CISA Bulletins - Vulnerability Summary for the Week of January 23, 2023

  • Welcome to ITBible, we're your #1 resource for enterprise or homelab IT problems (or just a place to show off your stuff).
C

CISA

Guest
Original release date: January 30, 2023 | Last revised: January 31, 2023



High Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- acrobat_reader​
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2023-01-27​
7.8
CVE-2023-22240
MISC
adobe -- acrobat_reader​
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2023-01-27​
7.8
CVE-2023-22241
MISC
adobe -- acrobat_reader​
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.​
2023-01-27​
7.8
CVE-2023-22242
MISC
assimp -- assimp​
An issue was discovered with assimp 5.1.4, a use after free occurred in function ColladaParser::ExtractDataObjectFromChannel in file /code/AssetLib/Collada/ColladaParser.cpp.​
2023-01-20​
8.8
CVE-2022-45748
MISC
ays-pro -- survey_maker​
The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action.​
2023-01-20​
8.8
CVE-2023-23490
MISC
cisco -- cx_cloud_agent​
A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device.​
2023-01-20​
7.3
CVE-2023-20044
MISC
cisco -- identity_services_engine​
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to inject arbitrary commands on the underlying operating system. This vulnerability is due to improper validation of user input within requests as part of the web-based management interface. An attacker could exploit this vulnerability by manipulating requests to the web-based management interface to contain operating system commands. A successful exploit could allow the attacker to execute arbitrary operating system commands on the underlying operating system with the privileges of the web services user. Cisco has not yet released software updates that address this vulnerability.​
2023-01-20​
8.8
CVE-2022-20964
MISC
cisco -- roomos​
A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. This vulnerability is due to improper access controls on files that are in the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device.​
2023-01-20​
7.1
CVE-2023-20008
MISC
contec -- conprosys_hmi_system​
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.​
2023-01-20​
7.5
CVE-2023-22331
MISC
MISC
MISC
MISC
contec -- conprosys_hmi_system​
Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product.​
2023-01-20​
7.5
CVE-2023-22339
MISC
MISC
MISC
MISC
electerm_project -- electerm​
An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.​
2023-01-20​
9.8
CVE-2020-23256
MISC
hcltech -- bigfix_mobile​
HCL BigFix Mobile / Modern Client Management Admin and Config UI passwords can be brute-forced. User should be locked out for multiple invalid attempts.​
2023-01-20​
7.5
CVE-2021-27782
MISC
hospital_management_system_project -- hospital_management_system​
SQL Injection vulnerability in kishan0725 Hospital Management System thru commit 4770d740f2512693ef8fd9aa10a8d17f79fad9bd (on March 13, 2021), allows attackers to execute arbitrary commands via the contact and doctor parameters to /search.php.​
2023-01-20​
9.8
CVE-2022-48120
MISC
inxedu -- inxedu​
SQL Injection vulnerability in inxedu 2.0.6 allows attackers to execute arbitrary commands via the functionIds parameter to /saverolefunction.​
2023-01-20​
9.8
CVE-2020-21152
MISC
MISC
login_with_phone_number_project -- login_with_phone_number​
The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.​
2023-01-20​
8.8
CVE-2023-23492
MISC
mangboard -- mangboard_wp​
SQL-Injection vulnerability caused by the lack of verification of input values for the table name of DB used by the Mangboard bulletin board. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.​
2023-01-20​
9.8
CVE-2021-26644
MISC
mariadb -- mariadb​
MariaDB Server before 10.3.34 thru 10.9.3 is vulnerable to Denial of Service. It is possible for function spider_db_mbase::print_warnings to dereference a null pointer.​
2023-01-20​
7.5
CVE-2022-47015
MISC
microsoft -- edge​
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.​
2023-01-24​
8.3
CVE-2023-21775
MISC
microsoft -- edge​
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21796.​
2023-01-24​
8.3
CVE-2023-21795
MISC
microsoft -- edge​
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21795.​
2023-01-24​
8.3
CVE-2023-21796
MISC
misp-project -- misp​
In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function.​
2023-01-20​
9.8
CVE-2023-24028
MISC
online_food_ordering_system_project -- online_food_ordering_system​
Multiple SQL Injection vulnerabilies in tourist5 Online-food-ordering-system 1.0.​
2023-01-20​
9.8
CVE-2020-29297
MISC
MISC
MISC
remoteclinic -- remote_clinic​
SQL Injection vulnerability in RemoteClinic 2.0 allows attackers to execute arbitrary commands and gain sensitive information via the id parameter to /medicines/profile.php.​
2023-01-20​
9.8
CVE-2022-48152
MISC
reprisesoftware -- reprise_license_manager​
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.​
2023-01-20​
8.1
CVE-2021-37500
MISC
MISC
MISC
sandhillsdev -- easy_digital_downloads​
The Easy Digital Downloads WordPress Plugin, version < 3.1.0.4, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action.​
2023-01-20​
9.8
CVE-2023-23489
MISC
solarwinds -- database_performance_analyzer​
In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.​
2023-01-20​
7.5
CVE-2022-38112
MISC
MISC
solarwinds -- dynamips​
Use of uninitialized variable in function gen_eth_recv in GNS3 dynamips 0.2.21.​
2023-01-20​
7.5
CVE-2022-47012
MISC
strangerstudios -- paid_memberships_pro​
The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route.​
2023-01-20​
9.8
CVE-2023-23488
MISC
tenable -- nessus​
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.​
2023-01-20​
8.8
CVE-2023-0101
MISC
MISC
tmux_project -- tmux​
A null pointer dereference issue was discovered in function window_pane_set_event in window.c in tmux 3.0 thru 3.3 and later, allows attackers to cause denial of service or other unspecified impacts.​
2023-01-20​
7.8
CVE-2022-47016
MISC
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the rsabits parameter in the setting/delStaticDhcpRules function.​
2023-01-20​
9.8
CVE-2022-48121
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the dayvalid parameter in the setting/delStaticDhcpRules function.​
2023-01-20​
9.8
CVE-2022-48122
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the servername parameter in the setting/delStaticDhcpRules function.​
2023-01-20​
9.8
CVE-2022-48123
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function.​
2023-01-20​
9.8
CVE-2022-48124
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the password parameter in the setting/setOpenVpnCertGenerationCfg function.​
2023-01-20​
9.8
CVE-2022-48125
MISC
totolink -- a7100ru_firmware​
TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the username parameter in the setting/setOpenVpnCertGenerationCfg function.​
2023-01-20​
9.8
CVE-2022-48126
MISC
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18893.​
2023-01-26​
7.8
CVE-2022-42394
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18274.​
2023-01-26​
7.8
CVE-2022-42395
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18278.​
2023-01-26​
7.8
CVE-2022-42396
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18327.​
2023-01-26​
7.8
CVE-2022-42399
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18328.​
2023-01-26​
7.8
CVE-2022-42400
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in an embedded U3D object can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18632.​
2023-01-26​
7.8
CVE-2022-42402
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18892.​
2023-01-26​
7.8
CVE-2022-42403
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18367.​
2023-01-26​
7.8
CVE-2022-42405
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PGM files. Crafted data in a PGM file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18365.​
2023-01-26​
7.8
CVE-2022-42410
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18366.​
2023-01-26​
7.8
CVE-2022-42415
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18673.​
2023-01-26​
7.8
CVE-2022-42416
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18676.​
2023-01-26​
7.8
CVE-2022-42417
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18677.​
2023-01-26​
7.8
CVE-2022-42418
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18700.​
2023-01-26​
7.8
CVE-2022-42419
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18686.​
2023-01-26​
7.8
CVE-2022-42420
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18703.​
2023-01-26​
7.8
CVE-2022-42421
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. Crafted data in a TIF file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18716.​
2023-01-26​
7.8
CVE-2022-42423
N/A
N/A
trendmicro -- maximum_security_2022​
A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.​
2023-01-20​
7
CVE-2022-48191
MISC
MISC
uber -- kraken​
kraken <= 0.1.4 has an arbitrary file read vulnerability via the component testfs.​
2023-01-20​
7.5
CVE-2022-47747
MISC
vim -- vim​
A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts.​
2023-01-20​
7.8
CVE-2022-47024
MISC
xiph -- opusfile​
A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.​
2023-01-20​
7.8
CVE-2022-47021
MISC
MISC
zohocorp -- manageengine_servicedesk_plus_msp​
Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled.​
2023-01-20​
9.1
CVE-2023-22964
MISC
MISC
Back to top



Medium Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
book_store_management_system_project -- book_store_management_system​
Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter.​
2023-01-20​
6.1
CVE-2023-23024
MISC
builder -- qwik​
Cross-site Scripting (XSS) - Generic in GitHub repository builderio/qwik prior to 0.1.0-beta5.​
2023-01-20​
6.1
CVE-2023-0410
CONFIRM
MISC
cisco -- identity_services_engine​
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]]​
2023-01-20​
5.4
CVE-2022-20965
MISC
cisco -- identity_services_engine​
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.​
2023-01-20​
5.4
CVE-2022-20966
MISC
cisco -- identity_services_engine​
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to conduct cross-site scripting attacks against other users of the application web-based management interface. This vulnerability is due to improper validation of input to an application feature before storage within the web-based management interface. An attacker could exploit this vulnerability by creating entries within the application interface that contain malicious HTML or script code. A successful exploit could allow the attacker to store malicious HTML or script code within the application interface for use in further cross-site scripting attacks. Cisco has not yet released software updates that address this vulnerability.​
2023-01-20​
5.4
CVE-2022-20967
MISC
cisco -- industrial_network_director​
A vulnerability in Cisco Industrial Network Director could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks. The vulnerability is due to improper validation of content submitted to the affected application. An attacker could exploit this vulnerability by sending requests containing malicious values to the affected system. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.​
2023-01-20​
5.4
CVE-2023-20037
MISC
cisco -- roomos​
A vulnerability in Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to bypass access controls and conduct an SSRF attack through an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a user of the web application. A successful exploit could allow the attacker to send arbitrary network requests that are sourced from the affected system.​
2023-01-20​
4.4
CVE-2023-20002
MISC
classroombookings -- classroombookings​
Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php.​
2023-01-20​
6.1
CVE-2023-23012
MISC
MISC
contec -- conprosys_hmi_system​
Cross-site scripting vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to inject an arbitrary script and obtain the sensitive information.​
2023-01-20​
5.4
CVE-2023-22373
MISC
MISC
MISC
MISC
contec -- conprosys_hmi_system​
Use of password hash instead of password for authentication vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote authenticated attacker to obtain user credentials information via a man-in-the-middle attack.​
2023-01-20​
5.3
CVE-2023-22334
MISC
MISC
MISC
MISC
ecommerce-codeigniter-bootstrap_project -- ecommerce-codeigniter-bootstrap​
Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the languages and trans_load parameters in file add_product.php.​
2023-01-20​
6.1
CVE-2023-23010
MISC
MISC
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_LIST_URL".​
2023-01-20​
6.1
CVE-2022-45537
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article publish component in cookie "ENV_GOBACK_URL".​
2023-01-20​
6.1
CVE-2022-45538
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in FileManager component in GET value "activepath" when creating a new file.​
2023-01-20​
6.1
CVE-2022-45539
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in article type editor component in POST value "name" if the value contains a malformed UTF-8 char.​
2023-01-20​
6.1
CVE-2022-45540
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the article attribute editor component in POST value "value" if the value contains a non-integer char.​
2023-01-20​
6.1
CVE-2022-45541
MISC
eyoucms -- eyoucms​
EyouCMS <= 1.6.0 was discovered a reflected-XSS in the FileManager component in GET parameter "filename" when editing any file.​
2023-01-20​
5.4
CVE-2022-45542
MISC
fullworksplugins -- quick_event_manager​
The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.​
2023-01-20​
6.1
CVE-2023-23491
MISC
ibm -- cloud_pak_for_security​
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 216387.​
2023-01-20​
6.5
CVE-2021-39089
MISC
MISC
ibm -- cloud_pak_for_security​
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.​
2023-01-20​
4.9
CVE-2021-39011
MISC
MISC
ibm -- infosphere_information_server​
IBM InfoSphere Information Server 11.7 could allow a remote attacked to cause some of the components to be unusable until the process is restarted. IBM X-Force ID: 237583.​
2023-01-20​
5.3
CVE-2022-41733
MISC
MISC
inventory_system_project -- inventory_system​
Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file InventorySystem.php.​
2023-01-20​
6.1
CVE-2023-23014
MISC
MISC
kalkun_project -- kalkun​
Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php.​
2023-01-20​
6.1
CVE-2023-23015
MISC
MISC
left_project -- left​
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via file names.​
2023-01-20​
6.1
CVE-2022-45557
MISC
left_project -- left​
Cross site scripting (XSS) vulnerability in Hundredrabbits Left 7.1.5 for MacOS allows attackers to execute arbitrary code via the meta tag.​
2023-01-20​
6.1
CVE-2022-45558
MISC
mediawiki -- mediawiki​
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. There is XSS in Wikibase date formatting via wikibase-time-precision-* fields. This allows JavaScript execution by staff/admin users who do not intentionally have the editsitejs capability.​
2023-01-20​
5.4
CVE-2023-22910
MISC
mediawiki -- mediawiki​
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated (aka re-used) nonce, allowing an adversary to decrypt.​
2023-01-20​
5.3
CVE-2023-22912
MISC
microsoft -- edge​
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.​
2023-01-24​
6.5
CVE-2023-21719
MISC
misp -- misp​
In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name.​
2023-01-20​
6.1
CVE-2023-24027
MISC
misp-project -- misp​
In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload.​
2023-01-20​
6.1
CVE-2023-24026
MISC
reprisesoftware -- reprise_license_manager​
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.​
2023-01-20​
6.5
CVE-2021-37498
MISC
MISC
MISC
reprisesoftware -- reprise_license_manager​
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.​
2023-01-20​
6.5
CVE-2021-37499
MISC
MISC
MISC
reqlogic -- reqlogic​
Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration parameters.​
2023-01-20​
6.1
CVE-2022-41441
MISC
MISC
MISC
sinilink -- xy-wft1_firmware​
