2022-34449 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. | 2023-02-11 | not yet calculated | CVE-2022-34450 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3 & 3.2*, 3.1 & 3.0* contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to the server. | 2023-02-11 | not yet calculated | CVE-2022-34451 MISC |
| dell — powerpath_management_appliance | PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | 2023-02-10 | not yet calculated | CVE-2022-34452 MISC |
| dell — powerscale_onefs | Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters. | 2023-02-10 | not yet calculated | CVE-2022-34454 MISC |
| wordpress — wordpress | The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the ‘cli_path’ parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload. | 2023-02-10 | not yet calculated | CVE-2022-3568 MISC MISC MISC MISC |
| ibm — multiple_products | IBM Sterling External Authentication Server 6.1.0 and IBM Sterling Secure Proxy 6.0.3 uses weaker than expected cryptographic algorithms during installation that could allow a local attacker to decrypt sensitive information. IBM X-Force ID: 231373. | 2023-02-08 | not yet calculated | CVE-2022-35720 MISC MISC |
| intel — oneapi_dpc++/c++_compiler | Uncontrolled search path in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-02-06 | not yet calculated | CVE-2022-38136 MISC |
| zyxel — multiple_products | A post-authentication command injection vulnerability in the CLI command of Zyxel ZyWALL/USG series firmware versions 4.20 through 4.72, VPN series firmware versions 4.30 through 5.32, USG FLEX series firmware versions 4.50 through 5.32, and ATP series firmware versions 4.32 through 5.32, which could allow an authenticated attacker with administrator privileges to execute OS commands. | 2023-02-07 | not yet calculated | CVE-2022-38547 CONFIRM |
| elastic — endpoint_security_for_windows | An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | 2023-02-08 | not yet calculated | CVE-2022-38777 MISC MISC |
| elastic — kibana | A flaw (CVE-2022-38900) was discovered in one of Kibana’s third party dependencies, that could allow an authenticated user to perform a request that crashes the Kibana server process. | 2023-02-08 | not yet calculated | CVE-2022-38778 MISC MISC |
| intel — oneapi_dpc++/c++_compiler | Improper access control in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.2.1 for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2023-02-06 | not yet calculated | CVE-2022-40196 MISC |
| moxa — sds-3008 | A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 2023-02-07 | not yet calculated | CVE-2022-40224 MISC MISC |
| nordic_semiconductor — nrf5340-dk_dt100112 | Nordic Semiconductor, Microchip Technology NRF5340-DK DT100112 was discovered to contain an issue which allows attackers to cause a Denial of Service (DoS) via a crafted ConReq packet. | 2023-02-08 | not yet calculated | CVE-2022-40480 MISC |
| moxa — sds-3008 | An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 2023-02-07 | not yet calculated | CVE-2022-40691 MISC MISC |
| moxa — sds-3008 | A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | 2023-02-07 | not yet calculated | CVE-2022-40693 MISC MISC |
| moxa — sds-3008 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”webLocationMessage_text” name=”webLocationMessage_text” | 2023-02-07 | not yet calculated | CVE-2022-41311 MISC MISC |
| moxa — sds-3008 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”Switch Description”, name “switch_description” | 2023-02-07 | not yet calculated | CVE-2022-41312 MISC MISC |
| moxa — sds-3008 | A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id=”switch_contact” | 2023-02-07 | not yet calculated | CVE-2022-41313 MISC MISC |
| intel — intelr_c++_compiler_classic | Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.7.1. for some Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | 2023-02-06 | not yet calculated | CVE-2022-41342 MISC |
| wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin <= 1.0.5 versions. | 2023-02-08 | not yet calculated | CVE-2022-41620 MISC |
| nvidia — geforce_experience | NVIDIA GeForce Experience contains a vulnerability in the installer, where a user installing the NVIDIA GeForce Experience software may inadvertently delete data from a linked location, which may lead to data tampering. An attacker does not have explicit control over the exploitation of this vulnerability, which requires the user to explicitly launch the installer from the compromised directory. | 2023-02-07 | not yet calculated | CVE-2022-42291 MISC |
| ibm — cloud_pak_for_multicloud_management_monitoring | IBM Cloud Pak for Multicloud Management Monitoring 2.0 and 2.3 allows users without admin roles access to admin functions by specifying direct URL paths. IBM X-Force ID: 238210. | 2023-02-08 | not yet calculated | CVE-2022-42438 MISC MISC |
| ibm — app_connect_enterprise | IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211. | 2023-02-06 | not yet calculated | CVE-2022-42439 MISC MISC |
| couchbase_server — couchbase_server | An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service. | 2023-02-06 | not yet calculated | CVE-2022-42950 MISC MISC MISC |
| couchbase_server — couchbase_server | An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials. | 2023-02-06 | not yet calculated | CVE-2022-42951 MISC MISC MISC |
| openssl — openssl | A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. For example, in a TLS connection, RSA is commonly used by a client to send an encrypted pre-master secret to the server. An attacker that had observed a genuine connection between a client and a server could use this flaw to send trial messages to the server and record the time taken to process them. After a sufficiently large number of messages the attacker could recover the pre-master secret used for the original connection and thus be able to decrypt the application data sent over that connection. | 2023-02-08 | not yet calculated | CVE-2022-4304 MISC |
| tribe29 — checkmk | Uncontrolled Search Path Element in Checkmk Agent in Tribe29 Checkmk before 2.1.0p1, before 2.0.0p25 and before 1.6.0p29 on a Checkmk server allows the site user to escalate privileges via a manipulated unixcat executable | 2023-02-09 | not yet calculated | CVE-2022-43440 MISC |
| zuken_elmic — multiple_products | KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones. | 2023-02-10 | not yet calculated | CVE-2022-43501 CONFIRM JVN |
| jitsi — jitsi | A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. | 2023-02-09 | not yet calculated | CVE-2022-43550 MISC |
| curl — curl | A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path. | 2023-02-09 | not yet calculated | CVE-2022-43552 MISC |
| suse — rancher | A Insufficient Entropy vulnerability in SUSE Rancher allows attackers that gained knowledge of the cattle-token to continue abusing this even after the token was renewed. This issue affects: SUSE Rancher Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 2023-02-07 | not yet calculated | CVE-2022-43755 CONFIRM |
| suse — rancher | A Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’) vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | 2023-02-07 | not yet calculated | CVE-2022-43756 CONFIRM |
| suse — rancher | A Cleartext Storage of Sensitive Information vulnerability in SUSE Rancher allows users on managed clusters to gain access to credentials. The impact depends on the credentials exposed This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 2023-02-07 | not yet calculated | CVE-2022-43757 CONFIRM |
| suse — rancher | A Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in SUSE Rancher allows code execution for user with the ability to add an untrusted Helm catalog or modifying the URL configuration used to download KDM (only admin users by default) This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10; Rancher versions prior to 2.7.1. | 2023-02-07 | not yet calculated | CVE-2022-43758 CONFIRM |
| suse — rancher | A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. | 2023-02-07 | not yet calculated | CVE-2022-43759 CONFIRM |
| b&r_industrial_automation — b&r_aprol | Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | 2023-02-08 | not yet calculated | CVE-2022-43761 MISC |
| b&r_industrial_automation — b&r_aprol | Lack of verification in B&R APROL Tbase server versions < R 4.2-07 may lead to memory leaks when receiving messages | 2023-02-08 | not yet calculated | CVE-2022-43762 MISC |
| b&r_industrial_automation — b&r_aprol | Insufficient check of preconditions could lead to Denial of Service conditions when calling commands on the Tbase server of B&R APROL versions < R 4.2-07. | 2023-02-08 | not yet calculated | CVE-2022-43763 MISC |
| b&r_industrial_automation — b&r_aprol | Insufficient validation of input parameters when changing configuration on Tbase server in B&R APROL versions < R 4.2-07 could result in buffer overflow. This may lead to Denial-of-Service conditions or execution of arbitrary code. | 2023-02-08 | not yet calculated | CVE-2022-43764 MISC |
| b&r_industrial_automation — b&r_aprol | B&R APROL versions < R 4.2-07 doesn’t process correctly specially formatted data packages sent to port 55502/tcp, which may allow a network based attacker to cause an application Denial-of-Service. | 2023-02-08 | not yet calculated | CVE-2022-43765 MISC |
| monarch_printer_m9855 — monarch_printer_m9855 | Avery Dennison Monarch Printer M9855 is vulnerable to Cross Site Scripting (XSS). | 2023-02-10 | not yet calculated | CVE-2022-44261 MISC MISC |
| imagemagick — imagemagick | ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input. | 2023-02-06 | not yet calculated | CVE-2022-44267 MISC MISC |
| imagemagick — imagemagick | ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it). | 2023-02-06 | not yet calculated | CVE-2022-44268 MISC MISC |
| crmeb — crmeb | CRMEB 4.4.4 is vulnerable to Any File download. | 2023-02-06 | not yet calculated | CVE-2022-44343 MISC MISC |
| openssl — openssl | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the “name” (e.g. “CERTIFICATE”), any header data and the payload data. If the function succeeds then the “name_out”, “header” and “data” arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. This could be exploited by an attacker who has the ability to supply malicious PEM files for parsing to achieve a denial of service attack. The functions PEM_read_bio() and PEM_read() are simple wrappers around PEM_read_bio_ex() and therefore these functions are also directly affected. These functions are also called indirectly by a number of other OpenSSL functions including PEM_X509_INFO_read_bio_ex() and SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal uses of these functions are not vulnerable because the caller does not free the header argument if PEM_read_bio_ex() returns a failure code. These locations include the PEM_read_bio_TYPE() functions as well as the decoders introduced in OpenSSL 3.0. The OpenSSL asn1parse command line application is also impacted by this issue. | 2023-02-08 | not yet calculated | CVE-2022-4450 MISC |
