www.cisa.gov
Open in
urlscan Pro
2a02:26f0:dc:392::447a
Public Scan
Submitted URL: https://us-cert.cisa.gov/ncas/bulletins/sb23-037
Effective URL: https://www.cisa.gov/uscert/ncas/bulletins/sb23-037
Submission: On February 08 via api from US — Scanned from DE
Effective URL: https://www.cisa.gov/uscert/ncas/bulletins/sb23-037
Submission: On February 08 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify
<form action="https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify"><label class="visually-hidden" for="email-address-field">Enter your email address</label> <input class="signup-form" id="email-address-field" name="email"
placeholder=" Enter your email address" title="Enter your email address" type="text"><br><input class="btn btn-primary" name="submit" title="Sign up for alerts" type="submit" value="Sign Up"> </form>Text Content
Skip to main content
An official website of the United States government Here's how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United
States.
Secure .gov websites use HTTPS
A lock () or https:// means you've safely connected to the .gov website. Share
sensitive information only on official, secure websites.
×
search
CISA.gov Services Report
--------------------------------------------------------------------------------
Toggle navigation
×
search
CISA.gov
Services
Report
CERTMAIN MENU
* Alerts and Tips
* Resources
* Industrial Control Systems
--------------------------------------------------------------------------------
1. National Cyber Awareness System >
2. Bulletins >
3. Vulnerability Summary for the Week of January 30, 2023
More Bulletins
BULLETIN (SB23-037)
VULNERABILITY SUMMARY FOR THE WEEK OF JANUARY 30, 2023
Original release date: February 07, 2023
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that
have been recorded by the National Institute of Standards and Technology (NIST)
National Vulnerability Database (NVD) in the past week. NVD is sponsored by
CISA. In some cases, the vulnerabilities in the bulletin may not yet have
assigned CVSS scores. Please visit NVD for updated vulnerability entries, which
include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE)
vulnerability naming standard and are organized according to severity,
determined by the Common Vulnerability Scoring System (CVSS) standard. The
division of high, medium, and low severities correspond to the following scores:
* High: vulnerabilities with a CVSS base score of 7.0–10.0
* Medium: vulnerabilities with a CVSS base score of 4.0–6.9
* Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts
sponsored by CISA. This information may include identifying information, values,
definitions, and related links. Patch information is provided when available.
Please note that some of the information in the bulletin is compiled from
external, open-source reports and is not a direct result of CISA analysis.
HIGH VULNERABILITIES
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info qnap --
qts A vulnerability has been reported to affect QNAP device running QuTS hero,
QTS. If exploited, this vulnerability allows remote attackers to inject
malicious code. We have already fixed this vulnerability in the following
versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS
5.0.1.2234 build 20221201 and later 2023-01-30 9.8 CVE-2022-27596
MISC(link is external) changingtec -- megaservisignadapter ChangingTech
MegaServiSignAdapter component has a vulnerability of improper input validation.