The Sinilink XY-WFT1 WiFi Remote Thermostat, running firmware 1.3.6, allows an attacker to bypass the intended requirement to communicate using MQTT. It is possible to replay Sinilink aka SINILINK521 protocol (udp/1024) commands interfacing directly with the target device. This, in turn, allows for an attack to control the onboard relay without requiring authentication via the mobile application. This might result in an unacceptable temperature within the target device's physical environment.​
2023-01-20​
5.9
CVE-2022-43704
MISC
solarwinds -- database_performance_analyzer​
In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.​
2023-01-20​
5.4
CVE-2022-38110
MISC
MISC
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18655.​
2023-01-26​
5.5
CVE-2022-42386
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18656.​
2023-01-26​
5.5
CVE-2022-42387
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18657.​
2023-01-26​
5.5
CVE-2022-42388
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18658.​
2023-01-26​
5.5
CVE-2022-42389
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18659.​
2023-01-26​
5.5
CVE-2022-42390
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18660.​
2023-01-26​
5.5
CVE-2022-42391
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18661.​
2023-01-26​
5.5
CVE-2022-42392
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18662.​
2023-01-26​
5.5
CVE-2022-42393
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. Crafted data in an XPS file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18279.​
2023-01-26​
5.5
CVE-2022-42397
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18307.​
2023-01-26​
5.5
CVE-2022-42398
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18533.​
2023-01-26​
5.5
CVE-2022-42401
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18273.​
2023-01-26​
5.5
CVE-2022-42404
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18369.​
2023-01-26​
5.5
CVE-2022-42406
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. Crafted data in an EMF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18542.​
2023-01-26​
5.5
CVE-2022-42407
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18543.​
2023-01-26​
5.5
CVE-2022-42408
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18315.​
2023-01-26​
5.5
CVE-2022-42409
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPC files. Crafted data in a JPC file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18306.​
2023-01-26​
5.5
CVE-2022-42411
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18324.​
2023-01-26​
5.5
CVE-2022-42412
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. Crafted data in a JP2 file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18368.​
2023-01-26​
5.5
CVE-2022-42413
N/A
N/A
tracker-software -- pdf-xchange_editor​
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18326.​
2023-01-26​
5.5
CVE-2022-42414
N/A
N/A
Back to top



Low Vulnerabilities​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
There were no low vulnerabilities recorded this week.​
Back to top



Severity Not Yet Assigned​

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adguard -- adguard​
Improper input validation in driver adgnetworkwfpdrv.sys in Adguard For Windows x86 up to version 7.11 allows attacker to gain local privileges escalation.​
2023-01-26​
not yet calculated​
CVE-2022-45770
MISC
MISC
amano -- xoffice_parking_solutions​
Amano Xoffice parking solutions 7.1.3879 is vulnerable to SQL Injection.​
2023-01-24​
not yet calculated​
CVE-2023-23331
MISC
MISC
android -- automaticzenrule​
In AutomaticZenRule of AutomaticZenRule.java, there is a possible persistent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243794204​
2023-01-26​
not yet calculated​
CVE-2022-20494
MISC
android -- multiple_products​
In ApplicationsDetailsActivity of AndroidManifest.xml, there is a possible DoS due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183410508​
2023-01-26​
not yet calculated​
CVE-2022-20213
MISC
android -- multiple_products​
In Car Settings app, the toggle button in Modify system settings is vulnerable to tapjacking attack. Attackers can overlay the toggle button to enable apps to modify system settings without user consent.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183411210​
2023-01-26​
not yet calculated​
CVE-2022-20214
MISC
android -- multiple_products​
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780​
2023-01-26​
not yet calculated​
CVE-2022-20235
MISC
android -- multiple_products​
In AutomaticZenRule of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703780​
2023-01-26​
not yet calculated​
CVE-2022-20456
MISC
android -- multiple_products​
The logs of sensitive information (PII) or hardware identifier should only be printed in Android "userdebug" or "eng" build. StatusBarNotification.getKey() could contain sensitive information. However, CarNotificationListener.java, it prints out the StatusBarNotification.getKey() directly in logs, which could contain user's account name (i.e. PII), in Android "user" build.Product: AndroidVersions: Android-12LAndroid ID: A-205567776​
2023-01-26​
not yet calculated​
CVE-2022-20458
MISC
android -- multiple_products​
In pinReplyNative of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege of BLE with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-228602963​
2023-01-26​
not yet calculated​
CVE-2022-20461
MISC
android -- multiple_products​
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703460​
2023-01-26​
not yet calculated​
CVE-2022-20489
MISC
android -- multiple_products​
In multiple functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242703505​
2023-01-26​
not yet calculated​
CVE-2022-20490
MISC
android -- multiple_products​
In many functions of AutomaticZenRule.java, there is a possible failure to persist permissions settings due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242704043​
2023-01-26​
not yet calculated​
CVE-2022-20492
MISC
android -- multiple_products​
In Condition of Condition.java, there is a possible way to grant notification access due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-242846316​
2023-01-26​
not yet calculated​
CVE-2022-20493
MISC
android -- oncreate​
In onCreate of MasterClearConfirmFragment.java, there is a possible factory reset due to a tapjacking/overlay attack. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-183794206​
2023-01-26​
not yet calculated​
CVE-2022-20215
MISC
apache -- airflow​
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.​
2023-01-21​
not yet calculated​
CVE-2023-22884
MISC
MISC
apache -- ldap​
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.​
2023-01-27​
not yet calculated​
CVE-2020-36658
MISC
MLIST
apache -- ldap​
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.​
2023-01-27​
not yet calculated​
CVE-2020-36659
MISC
MLIST
apple -- swift
A program using FoundationNetworking in swift-corelibs-foundation is potentially vulnerable to CRLF ( ) injection in URLRequest headers. In this vulnerability, a client can insert one or several CRLF sequences into a URLRequest header value. When that request is sent via URLSession to an HTTP server, the server may interpret the content after the CRLF as extra headers, or even a second request. For example, consider a URLRequest to http://example.com/ with the GET method. Suppose we set the URLRequest header "Foo" to the value "Bar Extra-Header: Added GET /other HTTP/1.1". When this request is sent, it will appear to the server as two requests: GET / HTTP/1.1 Foo: Bar Extra-Header: Added GET /other HTTP/1.1 In this manner, the client is able to inject extra headers and craft an entirely new request to a separate path, despite only making one API call in URLSession. If a developer has total control over the request and its headers, this vulnerability may not pose a threat. However, this vulnerability escalates if un-sanitized user input is placed in header values. If so, a malicious user could inject new headers or requests to an intermediary or backend server. Developers should be especially careful to sanitize user input in this case, or upgrade their version of swift-corelibs-foundation to include the patch below.​
2023-01-20​
not yet calculated​
CVE-2022-3918
MISC
argocd -- argocd​
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions of Argo CD starting with v1.8.2 and prior to 2.3.13, 2.4.19, 2.5.6, and 2.6.0-rc-3 are vulnerable to an improper authorization bug causing the API to accept certain invalid tokens. OIDC providers include an aud (audience) claim in signed tokens. The value of that claim specifies the intended audience(s) of the token (i.e. the service or services which are meant to accept the token). Argo CD does validate that the token was signed by Argo CD's configured OIDC provider. But Argo CD does not validate the audience claim, so it will accept tokens that are not intended for Argo CD. If Argo CD's configured OIDC provider also serves other audiences (for example, a file storage service), then Argo CD will accept a token intended for one of those other audiences. Argo CD will grant the user privileges based on the token's groups claim, even though those groups were not intended to be used by Argo CD. This bug also increases the impact of a stolen token. If an attacker steals a valid token for a different audience, they can use it to access Argo CD. A patch for this vulnerability has been released in versions 2.6.0-rc3, 2.5.6, 2.4.19, and 2.3.13. There are no workarounds.​
2023-01-26​
not yet calculated​
CVE-2023-22482
MISC
argocd -- argocd​
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed namespaces. Reconciled Application namespaces are specified as a comma-delimited list of glob patterns. When sharding is enabled on the Application controller, it does not enforce that list of patterns when reconciling Applications. For example, if Application namespaces are configured to be argocd-*, the Application controller may reconcile an Application installed in a namespace called other, even though it does not start with argocd-. Reconciliation of the out-of-bounds Application is only triggered when the Application is updated, so the attacker must be able to cause an update operation on the Application resource. This bug only applies to users who have explicitly enabled the "apps-in-any-namespace" feature by setting application.namespaces in the argocd-cmd-params-cm ConfigMap or otherwise setting the --application-namespaces flags on the Application controller and API server components. The apps-in-any-namespace feature is in beta as of this Security Advisory's publish date. The bug is also limited to Argo CD instances where sharding is enabled by increasing the replicas count for the Application controller. Finally, the AppProjects' sourceNamespaces field acts as a secondary check against this exploit. To cause reconciliation of an Application in an out-of-bounds namespace, an AppProject must be available which permits Applications in the out-of-bounds namespace. A patch for this vulnerability has been released in versions 2.5.8 and 2.6.0-rc5. As a workaround, running only one replica of the Application controller will prevent exploitation of this bug. Making sure all AppProjects' sourceNamespaces are restricted within the confines of the configured Application namespaces will also prevent exploitation of this bug.​
2023-01-26​
not yet calculated​
CVE-2023-22736
MISC
arista -- multiple_products​
For certain systems running EOS, a Precision Time Protocol (PTP) packet of a management/signaling message with an invalid Type-Length-Value (TLV) causes the PTP agent to restart. Repeated restarts of the service will make the service unavailable.​
2023-01-26​
not yet calculated​
CVE-2021-28510
MISC
askey -- rtf3505vw-n1_router​
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.​
2023-01-26​
not yet calculated​
CVE-2022-47040
MISC
asyncapi -- modelina​
Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Versions prior to 1.0.0 are vulnerable to Code injection. This issue affects anyone who is using the default presets and/or does not handle the functionality themself. This issue has been partially mitigated in version 1.0.0, with the maintainer's GitHub Security Advisory (GHSA) noting "It is impossible to fully guard against this, because users have access to the original raw information. However, as of version 1, if you only access the constrained models, you will not encounter this issue. Further similar situations are NOT seen as a security issue, but intended behavior." The suggested workaround from the maintainers is "Fully custom presets that change the entire rendering process which can then escape the user input."​
2023-01-26​
not yet calculated​
CVE-2023-23619
MISC
ayacms -- ayacms​
AyaCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/tpl_edit.inc.php.​
2023-01-27​
not yet calculated​
CVE-2022-48116
MISC
baicells -- multiple_products​
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to authenticate via ssh. (The credentials are stored in the firmware, encrypted by the crypt function.)​
2023-01-26​
not yet calculated​
CVE-2023-24022
MISC
MISC
MISC
baicells -- multiple_products​
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods below have been tested and validated by a 3rd party analyst and has been confirmed exploitable special thanks to Rustam Amin for providing the steps to reproduce.​
2023-01-26​
not yet calculated​
CVE-2023-24508
MISC
MISC
bind9 -- bind9​
Sending a flood of dynamic DNS updates may cause named to allocate large amounts of memory. This, in turn, may cause named to exit due to a lack of free memory. We are not aware of any cases where this has been exploited. Memory is allocated prior to the checking of access permissions (ACLs) and is retained during the processing of a dynamic update from a client whose access credentials are accepted. Memory allocated to clients that are not permitted to send updates is released immediately upon rejection. The scope of this vulnerability is limited therefore to trusted clients who are permitted to make dynamic zone changes. If a dynamic update is REFUSED, memory will be released again very quickly. Therefore it is only likely to be possible to degrade or stop named by sending a flood of unaccepted dynamic updates comparable in magnitude to a query flood intended to achieve the same detrimental outcome. BIND 9.11 and earlier branches are also affected, but through exhaustion of internal resources rather than memory constraints. This may reduce performance but should not be a significant problem for most servers. Therefore we don't intend to address this for BIND versions prior to BIND 9.16. This issue affects BIND 9 versions 9.16.0 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.8-S1 through 9.16.36-S1.​
2023-01-26​
not yet calculated​
CVE-2022-3094
MISC
bind9 -- bind9​
Processing of repeated responses to the same query, where both responses contain ECS pseudo-options, but where the first is broken in some way, can cause BIND to exit with an assertion failure. 'Broken' in this context is anything that would cause the resolver to reject the query response, such as a mismatch between query and answer name. This issue affects BIND 9 versions 9.11.4-S1 through 9.11.37-S1 and 9.16.8-S1 through 9.16.36-S1.​
2023-01-26​
not yet calculated​
CVE-2022-3488
MISC
bind9 -- bind9​
BIND 9 resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to a positive integer, and the resolver receives an RRSIG query. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.​
2023-01-26​
not yet calculated​
CVE-2022-3736
MISC
bind9 -- bind9​
This issue can affect BIND 9 resolvers with stale-answer-enable yes; that also make use of the option stale-answer-client-timeout, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will be a corresponding increase in the number of clients that are waiting for recursion to complete. If there are sufficient clients already waiting when a new client query is received so that it is necessary to SERVFAIL the longest waiting client (see BIND 9 ARM recursive-clients limit and soft quota), then it is possible for a race to occur between providing a stale answer to this older client and sending an early timeout SERVFAIL, which may cause an assertion failure. This issue affects BIND 9 versions 9.16.12 through 9.16.36, 9.18.0 through 9.18.10, 9.19.0 through 9.19.8, and 9.16.12-S1 through 9.16.36-S1.​