| activerecord’s_postgresql — activerecord’s_postgresql | A denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | 2023-02-09 | not yet calculated | CVE-2022-44566 MISC MISC |
| rack — rack | A denial of service vulnerability in the Range header parsing component of Rack >= 1.5.0. A Carefully crafted input can cause the Range header parsing component in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that deal with Range requests (such as streaming applications, or applications that serve files) may be impacted. | 2023-02-09 | not yet calculated | CVE-2022-44570 MISC |
| rack — rack | There is a denial of service vulnerability in the Content-Disposition parsingcomponent of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1, 3.0.0.1. This could allow an attacker to craft an input that can cause Content-Disposition header parsing in Rackto take an unexpected amount of time, possibly resulting in a denial ofservice attack vector. This header is used typically used in multipartparsing. Any applications that parse multipart posts using Rack (virtuallyall Rails applications) are impacted. | 2023-02-09 | not yet calculated | CVE-2022-44571 MISC |
| rack — rack | A denial of service vulnerability in the multipart parsing component of Rack fixed in 2.0.9.2, 2.1.4.2, 2.2.4.1 and 3.0.0.1 could allow an attacker tocraft input that can cause RFC2183 multipart boundary parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. | 2023-02-09 | not yet calculated | CVE-2022-44572 MISC |
| libxpm — libxpm | A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library. | 2023-02-06 | not yet calculated | CVE-2022-44617 MISC |
| wordpress — wordpress | The HUSKY WordPress plugin before 1.3.2 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 2023-02-06 | not yet calculated | CVE-2022-4489 MISC |
| dell — unisphere_for_powermax_vapp/solution_enabler_vapp | Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system. | 2023-02-11 | not yet calculated | CVE-2022-45104 MISC |
| microchip_rn4870 — microchip_rn4870 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can bypass passkey entry in the legacy pairing of the device. | 2023-02-08 | not yet calculated | CVE-2022-45190 MISC |
| microchip_rn4870 — microchip_rn4870 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values. | 2023-02-08 | not yet calculated | CVE-2022-45191 MISC |
| microchip_rn4870 — microchip_rn4870 | An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a cleartext encryption pause request. | 2023-02-08 | not yet calculated | CVE-2022-45192 MISC |
| zyxel — nbg-418n | A cross-site scripting (XSS) vulnerability in Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.13)C0, which could allow an attacker to store malicious scripts in the Logs page of the GUI on a vulnerable device. A successful XSS attack could force an authenticated user to execute the stored malicious scripts and then result in a denial-of-service (DoS) condition when the user visits the Logs page of the GUI on the device. | 2023-02-07 | not yet calculated | CVE-2022-45441 CONFIRM |
| future-depth_institutional_management_website — future-depth_institutional_management_website | SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | 2023-02-08 | not yet calculated | CVE-2022-45526 MISC |
| future-depth_institutional_management_website — future-depth_institutional_management_website | File upload vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows unauthorized attackers to directly upload malicious files to the courseimg directory. | 2023-02-08 | not yet calculated | CVE-2022-45527 MISC |
| schlix_web — schlix_cms | Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. | 2023-02-07 | not yet calculated | CVE-2022-45544 MISC MISC MISC MISC |
| talend — remote_engine_gen_2 | XML External Entity (XXE) vulnerability in Talend Remote Engine Gen 2 before R2022-09. | 2023-02-03 | not yet calculated | CVE-2022-45588 MISC MISC |
| talend — esb_runtime | SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service. | 2023-02-06 | not yet calculated | CVE-2022-45589 MISC MISC |
| apsystems — ecu-r |
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. | 2023-02-10 | not yet calculated | CVE-2022-45699 MISC MISC |
| ezeip — ezeip |
ezEIP v5.3.0(0649) was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-02-06 | not yet calculated | CVE-2022-45722 MISC MISC |
| eyoucms — eyoucms |
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary code via the home page description on the basic information page. | 2023-02-08 | not yet calculated | CVE-2022-45755 MISC |
| key_systems_management — global_facilities_management_software | Hardcoded credentials in Global Facilities Management Software (GFMS) Version 3 software distributed by Key Systems Management permits remote attackers to impact availability, confidentiality, accessibility and dependability of electronic key boxes. | 2023-02-10 | not yet calculated | CVE-2022-45766 MISC |
| edimax — n300_firmware_br428n | Command Injection vulnerability in Edimax Technology Co., Ltd. Wireless Router N300 Firmware BR428nS v3 allows attacker to execute arbitrary code via the formWlanMP function. | 2023-02-07 | not yet calculated | CVE-2022-45768 MISC MISC |
| apache — age | There are issues with the AGE drivers for Golang and Python that enable SQL injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12, all versions up-to-and-including 1.1.0, when using those drivers. The fix is to update to the latest Golang and Python drivers in addition to the latest version of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will add a new function to enable parameterization of the cypher() function, which, in conjunction with the driver updates, will resolve this issue. Background (for those who want more information): After thoroughly researching this issue, we found that due to the nature of the cypher() function, it was not easy to parameterize the values passed into it. This enabled SQL injections, if the developer of the driver wasn’t careful. The developer of the Golang and Pyton drivers didn’t fully utilize parameterization, likely because of this, thus enabling SQL injections. The obvious fix to this issue is to use parameterization in the drivers for all PG SQL queries. However, parameterizing all PG queries is complicated by the fact that the cypher() function call itself cannot be parameterized directly, as it isn’t a real function. At least, not the parameters that would take the graph name and cypher query. The reason the cypher() function cannot have those values parameterized is because the function is a placeholder and never actually runs. The cypher() function node, created by PG in the query tree, is transformed and replaced with a query tree for the actual cypher query during the analyze phase. The problem is that parameters – that would be passed in and that the cypher() function transform needs to be resolved – are only resolved in the execution phase, which is much later. Since the transform of the cypher() function needs to know the graph name and cypher query prior to execution, they can’t be passed as parameters. The fix that we are testing right now, and are proposing to use, is to create a function that will be called prior to the execution of the cypher() function transform. This new function will allow values to be passed as parameters for the graph name and cypher query. As this command will be executed prior to the cypher() function transform, its values will be resolved. These values can then be cached for the immediately following cypher() function transform to use. As added features, the cached values will store the calling session’s pid, for validation. And, the cypher() function transform will clear this cached information after function invocation, regardless of whether it was used. This method will allow the parameterizing of the cypher() function indirectly and provide a way to lock out SQL injection attacks. | 2023-02-04 | not yet calculated | CVE-2022-45786 MISC |
| zyxel — nwa110ax | An improper check for unusual conditions in Zyxel NWA110AX firmware verisons prior to 6.50(ABTG.0)C0, which could allow a LAN attacker to cause a temporary denial-of-service (DoS) by sending crafted VLAN frames if the MAC address of the vulnerable AP were intercepted by the attacker. | 2023-02-07 | not yet calculated | CVE-2022-45854 CONFIRM |
| thinkphp — thinkphp | thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | 2023-02-08 | not yet calculated | CVE-2022-45982 MISC |
| wordpress — wordpress | The PPWP WordPress plugin before 1.8.6 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4626 MISC |
| libxpm — libxpm | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | 2023-02-07 | not yet calculated | CVE-2022-46285 MISC |
| bticino — door_entry_hometouch | BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate. | 2023-02-06 | not yet calculated | CVE-2022-46496 MISC |
| wordpress — wordpress | The Restaurant Menu WordPress plugin before 2.3.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2022-4657 MISC |
| wordpress — wordpress | The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2022-4664 MISC |
| sierra_wireless — airlink_router | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to manipulate the IP logging operation to execute arbitrary shell commands on the device. | 2023-02-10 | not yet calculated | CVE-2022-46649 MISC MISC MISC |
| sierra_wireless — airlink_router | Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | 2023-02-10 | not yet calculated | CVE-2022-46650 MISC MISC MISC |
| gnu — less | In GNU Less before 609, crafted data can result in “less -R” not filtering ANSI escape sequences sent to the terminal. | 2023-02-07 | not yet calculated | CVE-2022-46663 MISC MISC MISC MLIST |
| dell — wyse_management_suite | Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | 2023-02-11 | not yet calculated | CVE-2022-46675 MISC |
| dell — wyse_management_suite | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | 2023-02-11 | not yet calculated | CVE-2022-46676 MISC |
| dell — wyse_management_suite | Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | 2023-02-11 | not yet calculated | CVE-2022-46677 MISC |
| dell — wyse_management_suite | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | 2023-02-11 | not yet calculated | CVE-2022-46678 MISC |
| wordpress — wordpress | The PDF.js Viewer WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2022-4670 MISC |