An unauthenticated remote attacker can exploit this vulnerability to access and
modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious
scripts can be executed to take control of the system or to terminate the
service. 2023-01-31 9.8 CVE-2022-39060
MISC sscms -- siteserver_cms SiteServer CMS 7.1.3 is vulnerable to SQL
Injection. 2023-01-27 9.8 CVE-2022-44298
MISC(link is external) limesurvey -- limesurvey An arbitrary file upload
vulnerability in the plugin manager of LimeSurvey v5.4.15 allows attackers to
execute arbitrary code via a crafted PHP file. 2023-01-27 9.8 CVE-2022-48008
MISC(link is external) opencats -- opencats Opencats v0.9.7 was discovered to
contain a SQL injection vulnerability via the importID parameter in the Import
viewerrors function. 2023-01-27 9.8 CVE-2022-48011
MISC(link is external)
MISC(link is external) bank_locker_management_system_project --
bank_locker_management_system A vulnerability was found in PHPGurukul Bank
Locker Management System 1.0. It has been rated as critical. Affected by this
issue is some unknown functionality of the file index.php of the component
Login. The manipulation of the argument username leads to sql injection. The
attack may be launched remotely. The exploit has been disclosed to the public
and may be used. The identifier of this vulnerability is VDB-219716. 2023-01-28
9.8 CVE-2023-0562
MISC(link is external)
MISC(link is external)
MISC(link is external) thinking_software_technology -- efence Efence login
function has insufficient validation for user input. An unauthenticated remote
attacker can exploit this vulnerability to inject arbitrary SQL commands to
access, modify or delete database. 2023-01-31 9.8 CVE-2023-22900
MISC online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability, which was classified
as critical, was found in SourceCodester Online Tours & Travels Management
System 1.0. Affected is an unknown function of the file /user/s.php. The
manipulation of the argument id leads to sql injection. It is possible to launch
the attack remotely. The exploit has been disclosed to the public and may be
used. VDB-219702 is the identifier assigned to this vulnerability. 2023-01-28
8.8 CVE-2023-0561
MISC(link is external)
MISC(link is external)
MISC(link is external) phicomm -- k2_firmware Phicomm K2 v22.6.534.263 was
discovered to contain a command injection vulnerability via the autoUpTime
parameter in the automatic upgrade function. 2023-01-27 7.8 CVE-2022-48070
MISC(link is external) phicomm -- k2_firmware Phicomm K2G v22.6.3.20 was
discovered to contain a command injection vulnerability via the autoUpTime
parameter in the automatic upgrade function. 2023-01-27 7.8 CVE-2022-48072
MISC(link is external) changingtec -- megaservisignadapter
ChangingTech MegaServiSignAdapter component has a path traversal vulnerability
within its file reading function. An unauthenticated remote attacker can exploit
this vulnerability to access arbitrary system files. 2023-01-31 7.5
CVE-2022-39059
MISC phicomm -- k2_firmware Phicomm K2 v22.6.534.263 was discovered to store the
root and admin passwords in plaintext. 2023-01-27 7.5 CVE-2022-48071
MISC(link is external) phicomm -- k2_firmware Phicomm K2 v22.6.534.263 was
discovered to store the root and admin passwords in plaintext. 2023-01-27 7.5
CVE-2022-48073
MISC(link is external) froxlor -- froxlor Weak Password Requirements in GitHub
repository froxlor/froxlor prior to 2.0.10. 2023-01-29 7.5 CVE-2023-0564
CONFIRM(link is external)
MISC(link is external) openmage -- magento OpenMage LTS is an e-commerce
platform. Prior to versions 19.4.22 and 20.0.19, Custom Layout enabled admin
users to execute arbitrary commands via block methods. Versions 19.4.22 and
20.0.19 contain patches for this issue. 2023-01-27 7.2 CVE-2021-39217
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) ayacms_project -- ayacms AyaCMS v3.1.2 was discovered to
contain a remote code execution (RCE) vulnerability via the component
/admin/tpl_edit.inc.php. 2023-01-27 7.2 CVE-2022-48116
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability, which was classified
as critical, has been found in SourceCodester Online Tours & Travels Management
System 1.0. This issue affects some unknown processing of the file
admin/practice_pdf.php. The manipulation of the argument id leads to sql
injection. The attack may be initiated remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-219701 was assigned to this
vulnerability. 2023-01-28 7.2 CVE-2023-0560
MISC(link is external)
MISC(link is external)
MISC(link is external)
Back to top
MEDIUM VULNERABILITIES
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info
changingtec -- megaservisignadapter ChangingTech MegaServiSignAdapter component
has a vulnerability of Out-of-bounds Read due to insufficient validation for
parameter length. An unauthenticated remote attacker can exploit this
vulnerability to access partial sensitive content in memory and disrupts partial
services. 2023-01-31 6.5 CVE-2022-39061
MISC online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability was found in
SourceCodester Online Tours & Travels Management System 1.0. It has been
classified as critical. This affects an unknown part of the file admin/abc.php.
The manipulation of the argument id leads to sql injection. It is possible to
initiate the attack remotely. The exploit has been disclosed to the public and
may be used. The identifier VDB-219597 was assigned to this vulnerability.