2023-01-26​
not yet calculated​
CVE-2022-3924
MISC
binutils -- binutils​
An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.​
2023-01-27​
not yet calculated​
CVE-2022-4285
MISC
MISC
MISC
bloofoxcms-- bloofoxcms​
bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php.​
2023-01-26​
not yet calculated​
CVE-2023-23151
MISC
bluetooth -- hci​
Inconsistent handling of error cases in bluetooth hci may lead to a double free condition of a network buffer.​
2023-01-25​
not yet calculated​
CVE-2022-3806
MISC
broadcom -- symantec_identity_manager​
An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.​
2023-01-26​
not yet calculated​
CVE-2023-23949
MISC
broadcom -- symantec_identity_manager​
User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.​
2023-01-26​
not yet calculated​
CVE-2023-23950
MISC
broadcom -- symantec_identity_manager​
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application​
2023-01-26​
not yet calculated​
CVE-2023-23951
MISC
btcpayserver -- btcpayserver​
Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5.​
2023-01-26​
not yet calculated​
CVE-2023-0493
CONFIRM
MISC
byacc -- malloc​
When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free).​
2023-01-20​
not yet calculated​
CVE-2021-33641
MISC
byacc -- malloc
When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function.​
2023-01-20​
not yet calculated​
CVE-2021-33642
MISC
campbell_scientific -- multiple_products​
Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files.​
2023-01-26​
not yet calculated​
CVE-2023-0321
CONFIRM
CONFIRM
canvas-lms -- canvas-lms​
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).​
2023-01-26​
not yet calculated​
CVE-2021-36539
MISC
centreon-- centreon​
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-18304.​
2023-01-26​
not yet calculated​
CVE-2022-41142
N/A
N/A
checkmk -- checkmk
Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected.​
2023-01-26​
not yet calculated​
CVE-2023-0284
MISC
chinamobile -- plc_wireless_router​
An issue was discovered in the default configuration of ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), allows attackers to gain access to the configuration interface.​
2023-01-26​
not yet calculated​
CVE-2020-18330
MISC
MISC
chinamobile -- plc_wireless_router​
Directory traversal vulnerability in ChinaMobile PLC Wireless Router model GPN2.4P21-C-CN running the firmware version W2000EN-01(hardware platform Gpn2.4P21-C_WIFI-V0.05), via the getpage parameter to /cgi-bin/webproc.​
2023-01-26​
not yet calculated​
CVE-2020-18331
MISC
MISC
citrix -- multiple_products​
Authenticated denial of service​
2023-01-26​
not yet calculated​
CVE-2022-27507
MISC
citrix -- multiple_products​
Unauthenticated denial of service​
2023-01-26​
not yet calculated​
CVE-2022-27508
MISC
contiki-ng -- contiki-ng​
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol (BLE-L2CAP) module handles fragmentation of packets up the configured MTU size. When fragments are reassembled, they are stored in a packet buffer of a configurable size, but there is no check to verify that the packet buffer is large enough to hold the reassembled packet. In Contiki-NG's default configuration, it is possible that an out-of-bounds write of up to 1152 bytes occurs. The vulnerability has been patched in the "develop" branch of Contiki-NG, and will be included in release 4.9. The problem can be fixed by applying the patch in Contiki-NG pull request #2254 prior to the release of version 4.9.​
2023-01-26​
not yet calculated​
CVE-2023-23609
MISC
MISC
correos -- prestashop​
A vulnerability in the descarga_etiqueta.php component of Correos Prestashop 1.7.x allows attackers to execute a directory traversal.​
2023-01-23​
not yet calculated​
CVE-2022-46639
MISC
cuppacms -- cuppacms​
Session fixation vulnerability in CuppaCMS thru commit 4c9b742b23b924cf4c1f943f48b278e06a17e297 on November 12, 2019 allows attackers to gain access to arbitrary user sessions.​
2023-01-20​
not yet calculated​
CVE-2021-29368
MISC
cybereason -- edr​
Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with elevated privileges.​
2023-01-20​
not yet calculated​
CVE-2020-25502
MISC
MISC
MISC
d-link -- dir-2150​
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15727.​
2023-01-26​
not yet calculated​
CVE-2022-40717
N/A
N/A
d-link -- dir-2150​
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15728.​
2023-01-26​
not yet calculated​
CVE-2022-40718
N/A
N/A
d-link -- dir-2150​
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the xupnpd_generic.lua plugin for the xupnpd service, which listens on TCP port 4044 by default. When parsing the feed parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-15906.​
2023-01-26​
not yet calculated​
CVE-2022-40719
N/A
N/A
d-link -- dir-2150​
This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on TCP port 4044 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the router. Was ZDI-CAN-15935.​
2023-01-26​
not yet calculated​
CVE-2022-40720
N/A
N/A
d-link -- dir_878_fw1.30b08​
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /setnetworksettings/IPAddress. This vulnerability allows attackers to escalate privileges to root via a crafted payload.​
2023-01-27​
not yet calculated​
CVE-2022-48107
MISC
MISC
d-link -- dir_878_fw1.30b08​
D-Link DIR_878_FW1.30B08 was discovered to contain a command injection vulnerability via the component /SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate privileges to root via a crafted payload.​
2023-01-27​
not yet calculated​
CVE-2022-48108
MISC
MISC
d-link -- multiple_products​
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-13796.​
2023-01-26​
not yet calculated​
CVE-2022-41140
N/A
N/A
dasherr -- dasherr​
erohtar/Dasherr is a dashboard for self-hosted services. In affected versions unrestricted file upload allows any unauthenticated user to execute arbitrary code on the server. The file /www/include/filesave.php allows for any file to uploaded to anywhere. If an attacker uploads a php file they can execute code on the server. This issue has been addressed in version 1.05.00. Users are advised to upgrade. There are no known workarounds for this issue.​
2023-01-20​
not yet calculated​
CVE-2023-23607
MISC
MISC
dell -- realtek​
An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.​
2023-01-26​
not yet calculated​
CVE-2022-34405
MISC
delta_electronics -- infrasuite_device_master​
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privileged user to log in as an administrator.​
2023-01-26​
not yet calculated​
CVE-2023-0444
MISC
dentsply_sirona -- sidexis4​
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.​
2023-01-26​
not yet calculated​
CVE-2022-44263
MISC
MISC
dentsply_sirona -- sidexis4​
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Unquoted Service Path.​
2023-01-26​
not yet calculated​
CVE-2022-44264
MISC
MISC
dentsply_sirona -- sidexis4​
SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.​
2023-01-26​
not yet calculated​
CVE-2022-44297
MISC
dentsply_sirona -- sidexis4​
SiteServer CMS 7.1.3 is vulnerable to SQL Injection.​
2023-01-27​
not yet calculated​
CVE-2022-44298
MISC
devolutions -- remote_desktop_manager​
The force offline MFA prompt setting is not respected when switching to offline mode in Devolutions Remote Desktop Manager 2022.3.29 to 2022.3.30 allows a user to save sensitive data on disk.​
2023-01-26​
not yet calculated​
CVE-2023-0463
MISC
discourse -- discourse​
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.​
2023-01-26​
not yet calculated​
CVE-2023-22739
MISC
discourse -- discourse​
Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.​
2023-01-27​
not yet calculated​
CVE-2023-22740
MISC
MISC
discourse -- discourse​
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, when submitting a membership request, there is no character limit for the reason provided with the request. This could potentially allow a user to flood the database with a large amount of data. However it is unlikely this could be used as part of a DoS attack, as the paths reading back the reasons are only available to administrators. Starting in version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, a limit of 280 characters has been introduced for membership requests.​
2023-01-28​
not yet calculated​
CVE-2023-23616
MISC
CONFIRM
MISC
MISC
discourse -- discourse​
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches, the contents of latest/top routes for restricted tags can be accessed by unauthorized users. This issue is patched in version 3.0.1 on the stable branch and 3.1.0.beta2 on the beta and tests-passed branches. There are no known workarounds.​
2023-01-28​
not yet calculated​
CVE-2023-23620
CONFIRM
MISC
MISC
discourse -- discourse​
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, a malicious user can cause a regular expression denial of service using a carefully crafted user agent. This issue is patched in version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches. There are no known workarounds.​
2023-01-28​
not yet calculated​
CVE-2023-23621
MISC
MISC
MISC
discourse -- discourse​
Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the exclude_tag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse site using hidden tags in public categories. This issue is patched in version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches. As a workaround, secure any categories that are using hidden tags, change any existing hidden tags to not include private data, or remove any hidden tags currently in use.​
2023-01-28​
not yet calculated​
CVE-2023-23624
MISC
MISC
MISC
discourse -- discourse
Discourse is an open source platform for community discussion. Versions prior to 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed), are vulnerable to cross-site Scripting. A maliciously crafted URL can be included in a post to carry out cross-site scripting attacks on sites with disabled or overly permissive CSP (Content Security Policy). Discourse's default CSP prevents this vulnerability. This vulnerability is patched in versions 2.8.13 (stable), 3.0.0.beta16 (beta) and 3.0.0beta16 (tests-passed). As a workaround, enable and/or restore your site's CSP to the default one provided with Discourse.​
2023-01-26​
not yet calculated​
CVE-2023-22468
MISC
doctor_appointment_management_system -- doctor_appointment_management_system​
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.​
2023-01-26​
not yet calculated​
CVE-2022-45730
MISC
MISC
eclipse -- glassfish​
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.​
2023-01-27​
not yet calculated​
CVE-2022-2712
CONFIRM
econolite -- eos​
All versions of Econolite EOS traffic control software are vulnerable to CWE-284: Improper Access Control, and lack a password requirement for gaining “READONLY” access to log files, as well as certain database and configuration files. One such file contains tables with message-digest algorithm 5 (MD5) hashes and usernames for all defined users in the control software, including administrators and technicians.​
2023-01-26​
not yet calculated​
CVE-2023-0451
MISC
econolite -- eos​
All versions of Econolite EOS traffic control software are vulnerable to CWE-328: Use of Weak Hash, and use a weak hash algorithm for encrypting privileged user credentials. A configuration file that is accessible without authentication uses MD5 hashes for encrypting credentials, including those of administrators and technicians.​
2023-01-26​
not yet calculated​
CVE-2023-0452
MISC
edgenexus -- jetnexus​
The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an unauthenticated context via unspecified vectors​
2023-01-23​
not yet calculated​
CVE-2022-37718
MISC
MISC
edgenexus -- jetnexus​
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.​
2023-01-23​
not yet calculated​
CVE-2022-37719
MISC
MISC
elastic -- endpoint_security​
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.​
2023-01-26​
not yet calculated​
CVE-2022-38774
MISC
MISC
elastic -- endpoint_security​
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.​
2023-01-26​
not yet calculated​
CVE-2022-38775
MISC
MISC
gentoo -- gentoo​
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.​
2023-01-26​
not yet calculated​
CVE-2020-36657
MISC
gentoo -- gentoo
man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)​
2023-01-26​
not yet calculated​
CVE-2018-25078
MISC

gitee -- mingsoft_mcms
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.​
2023-01-26​
not yet calculated​
CVE-2022-47042
MISC
github -- cmark-gfm​
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to several polynomial time complexity issues in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. Various commands, when piped to cmark-gfm with large values, cause the running time to increase quadratically. These vulnerabilities have been patched in version 0.29.0.gfm.7.​
2023-01-23​
not yet calculated​
CVE-2023-22483
MISC
github -- cmark-gfm​
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 are subject to a polynomial time complexity issue in cmark-gfm that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.​
2023-01-23​
not yet calculated​
CVE-2023-22484
MISC
github -- cmark-gfm​
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handle_close_bracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has been patched in 0.29.0.gfm.7.​
2023-01-26​
not yet calculated​
CVE-2023-22486
MISC
github -- cmark-gfm
cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. In versions prior 0.29.0.gfm.7, a crafted markdown document can trigger an out-of-bounds read in the validate_protocol function. We believe this bug is harmless in practice, because the out-of-bounds read accesses malloc metadata without causing any visible damage.This vulnerability has been patched in 0.29.0.gfm.7.​
2023-01-24​
not yet calculated​
CVE-2023-22485
MISC
gitlab -- gitlab​
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible to trigger a DoS attack by uploading a malicious nuget package.​
2023-01-26​
not yet calculated​
CVE-2022-3478
MISC
CONFIRM
MISC
gitlab -- gitlab​
An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only​
2023-01-26​
not yet calculated​
CVE-2022-3482
MISC
CONFIRM
MISC
gitlab -- gitlab​
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions from 13.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the Jira Connect integration which could lead to a reflected XSS that allowed attackers to perform arbitrary actions on behalf of victims.​
2023-01-26​
not yet calculated​
CVE-2022-3572
CONFIRM
MISC
MISC
gitlab -- gitlab​
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .​
2023-01-26​
not yet calculated​
CVE-2022-3740
MISC
MISC
CONFIRM
gitlab -- gitlab​
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location.​
2023-01-26​
not yet calculated​
CVE-2022-3820
CONFIRM
MISC
gitlab -- gitlab​
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to unmask webhook secret tokens by reviewing the logs after testing webhooks.​
2023-01-26​
not yet calculated​
CVE-2022-3902
CONFIRM
MISC
MISC
gitlab -- gitlab​
A blind SSRF in GitLab CE/EE affecting all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 allows an attacker to connect to local addresses when configuring a malicious GitLab Runner.​
2023-01-27​
not yet calculated​
CVE-2022-4201
CONFIRM
MISC
gitlab -- gitlab​
In Gitlab EE/CE before 15.6.1, 15.5.5 and 15.4.6 using a branch with a hexadecimal name could override an existing hash.​
2023-01-27​
not yet calculated​
CVE-2022-4205
MISC
CONFIRM
gitlab -- gitlab​
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.​
2023-01-27​
not yet calculated​
CVE-2022-4255
MISC
CONFIRM
gitlab -- gitlab
An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.​
2023-01-26​
not yet calculated​
CVE-2022-4054
MISC
MISC
CONFIRM
gitlab -- gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.​
2023-01-26​
not yet calculated​
CVE-2022-4092
MISC
CONFIRM
MISC
gitlab -- gitlab
A blind SSRF vulnerability was identified in all versions of GitLab EE prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which allows an attacker to connect to a local host.​