| wordpress — wordpress | The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack | 2023-02-06 | not yet calculated | CVE-2022-4674 MISC |
| dell — wyse_management_suite | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | 2023-02-11 | not yet calculated | CVE-2022-46754 MISC |
| dell — wyse_management_suite | Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | 2023-02-11 | not yet calculated | CVE-2022-46755 MISC |
| wordpress — wordpress | The Leaflet Maps Marker WordPress plugin before 3.12.7 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack. | 2023-02-06 | not yet calculated | CVE-2022-4677 MISC |
| wordpress — wordpress | The Hide My WP WordPress plugin before 6.2.9 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | 2023-02-06 | not yet calculated | CVE-2022-4681 MISC |
| nvs365 — nvs365 | NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | 2023-02-03 | not yet calculated | CVE-2022-47070 MISC MISC |
| nvs365 — nvs365 | In NVS365 V01, the background network test function can trigger command execution. | 2023-02-06 | not yet calculated | CVE-2022-47071 MISC MISC |
| wordpress — wordpress | The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4717 MISC |
| onlyoffice — workspace | Given a malicious document provided by an attacker, the ONLYOFFICE Workspace DMS is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition. | 2023-02-07 | not yet calculated | CVE-2022-47412 MISC |
| openkm — openkm | Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored (persistent, or “Type II”) XSS condition. | 2023-02-07 | not yet calculated | CVE-2022-47413 MISC |
| openkm — openkm | If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS vulnerability is reachable in the document “note” functionality. | 2023-02-07 | not yet calculated | CVE-2022-47414 MISC |
| logicaldoc — logicaldoc | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app messaging system (both subject and message bodies). | 2023-02-07 | not yet calculated | CVE-2022-47415 MISC |
| logicaldoc — logicaldoc | LogicalDOC Enterprise is vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the in-app chat system. | 2023-02-07 | not yet calculated | CVE-2022-47416 MISC |
| logicaldoc — logicaldoc | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document file name. | 2023-02-07 | not yet calculated | CVE-2022-47417 MISC |
| logicaldoc — logicaldoc | LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or “Type II”) cross-site scripting (XSS) condition in the document version comments. | 2023-02-07 | not yet calculated | CVE-2022-47418 MISC |
| mayan — mayan_edms | An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | 2023-02-07 | not yet calculated | CVE-2022-47419 MISC |
| wordpress — wordpress | The Post Category Image With Grid and Slider WordPress plugin before 1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4747 MISC |
| wordpress — wordpress | The My YouTube Channel WordPress plugin before 3.23.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4756 MISC |
| wordpress — wordpress | The Materialis Companion WordPress plugin before 1.3.40 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4762 MISC |
| bosch_security_systems — b420_firmware | Bosch Security Systems B420 firmware 02.02.0001 employs IP based authorization in its authentication mechanism, allowing attackers to access the device as long as they are on the same network as a legitimate user. | 2023-02-08 | not yet calculated | CVE-2022-47648 MISC MISC |
| another_eden — another_eden | The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. | 2023-02-06 | not yet calculated | CVE-2022-48019 MISC MISC MISC MISC MISC |
| pycdc — pycdc | pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component ASTree.cpp:BuildFromCode. | 2023-02-06 | not yet calculated | CVE-2022-48078 MISC |
| softr — softr | Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. | 2023-02-06 | not yet calculated | CVE-2022-48085 MISC MISC MISC MISC MISC |
| wavlink — wl-wn533a8 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 2023-02-06 | not yet calculated | CVE-2022-48164 MISC MISC |
| wavlink — wl-wn530hg4 | An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 2023-02-03 | not yet calculated | CVE-2022-48165 MISC MISC |
| wavlink — wl-wn530hg4 | An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | 2023-02-06 | not yet calculated | CVE-2022-48166 MISC MISC |
| wordpress — wordpress | The WP Blog and Widgets WordPress plugin before 2.3.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4824 MISC |
| wordpress — wordpress | The WP-ShowHide WordPress plugin before 1.05 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4825 MISC |
| wordpress — wordpress | The Simple Tooltips WordPress plugin before 2.1.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2022-4826 MISC |
| huawei — harmonyos | The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48286 MISC MISC |
| huawei — harmonyos/emui | The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. | 2023-02-09 | not yet calculated | CVE-2022-48287 MISC MISC |
| huawei — harmonyos/emui | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48288 MISC MISC |
| huawei — harmonyos/emui | The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48289 MISC MISC |
| huawei — harmonyos | The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | 2023-02-09 | not yet calculated | CVE-2022-48290 MISC MISC |
| huawei — multiple_products | The Bluetooth module has an out-of-memory (OOM) vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48292 MISC MISC |
| huawei — harmonyos/emui | The Bluetooth module has an OOM vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48293 MISC MISC |
| huawei — harmonyos/emui | The IHwAttestationService interface has a defect in authentication. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48294 MISC MISC |
| huawei — harmonyos/emui | The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | 2023-02-09 | not yet calculated | CVE-2022-48295 MISC MISC |
| huawei — harmonyos/emui | The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | 2023-02-09 | not yet calculated | CVE-2022-48296 MISC MISC |
| huawei — harmonyos/emui | The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | 2023-02-09 | not yet calculated | CVE-2022-48297 MISC MISC |
| huawei — harmonyos/emui | The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | 2023-02-09 | not yet calculated | CVE-2022-48298 MISC MISC |
| huawei — harmonyos/emui | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48299 MISC MISC |
| huawei — harmonyos/emui | The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48300 MISC MISC |
| huawei — harmonyos/emui | The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | 2023-02-09 | not yet calculated | CVE-2022-48301 MISC MISC |
| huawei — harmonyos/emui | The AMS module has a vulnerability of lacking permission verification in APIs.Successful exploitation of this vulnerability may affect data confidentiality. | 2023-02-09 | not yet calculated | CVE-2022-48302 MISC MISC |
| wordpress — wordpress | The YourChannel: Everything you want in a YouTube plugin WordPress plugin before 1.2.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4833 MISC |
| wordpress — wordpress | The Breadcrumb WordPress plugin before 1.5.33 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4836 MISC |
| wordpress — wordpress | The Clean Login WordPress plugin before 1.13.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2022-4838 MISC |
| libxpm — libxpm | A flaw was found in libXpm. When processing files with .Z or .gz extensions, the library calls external programs to compress and uncompress files, relying on the PATH environment variable to find these programs, which could allow a malicious user to execute other programs by manipulating the PATH environment variable. | 2023-02-07 | not yet calculated | CVE-2022-4883 MISC |
| exo_chat_app — exo_chat_app | A vulnerability classified as problematic has been found in eXo Chat Application. Affected is an unknown function of the file application/src/main/webapp/vue-app/components/ExoChatMessageComposer.vue of the component Mention Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.3.0-20220417 is able to address this issue. The name of the patch is 26bf307d3658d1403cfd5c3ad423ce4c4d1cb2dc. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-220212. | 2023-02-06 | not yet calculated | CVE-2022-4902 MISC MISC MISC MISC MISC MISC |
| codenameone — codenameone | A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. Upgrading to version 7.0.71 is able to address this issue. The name of the patch is dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. | 2023-02-10 | not yet calculated | CVE-2022-4903 MISC MISC MISC MISC MISC |
| palo_alto_networks — cortex_xdr | An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext, which bad actors can then use to execute privileged cytool commands that disable or uninstall the agent. | 2023-02-08 | not yet calculated | CVE-2023-0001 MISC |
| palo_alto_networks — cortex_xdr | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | 2023-02-08 | not yet calculated | CVE-2023-0002 MISC |
| palo_alto_networks — cortex_xsoar | A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. | 2023-02-08 | not yet calculated | CVE-2023-0003 MISC |
| wordpress — wordpress | The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0062 MISC |
| wordpress — wordpress | The ResponsiveVoice Text To Speech WordPress plugin through 1.7.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0070 MISC |
| wordpress — wordpress | The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0072 MISC |
| wordpress — wordpress | The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0081 MISC |
| wordpress — wordpress | The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0082 MISC |
| wordpress — wordpress | The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0095 MISC |
| wordpress — wordpress | The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0096 MISC |
| d-link — dwl-2600ap | A command injection vulnerability in the firmware_update command, in the device’s restricted telnet interface, allows an authenticated attacker to execute arbitrary commands as root. | 2023-02-11 | not yet calculated | CVE-2023-0127 MISC |
| wordpress — wordpress | The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-02-06 | not yet calculated | CVE-2023-0143 MISC |
| wordpress — wordpress | The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0144 MISC |
| wordpress — wordpress | The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0146 MISC |
| wordpress — wordpress | The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2023-0147 MISC |
| wordpress — wordpress | The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0148 MISC |