2023-01-27 6.3 CVE-2023-0528
MISC(link is external)
MISC(link is external)
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability was found in
SourceCodester Online Tours & Travels Management System 1.0. It has been
declared as critical. This vulnerability affects unknown code of the file
admin/add_payment.php. The manipulation of the argument id leads to sql
injection. The attack can be initiated remotely. The exploit has been disclosed
to the public and may be used. VDB-219598 is the identifier assigned to this
vulnerability. 2023-01-27 6.3 CVE-2023-0529
MISC(link is external)
MISC(link is external)
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 1 of 6. 2023-01-27 6.1 CVE-2022-44024
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 2 of 6. 2023-01-27 6.1 CVE-2022-44025
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 3 of 6. 2023-01-27 6.1 CVE-2022-44026
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 4 of 6. 2023-01-27 6.1 CVE-2022-44027
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 5 of 6. 2023-01-27 6.1 CVE-2022-44028
MISC(link is external) netscout -- ngeniusone An issue was discovered in
NetScout nGeniusONE 6.3.2 before P10. It allows Reflected Cross-Site Scripting
(XSS), issue 6 of 6. 2023-01-27 6.1 CVE-2022-44029
MISC(link is external) opencats -- opencats Opencats v0.9.7 was discovered to
contain a reflected cross-site scripting (XSS) vulnerability via the component
/opencats/index.php?m=settings&a=ajax_tags_upd. 2023-01-27 6.1 CVE-2022-48012
MISC(link is external)
MISC(link is external) jorani_project -- jorani Jorani v1.0 was discovered to
contain a cross-site scripting (XSS) vulnerability via the Acronym parameter.
2023-01-27 6.1 CVE-2022-48118
MISC(link is external) piwigo -- piwigo A stored cross-site scripting (XSS)
vulnerability in identification.php of Piwigo v13.4.0 allows attackers to
execute arbitrary web scripts or HTML via a crafted payload injected into the
User-Agent. 2023-01-27 5.4 CVE-2022-48007
MISC(link is external) limesurvey -- limesurvey LimeSurvey v5.4.15 was
discovered to contain a stored cross-site scripting (XSS) vulnerability in the
component
/index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This
vulnerability allows attackers to execute arbitrary web scripts or HTML via a
crafted payload injected into the Description or Welcome-message text fields.
2023-01-27 5.4 CVE-2022-48010
MISC(link is external) opencats -- opencats Opencats v0.9.7 was discovered to
contain a stored cross-site scripting (XSS) vulnerability in the component
/opencats/index.php?m=calendar. This vulnerability allows attackers to execute
arbitrary web scripts or HTML via a crafted payload injected into the
Description or Title text fields. 2023-01-27 5.4 CVE-2022-48013
MISC(link is external)
MISC(link is external) bank_locker_management_system_project --
bank_locker_management_system A vulnerability classified as problematic has been
found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown
part of the file add-locker-form.php of the component Assign Locker. The
manipulation of the argument ahname leads to cross site scripting. It is
possible to initiate the attack remotely. The exploit has been disclosed to the
public and may be used. The identifier VDB-219717 was assigned to this
vulnerability. 2023-01-28 4.8 CVE-2023-0563
MISC(link is external)
MISC(link is external)
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability classified as critical
has been found in SourceCodester Online Tours & Travels Management System 1.0.
Affected is an unknown function of the file admin/booking_report.php. The
manipulation of the argument to_date leads to sql injection. It is possible to
launch the attack remotely. The exploit has been disclosed to the public and may
be used. The identifier of this vulnerability is VDB-219600. 2023-01-27 4.7
CVE-2023-0531
MISC(link is external)
MISC(link is external)
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability classified as critical
was found in SourceCodester Online Tours & Travels Management System 1.0.
Affected by this vulnerability is an unknown functionality of the file
admin/disapprove_user.php. The manipulation of the argument id leads to sql
injection. The attack can be launched remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-219601 was assigned to this
vulnerability. 2023-01-27 4.7 CVE-2023-0532
MISC(link is external)
MISC(link is external)
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability, which was classified
as critical, has been found in SourceCodester Online Tours & Travels Management
System 1.0. Affected by this issue is some unknown functionality of the file
admin/expense_report.php. The manipulation of the argument from_date leads to
sql injection. The attack may be launched remotely. The exploit has been
disclosed to the public and may be used. VDB-219602 is the identifier assigned
to this vulnerability. 2023-01-27 4.7 CVE-2023-0533
MISC(link is external)
MISC(link is external)
MISC(link is external) online_tours_&_travels_management_system_project --
online_tours_&_travels_management_system A vulnerability, which was classified
as critical, was found in SourceCodester Online Tours & Travels Management
System 1.0. This affects an unknown part of the file admin/expense_report.php.