2023-01-27​
not yet calculated​
CVE-2022-4335
MISC
CONFIRM
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.​
2023-01-26​
not yet calculated​
CVE-2022-41941
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6 are vulnerable to Incorrect Authorization. This vulnerability allow unauthorized access to inventory files. Thus, if anonymous access to FAQ is allowed, inventory files are accessbile by unauthenticated users. This issue is patched in version 10.0.6. As a workaround, disable native inventory and delete inventory files from server (default location is files/_inventory).​
2023-01-26​
not yet calculated​
CVE-2023-22500
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions 9.4.0 and above, prior to 10.0.6 are subject to Cross-site Scripting. An attacker can persuade a victim into opening a URL containing a payload exploiting this vulnerability. After exploited, the attacker can make actions as the victim or exfiltrate session cookies. This issue is patched in version 10.0.6.​
2023-01-26​
not yet calculated​
CVE-2023-22722
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions prior to 10.0.6 are subject to Cross-site Scripting via malicious RSS feeds. An Administrator can import a malicious RSS feed that contains Cross Site Scripting (XSS) payloads inside RSS links. Victims who wish to visit an RSS content and click on the link will execute the Javascript. This issue is patched in 10.0.6.​
2023-01-26​
not yet calculated​
CVE-2023-22724
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions 0.6.0 and above, prior to 10.0.6 are vulnerable to Cross-site Scripting. This vulnerability allow for an administrator to create a malicious external link. This issue is patched in 10.0.6.​
2023-01-26​
not yet calculated​
CVE-2023-22725
MISC
glpi -- glpi​
GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access (including assets, tickets, users, ...). This issue is patched in 10.0.6.​
2023-01-26​
not yet calculated​
CVE-2023-23610
MISC
go -- sonic​
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.​
2023-01-23​
not yet calculated​
CVE-2022-46959
MISC
google -- android​
In getTrampolineIntent of SettingsActivity.java, there is a possible launch of arbitrary activity due to an Intent mismatch in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12L Android-13Android ID: A-246300272​
2023-01-26​
not yet calculated​
CVE-2023-20904
MISC
google -- android​
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-241387741​
2023-01-26​
not yet calculated​
CVE-2023-20905
MISC
google -- android​
In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-239415861​
2023-01-26​
not yet calculated​
CVE-2023-20908
MISC
google -- android​
In onActivityResult of AvatarPickerActivity.java, there is a possible way to access images belonging to other users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-246301995​
2023-01-26​
not yet calculated​
CVE-2023-20912
MISC
google -- android​
In onCreate of PhoneAccountSettingsActivity.java and related files, there is a possible way to mislead the user into enabling a malicious phone account due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246933785​
2023-01-26​
not yet calculated​
CVE-2023-20913
MISC
google -- android​
In addOrReplacePhoneAccount of PhoneAccountRegistrar.java, there is a possible way to enable a phone account without user interaction due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-246930197​
2023-01-26​
not yet calculated​
CVE-2023-20915
MISC
google -- android​
In getMainActivityLaunchIntent of LauncherAppsService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-229256049​
2023-01-26​
not yet calculated​
CVE-2023-20916
MISC
google -- android​
In getStringsForPrefix of Settings.java, there is a possible prevention of package uninstallation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-252663068​
2023-01-26​
not yet calculated​
CVE-2023-20919
MISC
google -- android​
In queue of UsbRequest.java, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-204584366​
2023-01-26​
not yet calculated​
CVE-2023-20920
MISC
google -- android​
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-243378132​
2023-01-26​
not yet calculated​
CVE-2023-20921
MISC
google -- android​
In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-237291548​
2023-01-26​
not yet calculated​
CVE-2023-20922
MISC
google -- android​
In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A​
2023-01-26​
not yet calculated​
CVE-2023-20923
MISC
google -- android​
In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A​
2023-01-26​
not yet calculated​
CVE-2023-20924
MISC
google -- android​
In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-236674672References: N/A​
2023-01-26​
not yet calculated​
CVE-2023-20925
MISC
google -- android​
In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel​
2023-01-26​
not yet calculated​
CVE-2023-20928
MISC
gpac -- gpac​
Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. GPAC version 2.3-DEV-rev1-g4669ba229-master.​
2023-01-20​
not yet calculated​
CVE-2023-23143
MISC
gpac -- gpac​
Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master.​
2023-01-20​
not yet calculated​
CVE-2023-23144
MISC
gpac -- gpac​
GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function.​
2023-01-20​
not yet calculated​
CVE-2023-23145
MISC
grafana -- grafana​
Grafana is an open-source platform for monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user can create a snapshot and arbitrarily choose the originalUrl parameter by editing the query, thanks to a web proxy. When another user opens the URL of the snapshot, they will be presented with the regular web interface delivered by the trusted Grafana server. The Open original dashboard button no longer points to the to the real original dashboard but to the attacker’s injected URL. This issue is fixed in versions 8.5.16 and 9.2.8.​
2023-01-27​
not yet calculated​
CVE-2022-39324
MISC
MISC
MISC
MISC
MISC
grafana -- grafana
Grafana is an open-source platform for monitoring and observability. Starting with the 8.1 branch and prior to versions 8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the core plugin GeoMap. The stored XSS vulnerability was possible because SVG files weren't properly sanitized and allowed arbitrary JavaScript to be executed in the context of the currently authorized user of the Grafana instance. An attacker needs to have the Editor role in order to change a panel to include either an external URL to a SVG-file containing JavaScript, or use the data: scheme to load an inline SVG-file containing JavaScript. This means that vertical privilege escalation is possible, where a user with Editor role can change to a known password for a user having Admin role if the user with Admin role executes malicious JavaScript viewing a dashboard. Users may upgrade to version 8.5.16, 9.2.10, or 9.3.4 to receive a fix.​
2023-01-27​
not yet calculated​
CVE-2022-23552
MISC
MISC
MISC
MISC
MISC
hacklcs -- hfish
An issue was discovered in HFish 0.5.1. When a payload is inserted where the name is entered, XSS code is triggered when the administrator views the information.​
2023-01-26​
not yet calculated​
CVE-2020-22327
MISC
haven -- haven​
Haven 5d15944 allows Server-Side Request Forgery (SSRF) via the feed= Feeds functionality. Authenticate...vd.cfm?cvename=CVE-2023-24060']CVE-2023-24060
MISC
MISC


[TR]
[TD]
healthchecks -- healthchecks​
[/TD]
[TD]
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository healthchecks/healthchecks prior to v2.6.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0440
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
hl7 -- fhir-ig-publisher​
[/TD]
[TD]
HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged terminology cache, NPM package, or comparison archive).​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24057
MISC[/TD]
[/TR]
[TR]
[TD]
html-stripscripts -- html-stripscripts​
[/TD]
[TD]
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.​
[/TD]
[TD]
2023-01-21​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24038
MISC[/TD]
[/TR]
[TR]
[TD]
hughes_network_systems -- hx200​
[/TD]
[TD]
Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows unauthenticated attackers to misuse frames, include JS/HTML code and steal sensitive information from legitimate users of the application.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22971
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ibm -- N/A
[/TD]
[TD]
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43864
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ibm -- N/A
[/TD]
[TD]
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43917
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ibm -- identity_manager​
[/TD]
[TD]
IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-22462
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
id_software_project_and_consultancy_services -- b2b_customer_ordering_system​
[/TD]
[TD]
B2B Customer Ordering System developed by ID Software Project and Consultancy Services before version 1.0.0.347 has an authenticated Reflected XSS vulnerability. This has been fixed in the version 1.0.0.347.​
[/TD]
[TD]
2023-01-24​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4554
CONFIRM[/TD]
[/TR]
[TR]
[TD]
isoftforce -- dreamer_cms​
[/TD]
[TD]
A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.3 is able to address this issue. It is recommended to upgrade the affected component. VDB-219334 is the identifier assigned to this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0513
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
italtel -- netmatch-s_cl​
[/TD]
[TD]
Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassing all controls (without checking for user identity).​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39811
MISC[/TD]
[/TR]
[TR]
[TD]
italtel -- netmatch-s_cl​
[/TD]
[TD]
Italtel NetMatch-S CI 5.2.0-20211008 allows Absolute Path Traversal under NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an arbitrary path. An attacker can change the uploadDir parameter in a POST request (not possible using the GUI) to an arbitrary directory. Because the application does not check in which directory a file will be uploaded, an attacker can perform a variety of attacks that can result in unauthorized access to the server.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39812
MISC[/TD]
[/TR]
[TR]
[TD]
italtel -- netmatch-s_cl​
[/TD]
[TD]
Italtel NetMatch-S CI 5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under NMSCIWebGui/j_security_check via the j_username parameter, or NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker leveraging this vulnerability could inject arbitrary JavaScript. The payload would then be triggered every time an authenticated user browses the page containing it.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39813
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24422
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24423
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24424
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24425
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24426
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24427
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24428
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24429
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24430
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24431
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24432
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24433
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24434
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24435
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24436
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24437
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24438
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24439
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24440
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24441
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24442
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24443
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24444
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24445
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24447
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified username and password.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24448
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins PWauth Security Realm Plugin 0.4 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24449
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24451
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and password.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24452
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and password.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24453
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24454
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins visualexpert Plugin 1.3 and earlier does not restrict the names of files in methods implementing form validation, allowing attackers with Item/Configure permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24455
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24456
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24457
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24458
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins​
[/TD]
[TD]
A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24459
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins
[/TD]
[TD]
A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24446
MISC[/TD]
[/TR]
[TR]
[TD]
jenkins -- jenkins
[/TD]
[TD]
Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24450
MISC[/TD]
[/TR]
[TR]
[TD]
jorani -- jorani​
[/TD]
[TD]
Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48118
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- ideapad​
[/TD]
[TD]
A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-3432
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- leyun​
[/TD]
[TD]
An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-1109
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- notebook​
[/TD]
[TD]
A buffer overflow in the ReadyBootDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-1890
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- notebook​
[/TD]
[TD]
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-1891
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- notebook​
[/TD]
[TD]
A buffer overflow in the SystemBootManagerDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-1892
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- notebook​
[/TD]
[TD]
A potential vulnerability in the WMI Setup driver on some consumer Lenovo Notebook devices may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-3430
MISC[/TD]
[/TR]
[TR]
[TD]
lenovo -- safecenter​
[/TD]
[TD]
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4816
MISC[/TD]
[/TR]
[TR]
[TD]
lexmark -- multiple_products​
[/TD]
[TD]
Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22960
MISC[/TD]
[/TR]
[TR]
[TD]
lexmark -- multiple_products​
[/TD]
[TD]
In certain Lexmark products through 2023-01-12, SSRF can occur because of a lack of input validation.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23560
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
libgit2 -- libgit2​
[/TD]
[TD]
libgit2 is a cross-platform, linkable library implementation of Git. When using an SSH remote with the optional libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificate_check field of libgit2's git_remote_callbacks structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack. Users are encouraged to upgrade to v1.4.5 or v1.5.1. Users unable to upgrade should ensure that all relevant certificates are manually checked.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22742
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
libtiff -- libtiff​
[/TD]
[TD]
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48281
MISC
MISC
DEBIAN[/TD]
[/TR]
[TR]
[TD]
lightftp -- lightftp​
[/TD]
[TD]
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.​