| wordpress — wordpress | The WordPrezi WordPress plugin through 0.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2023-0149 MISC |
| wordpress — wordpress | The Cloak Front End Email WordPress plugin through 1.9.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2023-0150 MISC |
| wordpress — wordpress | The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0153 MISC |
| wordpress — wordpress | The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0154 MISC |
| wordpress — wordpress | The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0170 MISC |
| wordpress — wordpress | The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0171 MISC |
| wordpress — wordpress | The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0173 MISC |
| wordpress — wordpress | The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0174 MISC |
| wordpress — wordpress | The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0176 MISC |
| wordpress — wordpress | The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0178 MISC |
| openssl — openssl | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions, for example if a CMS recipient public key is invalid, the new filter BIO is freed and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO then a use-after-free will occur. This will most likely result in a crash. This scenario occurs directly in the internal function B64_write_ASN1() which may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on the BIO. This internal function is in turn called by the public API functions PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream, SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7. Other public API functions that may be impacted by this include i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and i2d_PKCS7_bio_stream. The OpenSSL cms and smime command line applications are similarly affected. | 2023-02-08 | not yet calculated | CVE-2023-0215 MISC |
| openssl — openssl | An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. The result of the dereference is an application crash which could lead to a denial of service attack. The TLS implementation in OpenSSL does not call this function however third party applications might call these functions on untrusted data. | 2023-02-08 | not yet calculated | CVE-2023-0216 MISC |
| openssl — openssl | An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. This will most likely lead to an application crash. This function can be called on public keys supplied from untrusted sources which could allow an attacker to cause a denial of service attack. The TLS implementation in OpenSSL does not call this function but applications might call the function if there are additional security requirements imposed by standards such as FIPS 140-3. | 2023-02-08 | not yet calculated | CVE-2023-0217 MISC |
| wordpress — wordpress | The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. | 2023-02-06 | not yet calculated | CVE-2023-0234 MISC MISC MISC |
| wordpress — wordpress | The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2023-02-06 | not yet calculated | CVE-2023-0236 MISC |
| delta_electronics — diascreen | Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | 2023-02-08 | not yet calculated | CVE-2023-0249 MISC |
| delta_electronics — diascreen | Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. | 2023-02-08 | not yet calculated | CVE-2023-0250 MISC |
| delta_electronics — diascreen |
Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely execute arbitrary code. | 2023-02-08 | not yet calculated | CVE-2023-0251 MISC |
| wordpress — wordpress | The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 2023-02-06 | not yet calculated | CVE-2023-0252 MISC |
| wordpress — wordpress | The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. | 2023-02-06 | not yet calculated | CVE-2023-0282 MISC |
| openssl — openssl | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network. | 2023-02-08 | not yet calculated | CVE-2023-0286 MISC |
| openssl — openssl | A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail. There is a missing check for the return value from the initialization function which later leads to invalid usage of the digest API most likely leading to a crash. The unavailability of an algorithm can be caused by using FIPS enabled configuration of providers or more commonly by not loading the legacy provider. PKCS7 data is processed by the SMIME library calls and also by the time stamp (TS) library calls. The TLS implementation in OpenSSL does not call these functions however third party applications would be affected if they call these functions to verify signatures on untrusted data. | 2023-02-08 | not yet calculated | CVE-2023-0401 MISC |
| yugabyte — yugabyte_managed | Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in YugaByte, Inc. Yugabyte Managed allows Accessing Functionality Not Properly Constrained by ACLs, Communication Channel Manipulation, Authentication Abuse.This issue affects Yugabyte Managed: from 2.0 through 2.13. | 2023-02-09 | not yet calculated | CVE-2023-0574 MISC |
| yugabyte — yugabyte_db | External Control of Critical State Data, Improper Control of Generation of Code (‘Code Injection’) vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2. | 2023-02-09 | not yet calculated | CVE-2023-0575 MISC |
| linux — kernel | A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled. | 2023-02-06 | not yet calculated | CVE-2023-0615 MISC |
| orangescrum — orangescrum | OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. This is possible because the application returns malicious user input in the response with the content-type set to text/html. | 2023-02-09 | not yet calculated | CVE-2023-0624 MISC MISC |
| forta — goanywhere_mft | Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled object. This issue was patched in version 7.1.2. | 2023-02-06 | not yet calculated | CVE-2023-0669 MISC MISC MISC MISC MISC MISC MISC |
| xxl-job — xxl-job | A vulnerability, which was classified as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some unknown functionality of the file /user/updatePwd of the component New Password Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220196. | 2023-02-04 | not yet calculated | CVE-2023-0674 MISC MISC MISC |
| phpipam — phpipam | Improper Authorization in GitHub repository phpipam/phpipam prior to v1.5.1. | 2023-02-04 | not yet calculated | CVE-2023-0678 MISC CONFIRM |
| sourcecodester — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220220. | 2023-02-06 | not yet calculated | CVE-2023-0679 MISC MISC MISC |
| sourcecodester — online_eyewear_shop | A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. This affects the function update_cart of the file /oews/classes/Master.php?f=update_cart of the component HTTP POST Request Handler. The manipulation of the argument cart_id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-220245 was assigned to this vulnerability. | 2023-02-06 | not yet calculated | CVE-2023-0686 MISC MISC |
| gnu — c_library | A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. | 2023-02-06 | not yet calculated | CVE-2023-0687 MISC MISC MISC MISC |
| hashicorp — boundary | HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. This would result in the credentials being stored in plaintext on the Boundary PKI worker’s disk. This issue is fixed in version 0.12.0. | 2023-02-08 | not yet calculated | CVE-2023-0690 MISC |
| google — chrome | Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-02-07 | not yet calculated | CVE-2023-0696 MISC MISC |
| google — chrome | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | 2023-02-07 | not yet calculated | CVE-2023-0697 MISC MISC |
| google — chrome | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 2023-02-07 | not yet calculated | CVE-2023-0698 MISC MISC |
| google — chrome | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | 2023-02-07 | not yet calculated | CVE-2023-0699 MISC MISC |
| google — chrome | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-02-07 | not yet calculated | CVE-2023-0700 MISC MISC |
| google — chrome | Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | 2023-02-07 | not yet calculated | CVE-2023-0701 MISC MISC |
| google — chrome | Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-02-07 | not yet calculated | CVE-2023-0702 MISC MISC |
| google — chrome | Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | 2023-02-07 | not yet calculated | CVE-2023-0703 MISC MISC |
| google — chrome | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | 2023-02-07 | not yet calculated | CVE-2023-0704 MISC MISC |
| google — chrome | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 2023-02-07 | not yet calculated | CVE-2023-0705 MISC MISC |
| sourcecodester — medical_certificate_generator | A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Affected by this issue is some unknown functionality of the file manage_record.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-220340. | 2023-02-07 | not yet calculated | CVE-2023-0706 MISC MISC |
| sourcecodester — medical_certificate_generator | A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability. | 2023-02-07 | not yet calculated | CVE-2023-0707 MISC MISC |
| wordpress — wordpress | The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with editor level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-02-07 | not yet calculated | CVE-2023-0731 MISC MISC |
| sourcecodester — online_eyewear_shop | A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | 2023-02-07 | not yet calculated | CVE-2023-0732 MISC MISC |
| wallabag — wallabag | Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. | 2023-02-07 | not yet calculated | CVE-2023-0735 MISC CONFIRM |
| wallabag — wallabag | Cross-site Scripting (XSS) – Stored in GitHub repository wallabag/wallabag prior to 2.5.4. | 2023-02-07 | not yet calculated | CVE-2023-0736 CONFIRM MISC |
| answerdev — answerdev | Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0739 CONFIRM MISC |
| answerdev — answerdev | Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0740 CONFIRM MISC |
| answerdev — answerdev | Cross-site Scripting (XSS) – DOM in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0741 CONFIRM MISC |
| answerdev — answerdev | Cross-site Scripting (XSS) – Stored in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0742 CONFIRM MISC |
| answerdev — answerdev | Cross-site Scripting (XSS) – Generic in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0743 MISC CONFIRM |
| answerdev — answerdev | Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | 2023-02-08 | not yet calculated | CVE-2023-0744 CONFIRM MISC |
| yugabyte — yugabyte_managed | Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13. | 2023-02-09 | not yet calculated | CVE-2023-0745 MISC |