The manipulation of the argument to_date leads to sql injection. It is possible
to initiate the attack remotely. The exploit has been disclosed to the public
and may be used. The associated identifier of this vulnerability is VDB-219603.
2023-01-27 4.7 CVE-2023-0534
MISC(link is external)
MISC(link is external)
MISC(link is external)
Back to top
LOW VULNERABILITIES
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info There
were no low vulnerabilities recorded this week.
Back to top
SEVERITY NOT YET ASSIGNED
Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info wordcraft
-- wordcraft
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been
classified as problematic. Affected is an unknown function of the file tag.php.
The manipulation of the argument tag leads to cross site scripting. It is
possible to launch the attack remotely. Upgrading to version 0.7 is able to
address this issue. The name of the patch is
be23028633e8105de92f387036871c03f34d3124. It is recommended to upgrade the
affected component. VDB-219714 is the identifier assigned to this vulnerability.
2023-01-29 not yet calculated CVE-2009-10003
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) fanzila -- webfinance A vulnerability has been found in
fanzila WebFinance 0.5 and classified as critical. This vulnerability affects
unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The
manipulation of the argument n/v leads to sql injection. The name of the patch
is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch
to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.
2023-02-03 not yet calculated CVE-2013-10015
MISC(link is external)
MISC(link is external)
MISC(link is external) fanzila -- webfinance A vulnerability was found in
fanzila WebFinance 0.5 and classified as critical. This issue affects some
unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of
the argument id leads to sql injection. The name of the patch is
306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to
fix this issue. The associated identifier of this vulnerability is VDB-220055.
2023-02-03 not yet calculated CVE-2013-10016
MISC(link is external)
MISC(link is external)
MISC(link is external) fanzila -- webfinance A vulnerability was found in
fanzila WebFinance 0.5. It has been classified as critical. Affected is an
unknown function of the file htdocs/admin/save_roles.php. The manipulation of
the argument id leads to sql injection. The name of the patch is
6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to
fix this issue. The identifier of this vulnerability is VDB-220056. 2023-02-04
not yet calculated CVE-2013-10017
MISC(link is external)
MISC(link is external)
MISC(link is external) fanzila -- webfinance A vulnerability was found in
fanzila WebFinance 0.5. It has been declared as critical. Affected by this
vulnerability is an unknown functionality of the file
htdocs/prospection/save_contact.php. The manipulation of the argument
nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The
name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended
to apply a patch to fix this issue. The identifier VDB-220057 was assigned to
this vulnerability. 2023-02-04 not yet calculated CVE-2013-10018
MISC(link is external)
MISC(link is external)
MISC(link is external) nrel -- api-umbrella-web A vulnerability classified as
problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects
unknown code of the component Flash Message Handler. The manipulation leads to
cross site scripting. The attack can be initiated remotely. Upgrading to version
0.8.0 is able to address this issue. The name of the patch is
bcc0e922c61d30367678c8f17a435950969315cd. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-220060.