[/TD]
[TD]
2023-01-21​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24042
MISC[/TD]
[/TR]
[TR]
[TD]
limesurvey -- limesurvey​
[/TD]
[TD]
An arbitrary file upload vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to execute arbitrary code via a crafted PHP file.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48008
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- linux_kernel​
[/TD]
[TD]
An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4139
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- linux_kernel​
[/TD]
[TD]
A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0394
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- linux_kernel​
[/TD]
[TD]
A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. This flaw may cause a NULL pointer dereference.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0468
MISC[/TD]
[/TR]
[TR]
[TD]
linux -- linux_kernel​
[/TD]
[TD]
A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0469
MISC[/TD]
[/TR]
[TR]
[TD]
metabase -- metabase​
[/TD]
[TD]
Metabase is an open source data analytics platform. Affected versions are subject to Exposure of Sensitive Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view data about other Metabase users anywhere in the Metabase application. However, when a sandbox user views the settings for a dashboard subscription, and another user has added users to that subscription, the sandboxed user is able to view the list of recipients for that subscription. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no workarounds.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23628
MISC[/TD]
[/TR]
[TR]
[TD]
metabase -- metabase​
[/TD]
[TD]
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a dashboard subscription, add people with fewer data privileges, and all recipients of that subscription receive the same data: the charts shown in the email would abide by the privileges of the user who created the subscription. The issue is users with fewer privileges who can view a dashboard are able to add themselves to a dashboard subscription created by someone with additional data privileges, and thus get access to more data via email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins can disable the "Subscriptions and Alerts" permission for groups that have restricted data permissions, as a workaround.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23629
MISC[/TD]
[/TR]
[TR]
[TD]
misp -- misp​
[/TD]
[TD]
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24070
MISC[/TD]
[/TR]
[TR]
[TD]
mitsubishi_electric -- multiple_products
[/TD]
[TD]
Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/z (x=24,40,60, y=T,R, z=ES,ESS) versions 1.042 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UJ-xMy/ES-A (x=24,40,60, y=T,R) versions 1.043 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5S-xMy/z (x=30,40,60,80, y=T,R, z=ES,ESS) versions 1.003 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40267
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
modoboa -- modoboa​
[/TD]
[TD]
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0438
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
modoboa -- modoboa​
[/TD]
[TD]
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0470
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
modoboa -- modoboa​
[/TD]
[TD]
Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0519
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
modsecurity -- modsecurity​
[/TD]
[TD]
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C language) codebase.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48279
MISC
MISC
MISC
MISC
MISC
MLIST[/TD]
[/TR]
[TR]
[TD]
modsecurity -- web_application_firewall​
[/TD]
[TD]
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer overflows on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24021
MISC
MISC
MISC
MLIST[/TD]
[/TR]
[TR]
[TD]
nektos -- act​
[/TD]
[TD]
act is a project which allows for local running of github actions. The artifact server that stores artifacts from Github Action runs does not sanitize path inputs. This allows an attacker to download and overwrite arbitrary files on the host from a Github Action. This issue may lead to privilege escalation. The /upload endpoint is vulnerable to path traversal as filepath is user controlled, and ultimately flows into os.Mkdir and os.Open. The /artifact endpoint is vulnerable to path traversal as the path is variable is user controlled, and the specified file is ultimately returned by the server. This has been addressed in version 0.2.40. Users are advised to upgrade. Users unable to upgrade may, during implementation of Open and OpenAtEnd for FS, ensure to use ValidPath() to check against path traversal or clean the user-provided paths manually.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22726
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
netgear -- nighthawk_r6220_ac1200​
[/TD]
[TD]
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47052
MISC[/TD]
[/TR]
[TR]
[TD]
netiq -- identity_manager​
[/TD]
[TD]
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-26329
CONFIRM[/TD]
[/TR]
[TR]
[TD]
netiq -- imanager​
[/TD]
[TD]
Cross-site Scripting (XSS) vulnerability in NetIQ iManager prior to version 3.2.6 allows attacker to execute malicious scripts on the user's browser. This issue affects: Micro Focus NetIQ iManager NetIQ iManager versions prior to 3.2.6 on ALL.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38758
CONFIRM[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 1 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44024
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 2 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44025
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 3 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44026
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 4 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44027
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 5 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44028
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting (XSS), issue 6 of 6.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44029
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44715
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 1 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44717
MISC[/TD]
[/TR]
[TR]
[TD]
netscout -- ngeniusone​
[/TD]
[TD]
An issue was discovered in NetScout nGeniusONE 6.3.2 build 904. Open Redirection can occur (issue 2 of 2). After successful login, an attacker must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host. The attack vector is Network, and the Attack Complexity required is High. Privileges required are administrator, User Interaction is required, and Scope is unchanged. The user must visit the vulnerable parameter and inject a crafted payload to successfully redirect to an unknown host.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44718
MISC[/TD]
[/TR]
[TR]
[TD]
nyuccl -- psiturk​
[/TD]
[TD]
A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elements used in a template engine. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.1 is able to address this issue. The name of the patch is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-219676.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-4315
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
on-x -- sage_frp_1000
[/TD]
[TD]
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers to access files outside of the web tree via a crafted URL.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2019-25053
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43444
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43445
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43446
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43447
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43448
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
onlyoffice -- onlyoffice​
[/TD]
[TD]
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-43449
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
opencats -- opencats​
[/TD]
[TD]
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48010
MISC[/TD]
[/TR]
[TR]
[TD]
opencats -- opencats​
[/TD]
[TD]
Opencats v0.9.7 was discovered to contain a SQL injection vulnerability via the importID parameter in the Import viewerrors function.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48011
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
opencats -- opencats​
[/TD]
[TD]
Opencats v0.9.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /opencats/index.php?m=settings&a=ajax_tags_upd.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48012
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
opencats -- opencats
[/TD]
[TD]
Opencats v0.9.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /opencats/index.php?m=calendar. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Title text fields.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48013
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openedx -- xblock-lti-consumer​
[/TD]
[TD]
LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back for any LTI XBlock so long as it knows or can guess the block location for that XBlock. An LTI tool submits scores to the edX platform for line items. The code that uploads that score to the LMS grade tables determines which XBlock to upload the grades for by reading the resource_link_id field of the associated line item. The LTI tool may submit any value for the resource_link_id field, allowing a malicious LTI tool to submit scores for any LTI XBlock on the platform. The impact is a loss of integrity for LTI XBlock grades. This issue is patched in 7.2.2. No workarounds exist.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23611
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- magneto-lts​
[/TD]
[TD]
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin users to execute arbitrary commands via block methods. Versions 19.4.22 and 20.0.19 contain patches for this issue.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-39217
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- magneto-lts​
[/TD]
[TD]
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-41143
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- magneto-lts​
[/TD]
[TD]
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, a layout block was able to bypass the block blacklist to execute remote code. Versions 19.4.22 and 20.0.19 contain a patch for this issue.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-41144
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- magneto-lts​
[/TD]
[TD]
OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-41231
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- magneto_lts​
[/TD]
[TD]
Magneto LTS (Long Term Support) is a community developed alternative to the Magento CE official releases. Versions prior to 19.4.22 and 20.0.19 are vulnerable to Cross-Site Request Forgery. The password reset form is vulnerable to CSRF between the time the reset password link is clicked and user submits new password. This issue is patched in versions 19.4.22 and 20.0.19. There are no workarounds.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-21395
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openmage -- openmage_lts
[/TD]
[TD]
OpenMage LTS is an e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite loop in malicious code filter in certain conditions. Versions 19.4.22 and 20.0.19 have a fix for this issue. There are no known workarounds.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23617
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
opensearch -- opensearch​
[/TD]
[TD]
OpenSearch is an open source distributed and RESTful search engine. OpenSearch uses JWTs to store role claims obtained from the Identity Provider (IdP) when the authentication backend is SAML or OpenID Connect. There is an issue in how those claims are processed from the JWTs where the leading and trailing whitespace is trimmed, allowing users to potentially claim roles they are not assigned to if any role matches the whitespace-stripped version of the roles they are a member of. This issue is only present for authenticated users, and it requires either the existence of roles that match, not considering leading/trailing whitespace, or the ability for users to create said matching roles. In addition, the Identity Provider must allow leading and trailing spaces in role names. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. There are no known workarounds for this issue.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23612
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
opensearch -- opensearch​
[/TD]
[TD]
OpenSearch is an open source distributed and RESTful search engine. In affected versions there is an issue in the implementation of field-level security (FLS) and field masking where rules written to explicitly exclude fields are not correctly applied for certain queries that rely on their auto-generated .keyword fields. This issue is only present for authenticated users with read access to the indexes containing the restricted fields. This may expose data which may otherwise not be accessible to the user. OpenSearch 1.0.0-1.3.7 and 2.0.0-2.4.1 are affected. Users are advised to upgrade to OpenSearch 1.3.8 or 2.5.0. Users unable to upgrade may write explicit exclusion rules as a workaround. Policies authored in this way are not subject to this issue.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23613
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
openstack -- cinder​
[/TD]
[TD]
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47951
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
orange -- casiers​
[/TD]
[TD]
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22630
MISC[/TD]
[/TR]
[TR]
[TD]
pandora-fms -- pandora-fms​
[/TD]
[TD]
There is a Path Traversal that leads to a Local File Inclusion in Pandora FMS v764. A function is called to check that the parameter that the user has inserted does not contain malicious characteres, but this check is insufficient. An attacker could insert an absolute path to overcome the heck, thus being able to incluse any PHP file that resides on the disk. The exploitation of this vulnerability could lead to a remote code execution.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43979
CONFIRM[/TD]
[/TR]
[TR]
[TD]
pandora-fms -- pandora-fms​
[/TD]
[TD]
There is a stored cross-site scripting vulnerability in Pandora FMS v765 in the network maps editing functionality. An attacker could modify a network map, including on purpose the name of an XSS payload. Once created, if a user with admin privileges clicks on the edited network maps, the XSS payload will be executed. The exploitation of this vulnerability could allow an atacker to steal the value of the admin user´s cookie.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43980
CONFIRM[/TD]
[/TR]
[TR]
[TD]
pandora-fms -- pandora-fms
[/TD]
[TD]
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43978
CONFIRM[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18225.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41143
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18282.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41144
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18283.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41145
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18284.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41146
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18286.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41147
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18338.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41148
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18339.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41149
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18340.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41150
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18341.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41151