| btcpayserver — btcpayserver | Cross-site Scripting (XSS) – Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 2023-02-08 | not yet calculated | CVE-2023-0747 MISC CONFIRM |
| btcpayserver — btcpayserver | Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 2023-02-08 | not yet calculated | CVE-2023-0748 MISC CONFIRM |
| freebsd — freebsd | When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | 2023-02-08 | not yet calculated | CVE-2023-0751 MISC |
| glorylion — jfinaloa | A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-0758 MISC MISC MISC |
| cockpit-hq — cockpit-hq | Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8. | 2023-02-09 | not yet calculated | CVE-2023-0759 MISC CONFIRM |
| gpac — gpac | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. | 2023-02-09 | not yet calculated | CVE-2023-0760 CONFIRM MISC |
| gpac — gpac | Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | 2023-02-09 | not yet calculated | CVE-2023-0770 MISC CONFIRM |
| ampache — ampache | SQL Injection in GitHub repository ampache/ampache prior to 5.5.7,develop. | 2023-02-10 | not yet calculated | CVE-2023-0771 CONFIRM MISC |
| sourcecodester — medical_certificate_generator_app | A vulnerability has been found in SourceCodester Medical Certificate Generator App 1.0 and classified as critical. This vulnerability affects unknown code of the file action.php. The manipulation of the argument lastname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-220558 is the identifier assigned to this vulnerability. | 2023-02-10 | not yet calculated | CVE-2023-0774 MISC MISC MISC |
| baicells — multiple_products | Baicells Nova 436Q, Nova 430E, Nova 430I, and Neutrino 430 LTE TDD eNodeB devices with firmware through QRTB 2.12.7 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce. | 2023-02-11 | not yet calculated | CVE-2023-0776 MISC |
| modoboa — modoboa | Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4. | 2023-02-10 | not yet calculated | CVE-2023-0777 MISC CONFIRM |
| cockpit-hq — cockpit-hq | Improper Restriction of Rendered UI Layers or Frames in GitHub repository cockpit-hq/cockpit prior to 2.3.9-dev. | 2023-02-11 | not yet calculated | CVE-2023-0780 CONFIRM MISC |
| sourcecodester — canteen_management_system | A vulnerability was found in SourceCodester Canteen Management System 1.0. It has been declared as critical. This vulnerability affects the function query of the file removeOrder.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220624. | 2023-02-11 | not yet calculated | CVE-2023-0781 MISC MISC MISC |
| tenda — ac23 | A vulnerability was found in Tenda AC23 16.03.07.45 and classified as critical. Affected by this issue is the function formSetSysToolDDNS/formGetSysToolDDNS of the file /bin/httpd. The manipulation leads to out-of-bounds write. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-220640. | 2023-02-11 | not yet calculated | CVE-2023-0782 MISC MISC MISC |
| ecshop — ecshop | A vulnerability was found in EcShop 4.1.5. It has been classified as critical. This affects an unknown part of the file /ecshop/admin/template.php of the component PHP File Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220641 was assigned to this vulnerability. | 2023-02-11 | not yet calculated | CVE-2023-0783 MISC MISC MISC |
| mediatek — multiple_products | In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107. | 2023-02-06 | not yet calculated | CVE-2023-20602 MISC |
| mediatek — multiple_products | In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494067; Issue ID: ALPS07494067. | 2023-02-06 | not yet calculated | CVE-2023-20604 MISC |
| mediatek — multiple_products | In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104. | 2023-02-06 | not yet calculated | CVE-2023-20605 MISC |
| mediatek — multiple_products | In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104. | 2023-02-06 | not yet calculated | CVE-2023-20606 MISC |
| mediatek — ccu | In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. | 2023-02-06 | not yet calculated | CVE-2023-20607 MISC |
| mediatek — display_drm | In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599. | 2023-02-06 | not yet calculated | CVE-2023-20608 MISC |
| mediatek — ccu | In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864. | 2023-02-06 | not yet calculated | CVE-2023-20609 MISC |
| mediatek — display_drm | In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. | 2023-02-06 | not yet calculated | CVE-2023-20610 MISC |
| mediatek — gpu | In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. | 2023-02-06 | not yet calculated | CVE-2023-20611 MISC |
| mediatek — ril | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571. | 2023-02-06 | not yet calculated | CVE-2023-20612 MISC |
| mediatek — ril | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614. | 2023-02-06 | not yet calculated | CVE-2023-20613 MISC |
| mediatek — ril | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628615; Issue ID: ALPS07628615. | 2023-02-06 | not yet calculated | CVE-2023-20614 MISC |
| mediatek — ril | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629572; Issue ID: ALPS07629572. | 2023-02-06 | not yet calculated | CVE-2023-20615 MISC |
| mediatek — ion | In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720. | 2023-02-06 | not yet calculated | CVE-2023-20616 MISC |
| mediatek — vcu | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519184; Issue ID: ALPS07519184. | 2023-02-06 | not yet calculated | CVE-2023-20618 MISC |
| mediatek — vcu | In vcu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519159; Issue ID: ALPS07519159. | 2023-02-06 | not yet calculated | CVE-2023-20619 MISC |
| samsung — secure_folder | An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. | 2023-02-09 | not yet calculated | CVE-2023-21419 MISC |
| samsung — stst_ta | Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. | 2023-02-09 | not yet calculated | CVE-2023-21420 MISC |
| samsung — knoxcustommanagerservice | Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | 2023-02-09 | not yet calculated | CVE-2023-21421 MISC |
| samsung — wifiservice | Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | 2023-02-09 | not yet calculated | CVE-2023-21422 MISC |
| samsung — chnfilesharekit | Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | 2023-02-09 | not yet calculated | CVE-2023-21423 MISC |
| samsung — semchameleonhelper | Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | 2023-02-09 | not yet calculated | CVE-2023-21424 MISC |
| samsung — telecom_application | Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | 2023-02-09 | not yet calculated | CVE-2023-21425 MISC |
| samsung — nfc | Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. | 2023-02-09 | not yet calculated | CVE-2023-21426 MISC |
| samsung — nfctile | Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. | 2023-02-09 | not yet calculated | CVE-2023-21427 MISC |
| samsung — telephonyui | Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. | 2023-02-09 | not yet calculated | CVE-2023-21428 MISC |
| samsung — epdg | Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | 2023-02-09 | not yet calculated | CVE-2023-21429 MISC |
| samsung — maptobuffer | An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault. | 2023-02-09 | not yet calculated | CVE-2023-21430 MISC |
| samsung — bixby | Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | 2023-02-09 | not yet calculated | CVE-2023-21431 MISC |
| samsung — smart_things | Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | 2023-02-09 | not yet calculated | CVE-2023-21432 MISC |
| samsung — galaxy_store | Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | 2023-02-09 | not yet calculated | CVE-2023-21433 MISC |
| samsung — galaxy_store | Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | 2023-02-09 | not yet calculated | CVE-2023-21434 MISC |
| samsung — fingerprint_ta | Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | 2023-02-09 | not yet calculated | CVE-2023-21435 MISC |
| samsung — contacts | Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID. | 2023-02-09 | not yet calculated | CVE-2023-21436 MISC |
| samsung — phone_application | Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | 2023-02-09 | not yet calculated | CVE-2023-21437 MISC |
| samsung — homescreen | Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | 2023-02-09 | not yet calculated | CVE-2023-21438 MISC |
| samsung — uwbdatatxstatusevent | Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. | 2023-02-09 | not yet calculated | CVE-2023-21439 MISC |
| samsung — windowmanagerservice | Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | 2023-02-09 | not yet calculated | CVE-2023-21440 MISC |
| samsung — multiple_products | Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code. | 2023-02-09 | not yet calculated | CVE-2023-21441 MISC |
| samsung — multiple_products | Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. | 2023-02-09 | not yet calculated | CVE-2023-21442 MISC |
| samsung — samsung_flow | Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | 2023-02-09 | not yet calculated | CVE-2023-21443 MISC |
| samsung — samsung_flow | Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | 2023-02-09 | not yet calculated | CVE-2023-21444 MISC |
| samsung — multiple_products | Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent. | 2023-02-09 | not yet calculated | CVE-2023-21445 MISC |
| samsung — multiple_products | Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | 2023-02-09 | not yet calculated | CVE-2023-21446 MISC |
| samsung — samsung_cloud | Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | 2023-02-09 | not yet calculated | CVE-2023-21447 MISC |
| samsung — samsung_cloud | Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. | 2023-02-09 | not yet calculated | CVE-2023-21448 MISC |
| samsung — one_hand_operation_+ | Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | 2023-02-09 | not yet calculated | CVE-2023-21450 MISC |
| samsung — secril | A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. | 2023-02-09 | not yet calculated | CVE-2023-21451 MISC |
| suse — multiple_products | An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap 15.4 allows attackers that can trick users to use specially crafted REPO_ALIAS, REPO_TYPE or REPO_METADATA_PATH settings to execute code as root. This issue affects: SUSE Linux Enterprise Server for SAP 15-SP3 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. openSUSE Leap 15.4 libzypp-plugin-appdata versions prior to 1.0.1+git.20180426. | 2023-02-07 | not yet calculated | CVE-2023-22643 CONFIRM |