2023-02-04 not yet calculated CVE-2015-10072
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) mosbth -- cimage A vulnerability was found in mosbth
cimage up to 0.7.18. It has been declared as problematic. Affected by this
vulnerability is an unknown functionality of the file check_system.php. The
manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site
scripting. The attack can be launched remotely. Upgrading to version 0.7.19 is
able to address this issue. The name of the patch is
401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the
affected component. The associated identifier of this vulnerability is
VDB-219715. 2023-01-29 not yet calculated CVE-2016-15022
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) sitefusion -- application_server A vulnerability, which
was classified as problematic, was found in SiteFusion Application Server up to
6.6.6. This affects an unknown part of the file getextension.php of the
component Extension Handler. The manipulation leads to path traversal. Upgrading
to version 6.6.7 is able to address this issue. The name of the patch is
49fff155c303d6cd06ce8f97bba56c9084bf08ac. It is recommended to upgrade the
affected component. The identifier VDB-219765 was assigned to this
vulnerability. 2023-01-31 not yet calculated CVE-2016-15023
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) segmentio -- is-url A vulnerability was found in
Segmentio is-url up to 1.2.2. It has been rated as problematic. Affected by this
issue is some unknown functionality of the file index.js. The manipulation leads
to inefficient regular expression complexity. The attack may be launched
remotely. Upgrading to version 1.2.3 is able to address this issue. The name of
the patch is 149550935c63a98c11f27f694a7c4a9479e53794. It is recommended to
upgrade the affected component. VDB-220058 is the identifier assigned to this
vulnerability. 2023-02-04 not yet calculated CVE-2018-25079
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) mobiledetect -- mobiledetect A vulnerability, which was
classified as problematic, has been found in MobileDetect 2.8.31. This issue
affects the function initLayoutType of the file examples/session_example.php of
the component Example. The manipulation of the argument $_SERVER['PHP_SELF']
leads to cross site scripting. The attack may be initiated remotely. The exploit
has been disclosed to the public and may be used. Upgrading to version 2.8.32 is
able to address this issue. The name of the patch is
31818a441b095bdc4838602dbb17b8377d1e5cce. It is recommended to upgrade the
affected component. The identifier VDB-220061 was assigned to this
vulnerability. 2023-02-04 not yet calculated CVE-2018-25080
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) sage -- frp_1000 A path traversal vulnerability exists in
Sage FRP 1000 before November 2019. This allows remote unauthenticated attackers
to access files outside of the web tree via a crafted URL. 2023-01-27 not yet
calculated CVE-2019-25053
MISC(link is external) onshift -- turbogears A vulnerability classified as
critical has been found in OnShift TurboGears 1.0.11.10. This affects an unknown
part of the file turbogears/controllers.py of the component HTTP Header Handler.
The manipulation leads to http response splitting. It is possible to initiate
the attack remotely. Upgrading to version 1.0.11.11 is able to address this
issue. The name of the patch is f68bbaba47f4474e1da553aa51564a73e1d92a84. It is
recommended to upgrade the affected component. The associated identifier of this
vulnerability is VDB-220059. 2023-02-04 not yet calculated CVE-2019-25101
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) portfoliocms -- portfoliocms Westbrookadmin portfolioCMS
v1.05 allows attackers to bypass password validation and access sensitive
information via session fixation. 2023-01-31 not yet calculated CVE-2020-20402
MISC(link is external) mremoteng -- mremoteng An issue in mRemoteNG v1.76.20
allows attackers to escalate privileges via a crafted executable file.
2023-02-02 not yet calculated CVE-2020-24307
MISC(link is external)
MISC(link is external) schnieder_electric -- multiple_products
A CWE-200: Information Exposure vulnerability exists that could cause the
exposure of sensitive information stored on the memory of the controller when
communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU
(part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers
BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions
prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S)
(All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy
Modicon Quantum (All Versions) 2023-02-01 not yet calculated CVE-2021-22786
MISC(link is external) hewlett_packard -- hp_pc_bios
HP has identified a potential vulnerability in BIOS firmware of some
Workstation products. Firmware updates are being released to mitigate these
potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3439
MISC(link is external) phpwcms -- phpwcms An issue discovered in phpwcms 1.9.25
allows remote attackers to run arbitrary code via DB user field during
installation. 2023-02-03 not yet calculated CVE-2021-36424
MISC(link is external) phpwcms -- phpwcms Directory traversal vulnerability in
phpcms 1.9.25 allows remote attackers to delete arbitrary files via unfiltered
$file parameter to unlink method in include/inc_act/act_ftptakeover.php file.