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18343.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41153
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18344.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42369
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18345.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42370
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18346.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42371
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18402.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42373
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18403.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42374
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18404.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42375
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18529.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42376
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18630.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42377
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18631.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42378
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18648.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42379
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18649.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42380
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18650.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42381
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18651.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42382
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18652.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42383
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18653.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42384
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor​
[/TD]
[TD]
This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-18654.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42385
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18342.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41152
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
pdf-xchange -- pdf-xchange_editor
[/TD]
[TD]
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. Crafted data in a U3D file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-18347.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42372
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
phicomm -- k2_router​
[/TD]
[TD]
Phicomm K2 v22.6.534.263 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48070
MISC[/TD]
[/TR]
[TR]
[TD]
phicomm -- k2_router​
[/TD]
[TD]
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48071
MISC[/TD]
[/TR]
[TR]
[TD]
phicomm -- k2_router​
[/TD]
[TD]
Phicomm K2G v22.6.3.20 was discovered to contain a command injection vulnerability via the autoUpTime parameter in the automatic upgrade function.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48072
MISC[/TD]
[/TR]
[TR]
[TD]
phicomm -- k2_router​
[/TD]
[TD]
Phicomm K2 v22.6.534.263 was discovered to store the root and admin passwords in plaintext.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48073
MISC[/TD]
[/TR]
[TR]
[TD]
phpgurukul -- doctor_appointment_management_system​
[/TD]
[TD]
phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46128
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
phpgurukul -- phpgurukul​
[/TD]
[TD]
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input "><script>alert(document.domain)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219596.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0527
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
phpgurukul -- phpgurukul
[/TD]
[TD]
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0562
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
phpgurukul -- phpgurukul​
[/TD]
[TD]
A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219717 was assigned to this vulnerability.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0563
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
phpgurukul -- small_crm_php​
[/TD]
[TD]
A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47073
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
phpmyadmin -- phpmyadmin​
[/TD]
[TD]
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22452
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
pi-hole -- adminlte​
[/TD]
[TD]
Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Versions 4.0 and above, prior to 5.18.3 are vulnerable to Insufficient Session Expiration. Improper use of admin WEBPASSWORD hash as "Remember me for 7 days" cookie value makes it possible for an attacker to "pass the hash" to login or reuse a theoretically expired "remember me" cookie. It also exposes the hash over the network and stores it unnecessarily in the browser. The cookie itself is set to expire after 7 days but its value will remain valid as long as the admin password doesn't change. If a cookie is leaked or compromised it could be used forever as long as the admin password is not changed. An attacker that obtained the password hash via an other attack vector (for example a path traversal vulnerability) could use it to login as the admin by setting the hash as the cookie value without the need to crack it to obtain the admin password (pass the hash). The hash is exposed over the network and in the browser where the cookie is transmitted and stored. This issue is patched in version 5.18.3.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23614
MISC[/TD]
[/TR]
[TR]
[TD]
piwigo -- piwigo​
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability in identification.php of Piwigo v13.4.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User-Agent.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48007
MISC[/TD]
[/TR]
[TR]
[TD]
pkgconf -- pkgconf​
[/TD]
[TD]
In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. For example, a .pc file containing a few hundred bytes can expand to one billion bytes.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24056
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
plesk -- obsidian
[/TD]
[TD]
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24044
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
powerdns_recursor -- powerdns_recursor​
[/TD]
[TD]
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.​
[/TD]
[TD]
2023-01-21​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22617
CONFIRM
MISC
MLIST[/TD]
[/TR]
[TR]
[TD]
pqclean -- pqclean​
[/TD]
[TD]
CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of intermediate data leakage of one vector.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24025
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
pyload -- pyload​
[/TD]
[TD]
Improper Input Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev40.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0434
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
pyload -- pyload​
[/TD]
[TD]
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0435
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
pyload -- pyload​
[/TD]
[TD]
Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0509
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
pyload -- pyload
[/TD]
[TD]
Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0488
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
qlik -- nprinting​
[/TD]
[TD]
Qlik NPrinting Designer through 21.14.3.0 creates a Temporary File in a Directory with Insecure Permissions.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-41988
MISC[/TD]
[/TR]
[TR]
[TD]
qlik -- qlikview​
[/TD]
[TD]
Qlik QlikView through 12.60.20100.0 creates a Temporary File in a Directory with Insecure Permissions.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-41989
MISC[/TD]
[/TR]
[TR]
[TD]
rawchen -- rawchen​
[/TD]
[TD]
File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40035
MISC[/TD]
[/TR]
[TR]
[TD]
rawchen -- rawchen​
[/TD]
[TD]
An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40036
MISC[/TD]
[/TR]
[TR]
[TD]
rawchen -- rawchen​
[/TD]
[TD]
An issue discovered in Rawchen blog-ssm v1.0 allows remote attacker to escalate privileges and execute arbitrary commands via the component /upFile.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40037
MISC[/TD]
[/TR]
[TR]
[TD]
rawchen -- rawchen
[/TD]
[TD]
Cross-Site Scripting (XSS) vulnerability found in Rawchen blog-ssm v1.0 allows attackers to execute arbitrary code via the 'notifyInfo' parameter.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40034
MISC[/TD]
[/TR]
[TR]
[TD]
razer -- synapse_3​
[/TD]
[TD]
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47632
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
redhat -- openshift​
[/TD]
[TD]
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0229
MISC[/TD]
[/TR]
[TR]
[TD]
redis -- redis
[/TD]
[TD]
Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORT(_RO) commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory (OOM) panic. The problem is fixed in Redis versions 7.0.8, 6.2.9 and 6.0.17. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-35977
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
redis -- redis
[/TD]
[TD]
Redis is an in-memory database that persists on disk. Authenticated users can issue a HRANDFIELD or ZRANDMEMBER command with specially crafted arguments to trigger a denial-of-service by crashing Redis with an assertion failure. This problem affects Redis versions 6.2 or newer up to but not including 6.2.9 as well as versions 7.0 up to but not including 7.0.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22458
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
refirm_labs -- binwalk​
[/TD]
[TD]
A path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.2 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins. This vulnerability is associated with program files src/binwalk/plugins/unpfs.py. This issue affects binwalk from 2.1.2b through 2.3.3 included.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4510
MISC[/TD]
[/TR]
[TR]
[TD]
rehau -- rehau
[/TD]
[TD]
An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-18329
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
riverbed -- aternity​
[/TD]
[TD]
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-43997
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
rockstar_games -- grand_theft_auto_v_online​
[/TD]
[TD]
Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24059
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus​
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to make the Secure Boot in failed attempts state (rfwd).​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22656
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22653
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to bypass firmware image bad md5 checksum failed error.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22654
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22655
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to perform WEB GUI login authentication bypass.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22657
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to switch completely to unauthorized image to be Boot as primary verified image.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22658
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to exploit the official image signature to force injection unauthorized image signature.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22659
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to force bypass Secure Boot failed attempts and run temporarily the previous Backup image.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22660
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to erase the backup secondary official image and write secondary backup unauthorized image.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22661
MISC[/TD]
[/TR]
[TR]
[TD]
ruckus -- ruckus
[/TD]
[TD]
In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized "illegal region code" by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-22662
MISC[/TD]
[/TR]
[TR]
[TD]
sanitize -- sanitize​
[/TD]
[TD]
Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. The default configurations do not allow noscript elements and are not vulnerable. This issue only affects users who are using a custom config that adds noscript to the element allowlist. This issue has been patched in version 6.0.1. Users who are unable to upgrade can prevent this issue by using one of Sanitize's default configs or by ensuring that their custom config does not include noscript in the element allowlist.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23627
MISC[/TD]
[/TR]
[TR]
[TD]
sauter-controls -- nova_200-220_series​
[/TD]
[TD]
SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0052
MISC[/TD]
[/TR]
[TR]
[TD]
sengled -- smart_bulb​
[/TD]
[TD]
A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47100
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-36279
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38066
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38088
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38459
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38715
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39045
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
An OS command injection vulnerability exists in the httpd txt/restore.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40220
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40222
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40701
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) hostname WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40985
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) username WORD password CODE' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40987
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40989
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no bandwidth WORD dlrate <1-9999> dlceil <1-9999> ulrate <1-9999> ulceil <1-9999> priority (highest|high|normal|low|lowest)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40990
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall domain WORD description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40991
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall domain WORD description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40992
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall srcmac (WORD|null) srcip (A.B.C.D|null) dstip (A.B.C.D|null) protocol (none|tcp|udp|icmp) srcport (<1-65535>|null) dstport (<1-65535>|null) policy (drop|accept) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40995
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'gre index <1-8> destination A.B.C.D/M description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40997
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'ip nat outside source (udp|tcp|all) (WORD|null) WORD to A.B.C.D (WORD|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41003
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'port redirect protocol (tcp|udp|tcp/udp) inport <1-65535> dstaddr A.B.C.D export <1-65535> description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41007
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41009
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41010
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41013
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41020
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41028
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A directory traversal vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary file deletion. An attacker can send a network request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41154
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
A heap-based buffer overflow vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41991
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_CFG_FILE command​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42490