| zulip — zulip | Zulip is an open-source team collaboration tool. In versions of zulip prior to commit `2f6c5a8` but after commit `04cf68b` users could upload files with arbitrary `Content-Type` which would be served from the Zulip hostname with `Content-Disposition: inline` and no `Content-Security-Policy` header, allowing them to trick other users into executing arbitrary Javascript in the context of the Zulip application. Among other things, this enables session theft. Only deployments which use the S3 storage (not the local-disk storage) are affected, and only deployments which deployed commit 04cf68b45ebb5c03247a0d6453e35ffc175d55da, which has only been in `main`, not any numbered release. Users affected should upgrade from main again to deploy this fix. Switching from S3 storage to the local-disk storage would nominally mitigate this, but is likely more involved than upgrading to the latest `main` which addresses the issue. | 2023-02-07 | not yet calculated | CVE-2023-22735 MISC MISC MISC MISC |
| ckan — ckan | CKAN is an open-source DMS (data management system) for powering data hubs and data portals. When creating a new container based on one of the Docker images listed below, the same secret key was being used by default. If the users didn’t set a custom value via environment variables in the `.env` file, that key was shared across different CKAN instances, making it easy to forge authentication requests. Users overriding the default secret key in their own `.env` file are not affected by this issue. Note that the legacy images (ckan/ckan) located in the main CKAN repo are not affected by this issue. The affected images are ckan/ckan-docker, (ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images). | 2023-02-03 | not yet calculated | CVE-2023-22746 MISC MISC MISC |
| ruby — ruby_gem | A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1. Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | 2023-02-09 | not yet calculated | CVE-2023-22792 MISC |
| ruby — ruby_gem | A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments. If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. | 2023-02-09 | not yet calculated | CVE-2023-22794 MISC |
| ruby — ruby_gem | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. | 2023-02-09 | not yet calculated | CVE-2023-22795 MISC |
| ruby — ruby_gem | A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-22796 MISC |
| ruby — rails | An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-22797 MISC |
| brave — adblock-lists | Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave’s redirect interceptor removal feature is known as “debouncing” and is intended to remove unnecessary redirects that track users across the web. | 2023-02-09 | not yet calculated | CVE-2023-22798 MISC |
| ruby — ruby_gem | A ReDoS based DoS vulnerability in the GlobalID <1.0.1 which could allow an attacker supplying a carefully crafted input can cause the regular expression engine to take an unexpected amount of time. All users running an affected release should either upgrade or use one of the workarounds immediately. | 2023-02-09 | not yet calculated | CVE-2023-22799 MISC |
| apache — nifi | The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. | 2023-02-10 | not yet calculated | CVE-2023-22832 MISC MISC |
| expressionengine — expressionengine | In ExpressionEngine before 7.2.6, remote code execution can be achieved by an authenticated Control Panel user. | 2023-02-09 | not yet calculated | CVE-2023-22953 MISC CONFIRM |
| invoiceplane — invoiceplane | Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. | 2023-02-07 | not yet calculated | CVE-2023-23011 MISC MISC |
| sourcecodester — oretnom23_sales_management_system | Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php. | 2023-02-07 | not yet calculated | CVE-2023-23026 MISC |
| phpgurukul — art_gallery_management_system_project |
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar. | 2023-02-10 | not yet calculated | CVE-2023-23161 MISC MISC MISC |
| phpgurukul — art_gallery_management_system_project | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php. | 2023-02-10 | not yet calculated | CVE-2023-23162 MISC MISC MISC |
| phpgurukul — art_gallery_management_system_project | Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter. | 2023-02-10 | not yet calculated | CVE-2023-23163 MISC MISC MISC |
| provide — server | Cross Site Scripting (XSS) vulnerability in Provide server 14.4 allows attackers to execute arbitrary code through the server-log via username field from the login form. | 2023-02-10 | not yet calculated | CVE-2023-23286 MISC MISC |
| solarview_compact — solarview_compact | There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. | 2023-02-06 | not yet calculated | CVE-2023-23333 MISC |
| ibm — infosphere_information_server | IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 245423. | 2023-02-08 | not yet calculated | CVE-2023-23475 MISC |
| wallix — access_manager | WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. | 2023-02-09 | not yet calculated | CVE-2023-23592 MISC MISC |
| discourse — discourse | Discourse is an open source discussion platform. The embeddable comments can be exploited to create new topics as any user but without any clear title or content. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. As a workaround, disable embeddable comments by deleting all embeddable hosts. | 2023-02-03 | not yet calculated | CVE-2023-23615 MISC |
| go-unixfs — go-unixfs | go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions. | 2023-02-09 | not yet calculated | CVE-2023-23625 MISC MISC |
| ipfs — go-bitfield | go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`. | 2023-02-09 | not yet calculated | CVE-2023-23626 MISC MISC |
| ipfs — go_unixfsnode | github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb’s implementation of protobuf to enable pathing. In versions priot to 1.5.2 trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus fanout parameter in the HAMT directory nodes. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-23631 MISC MISC MISC MISC |
| dell — command_intel_vpro_out_of_Band | Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated malicious users could potentially exploit this vulnerability in order to write arbitrary files to the system. | 2023-02-07 | not yet calculated | CVE-2023-23696 MISC |
dell — command_update |
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | 2023-02-10 | not yet calculated | CVE-2023-23698 MISC |
| synopsys — coverity | Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:C | 2023-02-06 | not yet calculated | CVE-2023-23849 MISC |
| ubiquiti — multiple_products | A vulnerability, found in EdgeRouters Version 2.0.9-hotfix.5 and earlier and UniFi Security Gateways (USG) Version 4.4.56 and earlier with their DHCPv6 prefix delegation set to dhcpv6-stateless or dhcpv6-stateful, allows a malicious actor directly connected to the WAN interface of an affected device to create a remote code execution vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-23912 MISC |
| switcherapi –switcher-client-master | Switcher Client is a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag. Unsanitized input flows into Strategy match operation (EXIST), where it is used to build a regular expression. This may result in a Regular expression Denial of Service attack (reDOS). This issue has been patched in version 3.1.4. As a workaround, avoid using Strategy settings that use REGEX in conjunction with EXIST and NOT_EXIST operations. | 2023-02-03 | not yet calculated | CVE-2023-23925 MISC MISC |
| pyca — cryptography | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. | 2023-02-07 | not yet calculated | CVE-2023-23931 MISC MISC |
| opendds — opendds | OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic may crash when parsing badly-formed input. This issue has been patched in version 3.23.1. | 2023-02-03 | not yet calculated | CVE-2023-23932 MISC MISC |
| opensearch-project — anomaly_detection | OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. There is an issue with the application of document and field level restrictions in the Anomaly Detection plugin, where users with the Anomaly Detector role can read aggregated numerical data (e.g. averages, sums) of fields that are otherwise restricted to them. This issue only affects authenticated users who were previously granted read access to the indexes containing the restricted fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no known workarounds for this issue. | 2023-02-03 | not yet calculated | CVE-2023-23933 MISC |
| pimcore — pimcore | Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid signature (p.e. GIF89) and sending any invalid content-type. This could allow an authenticated attacker to upload HTML files with JS content that will be executed in the context of the domain. This issue has been patched in version 10.5.16. | 2023-02-03 | not yet calculated | CVE-2023-23937 MISC MISC |
| openzeppelin — cairo_contracts | OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call to `finalize_keccak` after calling `verify_eth_signature`. As a result, any contract using `is_valid_eth_signature` from the account library (such as the `EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the malicious sequencer would be able to bypass signature validation to impersonate an instance of these accounts. The issue has been patched in 0.6.1. | 2023-02-03 | not yet calculated | CVE-2023-23940 MISC MISC |
| shopware — swagpaypal | SwagPayPal is a PayPal integration for shopware/platform. If JavaScript-based PayPal checkout methods are used (PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the amount and item list sent to PayPal may not be identical to the one in the created order. The problem has been fixed with version 5.4.4. As a workaround, disable the aforementioned payment methods or use the Security Plugin in version >= 1.0.21. | 2023-02-03 | not yet calculated | CVE-2023-23941 MISC MISC |
| nextcloud — desktop_client | The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue. | 2023-02-06 | not yet calculated | CVE-2023-23942 MISC MISC MISC |
| nextcloud — mail | Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is upgraded to 1.15.0 or 2.2.2. The only known workaround for this issue is to completely disable the nextcloud mail app. | 2023-02-06 | not yet calculated | CVE-2023-23943 MISC MISC MISC MISC MISC |
| nextcloud — mail | Nextcloud mail is an email app for the nextcloud home server platform. In versions prior to 2.2.2 user’s passwords were stored in cleartext in the database during the duration of OAuth2 setup procedure. Any attacker or malicious user with access to the database would have access to these user passwords until the OAuth setup has been completed. It is recommended that the Nextcloud Mail app is upgraded to 2.2.2. There are no known workarounds for this issue. | 2023-02-06 | not yet calculated | CVE-2023-23944 MISC MISC MISC |