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's M2M_CONFIG_SET command​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42491
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_AD command.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42492
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold​
[/TD]
[TD]
Several OS command injection vulnerabilities exist in the m2m binary of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is reachable through the m2m's DOWNLOAD_INFO command.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42493
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
An os command injection vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40969
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the '(ddns1|ddns2) mx WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40986
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'ipv6 static dns WORD WORD WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40988
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'firmwall keyword WORD description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40993
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall keyword WORD description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40994
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no firmwall srcmac (WORD|null) srcip (A.B.C.D|null) dstip (A.B.C.D|null) protocol (none|tcp|udp|icmp) srcport (<1-65535>|null) dstport (<1-65535>|null) policy (drop|accept) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40996
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no gre index <1-8> destination A.B.C.D/M description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40998
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'gre index <1-8> tunnel A.B.C.D source (A.B.C.D|null) dest A.B.C.D keepalive (on|off) interval (<0-255>|null) retry (<0-255>|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-40999
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no gre index <1-8> tunnel A.B.C.D source (A.B.C.D|null) dest A.B.C.D keepalive (on|off) interval (<0-255>|null) retry (<0-255>|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41000
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'icmp check link WORD destination WORD interval <1-255> retries <1-255> description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41001
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no icmp check link WORD destination WORD interval <1-255> retries <1-255> description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41002
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no ip nat outside source (udp|tcp|all) (WORD|null) WORD to A.B.C.D (WORD|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41004
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'ip static route destination A.B.C.D gateway A.B.C.D mask A.B.C.D metric <0-10> interface (lan|wan|vpn) description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41005
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no ip static route destination A.B.C.D gateway A.B.C.D mask A.B.C.D metric <0-10> interface (lan|wan|vpn) description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41006
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no port redirect protocol (tcp|udp|tcp/udp) inport <1-65535> dstaddr A.B.C.D export <1-65535> description WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41008
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41011
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41012
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no static dhcp mac WORD (WORD|null) ip A.B.C.D hostname (WORD|null) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41014
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41015
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41016
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off) localip A.B.C.D' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41017
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn basic protocol (l2tp|pptp) name WORD server WORD username WORD passsword WORD firmwall (on|off) defroute (on|off) localip A.B.C.D' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41018
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41019
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41021
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn l2tp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> auth (on|off) password (WORD|null) options WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41022
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41023
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41024
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41025
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no vpn pptp advanced name WORD dns (yes|no) mtu <128-16384> mru <128-16384> mppe (on|off) stateful (on|off) options WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41026
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'vpn schedule name1 WORD name2 WORD policy (failover|backup) description (WORD|null)' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41027
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'wlan filter mac address WORD descript WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41029
MISC[/TD]
[/TR]
[TR]
[TD]
siretta -- quartz-gold
[/TD]
[TD]
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no wlan filter mac address WORD descript WORD' command template.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41030
MISC[/TD]
[/TR]
[TR]
[TD]
sleuthkit -- sleuthkit_fls​
[/TD]
[TD]
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter.​
[/TD]
[TD]
2023-01-24​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-45639
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- combstekuflo​
[/TD]
[TD]
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25894
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- create-choo-electron​
[/TD]
[TD]
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25908
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- onnx​
[/TD]
[TD]
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25882
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- puppetfacter​
[/TD]
[TD]
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25350
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- serve-lite​
[/TD]
[TD]
All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join().​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-21192
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- serve-lite​
[/TD]
[TD]
All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25847
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- simple-git​
[/TD]
[TD]
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization. This vulnerability exists due to an incomplete fix of CVE-2022-25912.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25860
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- smartctl​
[/TD]
[TD]
All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-21810
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- ua-parser-js​
[/TD]
[TD]
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25927
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
snyk -- vagrant.js​
[/TD]
[TD]
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25962
MISC[/TD]
[/TR]
[TR]
[TD]
socomec -- modulys_gp_netvision​
[/TD]
[TD]
SOCOMEC MODULYS GP Netvision versions 7.20 and prior lack strong encryption for credentials on HTTP connections, which could result in threat actors obtaining sensitive information.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0356
MISC[/TD]
[/TR]
[TR]
[TD]
softing -- multiple_products​
[/TD]
[TD]
In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-45920
MISC[/TD]
[/TR]
[TR]
[TD]
softing-- smartlink_hw-dp​
[/TD]
[TD]
In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-44018
MISC[/TD]
[/TR]
[TR]
[TD]
softperfect -- networx​
[/TD]
[TD]
SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48199
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
solar-log -- gateway_products​
[/TD]
[TD]
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects all Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included).​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47767
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- online_graduate_tracer_system​
[/TD]
[TD]
A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46624
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- online_graduate_tracer_system​
[/TD]
[TD]
Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46957
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- revenue_collection_system​
[/TD]
[TD]
Revenue Collection System v1.0 was discovered to contain a SQL injection vulnerability at step1.php.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46966
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- revenue_collection_system​
[/TD]
[TD]
An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46967
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- revenue_collection_system​
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46968
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0515
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0516
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin/abc.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219597 was assigned to this vulnerability.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0528
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/add_payment.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-219598 is the identifier assigned to this vulnerability.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0529
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/approve_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219599.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0530
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability classified as critical has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file admin/booking_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219600.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0531
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability classified as critical was found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/disapprove_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219601 was assigned to this vulnerability.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0532
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. Affected by this issue is some unknown functionality of the file admin/expense_report.php. The manipulation of the argument from_date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-219602 is the identifier assigned to this vulnerability.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0533
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects an unknown part of the file admin/expense_report.php. The manipulation of the argument to_date leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219603.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0534
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability, which was classified as critical, has been found in SourceCodester Online Tours & Travels Management System 1.0. This issue affects some unknown processing of the file admin/practice_pdf.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-219701 was assigned to this vulnerability.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0560
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
sourcecodester -- sourcecodester​
[/TD]
[TD]
A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. Affected is an unknown function of the file /user/s.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-219702 is the identifier assigned to this vulnerability.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0561
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
spotipy -- spotipy​
[/TD]
[TD]
Spotipy is a light weight Python library for the Spotify Web API. In versions prior to 2.22.1, if a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended. The code Spotipy uses to parse URIs and URLs allows an attacker to insert arbitrary characters into the path that is used for API requests. Because it is possible to include "..", an attacker can redirect for example a track lookup via spotifyApi.track() to an arbitrary API endpoint like playlists, but this is possible for other endpoints as well. The impact of this vulnerability depends heavily on what operations a client application performs when it handles a URI from a user and how it uses the responses it receives from the API. This issue is patched in version 2.22.1.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23608
MISC[/TD]
[/TR]
[TR]
[TD]
symantec -- endpoint_protection​
[/TD]
[TD]
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-25631
MISC[/TD]
[/TR]
[TR]
[TD]
syslog-ng -- one_identity​
[/TD]
[TD]
An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-38725
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
taocms -- taocms​
[/TD]
[TD]
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46998
MISC[/TD]
[/TR]
[TR]
[TD]
tenable -- tenable.sc​
[/TD]
[TD]
A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could leverage the reporting system to export reports containing formulas, which would then require a victim to approve and execute on a host.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24493
MISC[/TD]
[/TR]
[TR]
[TD]
tenable -- tenable.sc
[/TD]
[TD]
A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24494
MISC[/TD]
[/TR]
[TR]
[TD]
tenable -- tenable.sc​
[/TD]
[TD]
A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24495
MISC[/TD]
[/TR]
[TR]
[TD]
tenable -- tenable.sc
[/TD]
[TD]
A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. An authenticated attacker could generate data in Active Directory using the application account through blind LDAP injection.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0476
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24164
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24165
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24166
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24167
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24169
MISC[/TD]
[/TR]
[TR]
[TD]
tenda_technology -- ac18​
[/TD]
[TD]
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24170
MISC[/TD]
[/TR]
[TR]
[TD]
totolink -- a830r​
[/TD]
[TD]
An issue in the component global.so of Totolink A830R V4.1.2cu.5182 allows attackers to bypass authentication via a crafted cookie.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48066
MISC[/TD]
[/TR]
[TR]
[TD]
totolink -- a830r​
[/TD]
[TD]
An information disclosure vulnerability in Totolink A830R V4.1.2cu.5182 allows attackers to obtain the root password via a brute-force attack.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48067
MISC[/TD]
[/TR]
[TR]
[TD]
totolink -- a830r​
[/TD]
[TD]
Totolink A830R V4.1.2cu.5182 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-48069
MISC[/TD]
[/TR]
[TR]
[TD]
tp-link -- tapo_c200​
[/TD]
[TD]
An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41505
MISC[/TD]
[/TR]
[TR]
[TD]
tuzicms -- tuzicms​
[/TD]
[TD]
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-46999
MISC[/TD]
[/TR]
[TR]
[TD]
twinkle_toes_software -- labarchives_scheduler
[/TD]
[TD]
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected.​
[/TD]
[TD]
2023-01-22​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-24058
MISC
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
unilogies -- unilogies_bumsys​
[/TD]
[TD]
Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0455
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
vim -- vim​
[/TD]
[TD]
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.​
[/TD]
[TD]
2023-01-21​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0433
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
vmware -- vrealize​
[/TD]
[TD]
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-31704
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vrealize​
[/TD]
[TD]
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-31706
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vrealize​
[/TD]
[TD]
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-31710
MISC[/TD]
[/TR]
[TR]
[TD]
vmware -- vrealize​
[/TD]
[TD]
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-31711
MISC[/TD]
[/TR]
[TR]
[TD]
western_digital -- multiple_products​
[/TD]
[TD]
Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in the UFS standard, is provided by UFS devices to support platforms that need to download the system boot loader from external non-volatile storage locations. Several scenarios have been identified in which adversaries may disable the boot capability, or revert to an old boot loader code, if the host boot ROM code is improperly implemented. UFS Host Boot ROM implementers may be impacted by this vulnerability. UFS devices are only impacted when connected to a vulnerable UFS Host and are not independently impacted by this vulnerability. When present, the vulnerability is in the UFS Host implementation and is not a vulnerability in Western Digital UFS Devices. Western Digital has provided details of the vulnerability to the JEDEC standards body, multiple vendors of host processors, and software solutions providers.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-23005
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
western_digital -- my_cloud_os​
[/TD]
[TD]
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-29843
MISC[/TD]
[/TR]
[TR]
[TD]
western_digital -- my_cloud_os​
[/TD]
[TD]
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-29844
MISC[/TD]
[/TR]
[TR]
[TD]
wikimedia -- mediawiki​
[/TD]
[TD]
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.x. Various components of this extension can expose information on the performer of edits and logged actions. This information should not allow public viewing: it is supposed to be viewable only by users with checkuser access.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39193
MISC[/TD]
[/TR]
[TR]
[TD]
windscribe -- windscribe​
[/TD]
[TD]
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration of OpenSSL. The product loads an OpenSSL configuration file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-16859.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-41141
N/A
N/A[/TD]
[/TR]
[TR]
[TD]
wire -- wire-server​
[/TD]
[TD]
wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds.​
[/TD]
[TD]
2023-01-28​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22737
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wire-webapp -- wire-webapp​
[/TD]
[TD]
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-39380
MISC[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0411
MISC
MISC
MISC
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0412
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0413
CONFIRM
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0414
MISC
CONFIRM
MISC[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0415
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0416
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
wireshark -- multiple_products​
[/TD]
[TD]
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0417
MISC
MISC
CONFIRM[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Passster WordPress plugin before 3.5.5.8 does not escape the area parameter of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-24837
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Passster WordPress plugin before 3.5.5.9 does not properly check for password, as well as that the post to be viewed is public, allowing unauthenticated users to bypass the protection offered by the plugin, and access arbitrary posts (such as private) content, by sending a specifically crafted request.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-24881
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WeStand WordPress theme before 2.1, footysquare WordPress theme, aidreform WordPress theme, statfort WordPress theme, club-theme WordPress theme, kingclub-theme WordPress theme, spikes WordPress theme, spikes-black WordPress theme, soundblast WordPress theme, bolster WordPress theme from ChimpStudio and PixFill does not have any authorisation and upload validation in the lang_upload.php file, allowing any unauthenticated attacker to upload arbitrary files to the web server.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-0316
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-3425
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-3811
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4230
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WP Limit Login Attempts WordPress plugin through 2.6.4 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based restrictions on login forms.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4303
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4305
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The ?????? ?????? ?????? WordPress plugin before 2.9.3 does not sanitise and escape some parameters, allowing unauthenticated attackers to send a request with XSS payloads, which will be triggered when a high privilege users such as admin visits a page from the plugin.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4307
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4323
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin publicly, including the used email address.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4346
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The CBX Petition for WordPress plugin through 1.0.3 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4383
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The BruteBank WordPress plugin before 1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4443
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Search & Filter WordPress plugin before 1.2.16 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4467
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Easy Social Feed WordPress plugin before 6.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4474
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Collapse-O-Matic WordPress plugin before 1.8.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4475
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Page-list WordPress plugin before 5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4485
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Content Control WordPress plugin before 1.1.10 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4509
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Compact WP Audio Player WordPress plugin before 1.9.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4542
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Sitemap WordPress plugin before 4.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4545
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Optimize images ALT Text & names for SEO using AI WordPress plugin before 2.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4548
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Top 10 WordPress plugin before 3.2.3 does not validate and escape some of its Block attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4570
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Easy Bootstrap Shortcode WordPress plugin through 4.5.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4576
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-45808
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-45820
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4624
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Login Logout Menu WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4625
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The ShiftNav WordPress plugin before 1.7.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4627
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Product Slider for WooCommerce WordPress plugin before 2.6.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4629
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The HashBar WordPress plugin before 1.3.6 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4650
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4668
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4672
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Rate my Post WordPress plugin before 3.3.9 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4673
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Mongoose Page Plugin WordPress plugin before 1.9.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4675
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The User Verification WordPress plugin before 1.0.94 was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4693
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Genesis Columns Advanced WordPress plugin before 2.0.4 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks which could be used against high-privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4706
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Structured Content WordPress plugin before 1.5.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4715
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WP Popups WordPress plugin before 2.1.4.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4716
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Landing Page Builder WordPress plugin before 1.4.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4718
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The FluentAuth WordPress plugin before 1.0.2 prioritizes getting a visitor's IP address from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass the IP-based blocks set by the plugin.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4746
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Word Balloon WordPress plugin before 4.19.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4751
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Print-O-Matic WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4753
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The 10WebMapBuilder WordPress plugin before 1.0.72 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4758
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4760
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47615
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The GeoDirectory WordPress plugin before 2.2.22 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4775
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WPZOOM Portfolio WordPress plugin before 1.2.2 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4789
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WP Google My Business Auto Publish WordPress plugin before 3.4 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4790
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Store Locator WordPress plugin before 1.4.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4832
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The My YouTube Channel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 3.0.12.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0446
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The My YouTube Channel plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the clear_all_cache function in versions up to, and including, 3.0.12.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to clear the plugin's cache.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0447
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0448
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0550
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0553
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0554
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post deletion/alteration.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0555
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata (via the function cstu_get_metadata) that includes the plugin's contentstudio_token. Knowing this token allows for other interactions with the plugin such as creating posts in versions prior to 1.2.5, which added other requirements to posting and updating.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0556
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0557
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure token check that is susceptible to type juggling in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to execute functions intended for use by users with proper API keys.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0558
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-22721
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress​
[/TD]
[TD]
Auth. SQL Injection (SQLi) vulnerability in WP-TopBar <= 5.36 versions.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23824
MISC[/TD]
[/TR]
[TR]
[TD]
wordpress -- wordpress
[/TD]
[TD]
The Booster for WooCommerce WordPress plugin before 6.0.1, Booster Plus for WooCommerce WordPress plugin before 6.0.1, Booster Elite for WooCommerce WordPress plugin before 6.0.1 have either flawed CSRF checks or are missing them completely in numerous places, allowing attackers to make logged in users perform unwanted actions via CSRF attacks​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-4017
MISC[/TD]
[/TR]
[TR]
[TD]
xenbits -- xenstore​
[/TD]
[TD]
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-42330
MISC[/TD]
[/TR]
[TR]
[TD]
xpressengine -- xpressengine​
[/TD]
[TD]
When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is running.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-26642
MISC[/TD]
[/TR]
[TR]
[TD]
yafnet -- yafnet​
[/TD]
[TD]
A vulnerability, which was classified as problematic, has been found in YAFNET 3.1.9/3.1.10. This issue affects some unknown processing of the file /forum/PostPrivateMessage of the component Private Message Handler. The manipulation of the argument subject/message leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.1.11 is able to address this issue. The name of the patch is 2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the affected component. The identifier VDB-219665 was assigned to this vulnerability.​
[/TD]
[TD]
2023-01-27​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0549
MISC
MISC
MISC
MISC
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
yeastar -- n412_and_n824​
[/TD]
[TD]
In Yeastar N412 and N824 Configuration Panel 42.x and 45.x, an unauthenticated attacker can create backup file and download it, revealing admin hash, allowing, once cracked, to login inside the Configuration Panel, otherwise, replacing the hash in the archive and restoring it on the device which will change admin password granting access to the device.​
[/TD]
[TD]
2023-01-20​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2022-47732
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
yiisoft – yii2gii​
[/TD]
[TD]
Yii Yii2 Gii before 2.2.2 allows remote attackers to execute arbitrary code via the Generator.php messageCategory field. The attacker can embed arbitrary PHP code into the model file.​
[/TD]
[TD]
2023-01-21​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2020-36655
MISC
MISC[/TD]
[/TR]
[TR]
[TD]
ymfe -- yapi​
[/TD]
[TD]
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.​
[/TD]
[TD]
2023-01-26​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2021-36686
MISC[/TD]
[/TR]
[TR]
[TD]
youtube -- youtube​
[/TD]
[TD]
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23687
MISC[/TD]
[/TR]
[TR]
[TD]
zdir -- zdir​
[/TD]
[TD]
An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.​
[/TD]
[TD]
2023-01-23​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-23314
MISC[/TD]
[/TR]
[TR]
[TD]
zephyr -- zephyr​
[/TD]
[TD]
A malicious / defective bluetooth controller can cause buffer overreads in the most functions that process HCI command responses.​
[/TD]
[TD]
2023-01-25​
[/TD]
[TD]
not yet calculated​
[/TD]
[TD]CVE-2023-0396
MISC[/TD]
[/TR]

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Continue reading...