| formwork — formwork | A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter. | 2023-02-10 | not yet calculated | CVE-2023-24230 MISC MISC |
| inventory-management-system — inventory-management-system | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/categories.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Categories Name parameter. | 2023-02-10 | not yet calculated | CVE-2023-24231 MISC MISC |
|
php-inventory-management-system — php-inventory-management-system |
A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/product.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter. | 2023-02-10 | not yet calculated | CVE-2023-24232 MISC MISC |
| php-inventory-management-system — php-inventory-management-system | A stored cross-site scripting (XSS) vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter. | 2023-02-10 | not yet calculated | CVE-2023-24233 MISC MISC |
| php-inventory-management-system — php-inventory-management-system | A stored cross-site scripting (XSS) vulnerability in the component php-inventory-management-system/brand.php of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Brand Name parameter. | 2023-02-10 | not yet calculated | CVE-2023-24234 MISC MISC |
| totolink — a7100ru | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. | 2023-02-06 | not yet calculated | CVE-2023-24276 MISC |
| mojoportal — mojoportal | A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters. | 2023-02-09 | not yet calculated | CVE-2023-24322 MISC MISC MISC |
| mojoportal — mojoportal | Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-24323 MISC MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSchedule. | 2023-02-10 | not yet calculated | CVE-2023-24343 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWlanGuestSetup. | 2023-02-10 | not yet calculated | CVE-2023-24344 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetWanDhcpplus. | 2023-02-10 | not yet calculated | CVE-2023-24345 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the wan_connected parameter at /goform/formEasySetupWizard3. | 2023-02-10 | not yet calculated | CVE-2023-24346 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formSetWanDhcpplus. | 2023-02-10 | not yet calculated | CVE-2023-24347 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter. | 2023-02-10 | not yet calculated | CVE-2023-24348 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute. | 2023-02-10 | not yet calculated | CVE-2023-24349 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the config.smtp_email_subject parameter at /goform/formSetEmail. | 2023-02-10 | not yet calculated | CVE-2023-24350 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the FILECODE parameter at /goform/formLogin. | 2023-02-10 | not yet calculated | CVE-2023-24351 MISC MISC |
| d-link — n300_wi-fi_router_ dir-605l | D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS. | 2023-02-10 | not yet calculated | CVE-2023-24352 MISC MISC |
| dell — alienware_command_center | Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. | 2023-02-10 | not yet calculated | CVE-2023-24569 MISC |
dell — command_monitor |
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | 2023-02-10 | not yet calculated | CVE-2023-24573 MISC |
|
churchcrm — churchcrm |
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | 2023-02-09 | not yet calculated | CVE-2023-24684 MISC MISC MISC |
| churchcrm — churchcrm | ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | 2023-02-09 | not yet calculated | CVE-2023-24685 MISC MISC MISC |
| churchcrm — churchcrm | An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file. | 2023-02-09 | not yet calculated | CVE-2023-24686 MISC MISC MISC |
| mojoportal — mojoportal | Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter. | 2023-02-09 | not yet calculated | CVE-2023-24687 MISC MISC MISC |
| mojoportal — mojoportal | An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled. | 2023-02-09 | not yet calculated | CVE-2023-24688 MISC MISC |
| mojoportal — mojoportal | An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the “s” parameter in /DesignTools/ManageSkin.aspx | 2023-02-09 | not yet calculated | CVE-2023-24689 MISC MISC |
| churchcrm — churchcrm | ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family. | 2023-02-09 | not yet calculated | CVE-2023-24690 MISC MISC |
| pdfio — pdfio | PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. Web servers or other automated processes which rely on this code to turn pdf submissions into plaintext can be DOSed when an attacker uploads the pdf. Please see the linked GHSA for an example pdf. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-02-07 | not yet calculated | CVE-2023-24808 MISC MISC |
| dompdf — dompdf | Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `xlink:href` even if `href` is specified. However, php-svg-lib, which is later used to parse the svg file, parses the href attribute. Since `href` is respected if both `xlink:href` and `href` is specified, it’s possible to bypass the protection on the Dompdf side by providing an empty `xlink:href` attribute. An attacker can exploit the vulnerability to call arbitrary URLs with arbitrary protocols if they provide an SVG file to the Dompdf. In PHP versions before 8.0.0, it leads to arbitrary unserialize, which will lead, at the very least, to arbitrary file deletion and might lead to remote code execution, depending on available classes. This vulnerability has been addressed in commit `95009ea98` which has been included in release version 2.0.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-02-07 | not yet calculated | CVE-2023-24813 MISC MISC |
| typo3 — typo3 | TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv(‘SCRIPT_NAME’)` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto – e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation. | 2023-02-07 | not yet calculated | CVE-2023-24814 MISC MISC MISC MISC MISC MISC MISC |
| vert-x3 — vertx-web | Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return “/” + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability. | 2023-02-09 | not yet calculated | CVE-2023-24815 MISC MISC MISC |
| ipython — ipython | IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Versions prior to 8.1.0 are subject to a command injection vulnerability with very specific prerequisites. This vulnerability requires that the function `IPython.utils.terminal.set_term_title` be called on Windows in a Python environment where ctypes is not available. The dependency on `ctypes` in `IPython.utils._process_win32` prevents the vulnerable code from ever being reached in the ipython binary. However, as a library that could be used by another tool `set_term_title` could be called and hence introduce a vulnerability. Should an attacker get untrusted input to an instance of this function they would be able to inject shell commands as current process and limited to the scope of the current process. Users of ipython as a library are advised to upgrade. Users unable to upgrade should ensure that any calls to the `IPython.utils.terminal.set_term_title` function are done with trusted or filtered input. | 2023-02-10 | not yet calculated | CVE-2023-24816 MISC MISC MISC MISC |
| anchore — syft | syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. A password disclosure flaw was found in Syft versions v0.69.0 and v0.69.1. This flaw leaks the password stored in the SYFT_ATTEST_PASSWORD environment variable. The `SYFT_ATTEST_PASSWORD` environment variable is for the `syft attest` command to generate attested SBOMs for the given container image. This environment variable is used to decrypt the private key (provided with `syft attest –key <path-to-key-file>`) during the signing process while generating an SBOM attestation. This vulnerability affects users running syft that have the `SYFT_ATTEST_PASSWORD` environment variable set with credentials (regardless of if the attest command is being used or not). Users that do not have the environment variable `SYFT_ATTEST_PASSWORD` set are not affected by this issue. The credentials are leaked in two ways: in the syft logs when `-vv` or `-vvv` are used in the syft command (which is any log level >= `DEBUG`) and in the attestation or SBOM only when the `syft-json` format is used. Note that as of v0.69.0 any generated attestations by the `syft attest` command are uploaded to the OCI registry (if you have write access to that registry) in the same way `cosign attach` is done. This means that any attestations generated for the affected versions of syft when the `SYFT_ATTEST_PASSWORD` environment variable was set would leak credentials in the attestation payload uploaded to the OCI registry. This issue has been patched in commit `9995950c70` and has been released as v0.70.0. There are no workarounds for this vulnerability. Users are advised to upgrade. | 2023-02-07 | not yet calculated | CVE-2023-24827 MISC MISC |
| theonedev — onedev | Onedev is a self-hosted Git Server with CI/CD and Kanban. In versions prior to 7.9.12 the algorithm used to generate access token and password reset keys was not cryptographically secure. Existing normal users (or everyone if it allows self-registration) may exploit this to elevate privilege to obtain administrator permission. This issue is has been addressed in version 7.9.12. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-02-08 | not yet calculated | CVE-2023-24828 MISC MISC |
| couchbase — couchbase_server | Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. | 2023-02-06 | not yet calculated | CVE-2023-25016 MISC MISC MISC |
| nextcloud — security-advisories |
Nextcloud office/richdocuments is an office suit for the nextcloud server platform. In affected versions the Collabora integration can be tricked to provide access to any file without proper permission validation. As a result any user with access to Collabora can obtain the content of other users files. It is recommended that the Nextcloud Office App (Collabora Integration) is updated to 7.0.2 (Nextcloud 25), 6.3.2 (Nextcloud 24), 5.0.10 (Nextcloud 23), 4.2.9 (Nextcloud 21-22), or 3.8.7 (Nextcloud 15-20). There are no known workarounds for this issue. | 2023-02-08 | not yet calculated | CVE-2023-25150 MISC MISC MISC |
| open-telemetry — opentelemetry-go-contrib |
opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. The v0.38.0 release of `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` uses the `httpconv.ServerRequest` function to annotate metric measurements for the `http.server.request_content_length`, `http.server.response_content_length`, and `http.server.duration` instruments. The `ServerRequest` function sets the `http.target` attribute value to be the whole request URI (including the query string)[^1]. The metric instruments do not “forget” previous measurement attributes when `cumulative` temporality is used, this means the cardinality of the measurements allocated is directly correlated with the unique URIs handled. If the query string is constantly random, this will result in a constant increase in memory allocation that can be used in a denial-of-service attack. This issue has been addressed in version 0.39.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-02-08 | not yet calculated | CVE-2023-25151 MISC MISC |
| pterodactyl — wings |
Wings is Pterodactyl’s server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. | 2023-02-08 | not yet calculated | CVE-2023-25152 MISC MISC |
| argoproj — argo-cd |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v2.6.0-rc1 have an output sanitization bug which leaks repository access credentials in error messages. These error messages are visible to the user, and they are logged. The error message is visible when a user attempts to create or update an Application via the Argo CD API (and therefor the UI or CLI). The user must have `applications, create` or `applications, update` RBAC access to reach the code which may produce the error. The user is not guaranteed to be able to trigger the error message. They may attempt to spam the API with requests to trigger a rate limit error from the upstream repository. If the user has `repositories, update` access, they may edit an existing repository to introduce a URL typo or otherwise force an error message. But if they have that level of access, they are probably intended to have access to the credentials anyway. A patch for this vulnerability has been released in version 2.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2023-02-08 | not yet calculated | CVE-2023-25163 MISC MISC MISC MISC |
| tinacms — tinacms |
Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you’re on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate those keys immediately. This issue has been patched in @tinacms/[email protected]. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-02-08 | not yet calculated | CVE-2023-25164 MISC MISC |
| helm — helm |
Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. The function is able to accept a hostname and return an IP address for that hostname. To get the IP address the function performs a DNS lookup. The DNS lookup happens when used with `helm install|upgrade|template` or when the Helm SDK is used to render a chart. Information passed into the chart can be disclosed to the DNS servers used to lookup the IP address. For example, a malicious chart could inject `getHostByName` into a chart in order to disclose values to a malicious DNS server. The issue has been fixed in Helm 3.11.1. Prior to using a chart with Helm verify the `getHostByName` function is not being used in a template to disclose any information you do not want passed to DNS servers. | 2023-02-08 | not yet calculated | CVE-2023-25165 MISC MISC |
| hapijs — formula |
formula is a math and string formula parser. In versions prior to 3.0.1 crafted user-provided strings to formula’s parser might lead to polynomial execution time and a denial of service. Users should upgrade to 3.0.1+. There are no known workarounds for this vulnerability. | 2023-02-08 | not yet calculated | CVE-2023-25166 MISC MISC |
| discourse — discourse |
Discourse is an open source discussion platform. In affected versions a malicious user can cause a regular expression denial of service using a carefully crafted git URL. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this issue. | 2023-02-08 | not yet calculated | CVE-2023-25167 MISC MISC |
| pterodactyl — wings |
Wings is Pterodactyl’s server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing “server” allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue. | 2023-02-09 | not yet calculated | CVE-2023-25168 MISC MISC MISC |
| harfbuzz — harfbuzz |
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. | 2023-02-04 | not yet calculated | CVE-2023-25193 MISC MISC MISC FEDORA |
| apache — kafka_connect |
A possible security vulnerability has been identified in Apache Kafka Connect. This requires access to a Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, which has been possible on Kafka Connect clusters since Apache Kafka 2.3.0. When configuring the connector via the Kafka Connect REST API, an authenticated operator can set the `sasl.jaas.config` property for any of the connector’s Kafka clients to “com.sun.security.auth.module.JndiLoginModule”, which can be done via the `producer.override.sasl.jaas.config`, `consumer.override.sasl.jaas.config`, or `admin.override.sasl.jaas.config` properties. This will allow the server to connect to the attacker’s LDAP server and deserialize the LDAP response, which the attacker can use to execute java deserialization gadget chains on the Kafka connect server. Attacker can cause unrestricted deserialization of untrusted data (or) RCE vulnerability when there are gadgets in the classpath. Since Apache Kafka 3.0.0, users are allowed to specify these properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations. Before Apache Kafka 3.0.0, users may not specify these properties unless the Kafka Connect cluster has been reconfigured with a connector client override policy that permits them. Since Apache Kafka 3.4.0, we have added a system property (“-Dorg.apache.kafka.disallowed.login.modules”) to disable the problematic login modules usage in SASL JAAS configuration. Also by default “com.sun.security.auth.module.JndiLoginModule” is disabled in Apache Kafka 3.4.0. We advise the Kafka Connect users to validate connector configurations and only allow trusted JNDI configurations. Also examine connector dependencies for vulnerable versions and either upgrade their connectors, upgrading that specific dependency, or removing the connectors as options for remediation. Finally, in addition to leveraging the “org.apache.kafka.disallowed.login.modules” system property, Kafka Connect users can also implement their own connector client config override policy, which can be used to control which Kafka client properties can be overridden directly in a connector config and which cannot. | 2023-02-07 | not yet calculated | CVE-2023-25194 MISC MISC |
| caphyon — advanced_installer |
Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. | 2023-02-08 | not yet calculated | CVE-2023-25396 MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. The DataHub frontend acts as a proxy able to forward any REST or GraphQL requests to the backend. The goal of this proxy is to perform authentication if needed and forward HTTP requests to the DataHub Metadata Store (GMS). It has been discovered that the proxy does not adequately construct the URL when forwarding data to GMS, allowing external users to reroute requests from the DataHub Frontend to any arbitrary hosts. As a result attackers may be able to reroute a request from originating from the frontend proxy to any other server and return the result. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-076. | 2023-02-11 | not yet calculated | CVE-2023-25557 MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. When the DataHub frontend is configured to authenticate via SSO, it will leverage the pac4j library. The processing of the `id_token` is done in an unsafe manner which is not properly accounted for by the DataHub frontend. Specifically, if any of the id_token claims value start with the {#sb64} prefix, pac4j considers the value to be a serialized Java object and will deserialize it. This issue may lead to Remote Code Execution (RCE) in the worst case. Although a `RestrictedObjectInputStream` is in place, that puts some restriction on what classes can be deserialized, it still allows a broad range of java packages and potentially exploitable with different gadget chains. Users are advised to upgrade. There are no known workarounds. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-086. | 2023-02-11 | not yet calculated | CVE-2023-25558 MISC MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. When not using authentication for the metadata service, which is the default configuration, the Metadata service (GMS) will use the X-DataHub-Actor HTTP header to infer the user the frontend is sending the request on behalf of. When the backends retrieves the header, its name is retrieved in a case-insensitive way. This case differential can be abused by an attacker to smuggle an X-DataHub-Actor header with different casing (eg: X-DATAHUB-ACTOR). This issue may lead to an authorization bypass by allowing any user to impersonate the system user account and perform any actions on its behalf. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-079. | 2023-02-11 | not yet calculated | CVE-2023-25559 MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. The AuthServiceClient which is responsible for creation of new accounts, verifying credentials, resetting them or requesting access tokens, crafts multiple JSON strings using format strings with user-controlled data. This means that an attacker may be able to augment these JSON strings to be sent to the backend and that can potentially be abused by including new or colliding values. This issue may lead to an authentication bypass and the creation of system accounts, which effectively can lead to full system compromise. Users are advised to upgrade. There are no known workarounds for this vulnerability. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-080. | 2023-02-11 | not yet calculated | CVE-2023-25560 MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. In the event a system is using Java Authentication and Authorization Service (JAAS) authentication and that system is given a configuration which contains an error, the authentication for the system will fail open and allow an attacker to login using any username and password. The reason for this is that while an error is thrown in the `authenticateJaasUser` method it is swallowed without propagating the error. As a result of this issue unauthenticated users may gain access to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-081. | 2023-02-11 | not yet calculated | CVE-2023-25561 MISC MISC |
| datahub — datahub |
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be bypassed by using a cookie from a logged out session, as a result any logged out session cookie may be accepted as valid and therefore lead to an authentication bypass to the system. Users are advised to upgrade. There are no known workarounds for this issue. This vulnerability was discovered and reported by the GitHub Security lab and is tracked as GHSL-2022-083. | 2023-02-11 | not yet calculated | CVE-2023-25562 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.