2023-02-03 not yet calculated CVE-2021-36425
MISC(link is external) phpwcms -- phpwcms File Upload vulnerability in phpwcms
1.9.25 allows remote attackers to run arbitrary code via crafted file upload to
include/inc_lib/general.inc.php. 2023-02-03 not yet calculated CVE-2021-36426
MISC(link is external) jcoms -- jcoms SQL injection vulnerability in jocms 0.8
allows remote attackers to run arbitrary SQL commands and view sentivie
information via jo_json_check() function in jocms/apps/mask/inc/mask.php.
2023-02-03 not yet calculated CVE-2021-36431
MISC(link is external) jcoms -- jcoms SQL injection vulnerability in jocms 0.8
allows remote attackers to run arbitrary SQL commands and view sentivie
information via jo_set_mask() function in jocms/apps/mask/mask.php. 2023-02-03
not yet calculated CVE-2021-36432
MISC(link is external) jcoms -- jcoms SQL injection vulnerability in jocms 0.8
allows remote attackers to run arbitrary SQL commands and view sentivie
information via jo_delete_mask function in jocms/apps/mask/mask.php. 2023-02-03
not yet calculated CVE-2021-36433
MISC(link is external) jcoms -- jcoms SQL injection vulnerability in jocms 0.8
allows remote attackers to run arbitrary SQL commands and view sentivie
information via jo_json_check function in jocms/apps/mask/inc/getmask.php.
2023-02-03 not yet calculated CVE-2021-36434
MISC(link is external) imcat -- imcat Cross Site Request Forgery vulnerability
in imcat 5.4 allows remote attackers to escalate privilege via lack of token
verification. 2023-02-03 not yet calculated CVE-2021-36443
MISC(link is external) imcat -- imcat Cross Site Request Forgery (CSRF)
vulnerability in imcat 5.4 allows remote attackers to gain escalated privileges
via flaws one time token generation on the add administrator page. 2023-02-03
not yet calculated CVE-2021-36444
MISC(link is external) jizhicms -- jizhicms SQL injection vulnerability in
JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit
article page. 2023-02-03 not yet calculated CVE-2021-36484
MISC(link is external) allegro -- allegro Buffer Overflow vulnerability in
Allegro through 5.2.6 allows attackers to cause a denial of service via crafted
PCX/TGA/BMP files to allegro_image addon. 2023-02-03 not yet calculated
CVE-2021-36489
MISC(link is external) xpdfreader -- xpdfimages Buffer Overflow vulnerability in
pdfimages in xpdf 4.03 allows attackers to crash the application via crafted
command. 2023-02-03 not yet calculated CVE-2021-36493
MISC(link is external) native-php-cms -- native-php-cms SQL injection
vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL
commands via the cat parameter to /list.php file. 2023-02-03 not yet calculated
CVE-2021-36503
MISC(link is external) portfoliocms -- portfoliocms Race condition
vulnerability discovered in portfolioCMS 1.0 allows remote attackers to run
arbitrary code via fileExt parameter to localhost/admin/uploads.php. 2023-02-03
not yet calculated CVE-2021-36532
MISC(link is external) cesanta_software -- mjs Buffer Overflow vulnerability in
Cesanta mJS 1.26 allows remote attackers to cause a denial of service via
crafted .js file to mjs_set_errorf. 2023-02-03 not yet calculated CVE-2021-36535
MISC(link is external) gurock_holding_gmbh -- testrail Cross Site Scripting
(XSS) vulnerability in Gurock TestRail before 7.1.2 allows remote authenticated
attackers to run arbitrary code via the reference field in milestones or
description fields in reports. 2023-02-03 not yet calculated CVE-2021-36538
MISC(link is external) tcpms -- tcpms Incorrect Access Control issue discovered
in tpcms 3.2 allows remote attackers to view sensitive information via path in
application URL. 2023-02-03 not yet calculated CVE-2021-36544
MISC(link is external) tcpms -- tcpms Cross Site Scripting (XSS) vulnerability
in tpcms 3.2 allows remote attackers to run arbitrary code via the cfg_copyright
or cfg_tel field in Site Configuration page. 2023-02-03 not yet calculated
CVE-2021-36545
MISC(link is external) kitecms -- kitecms Incorrect Access Control issue
discovered in KiteCMS 1.1 allows remote attackers to view sensitive information
via path in application URL. 2023-02-03 not yet calculated CVE-2021-36546
MISC(link is external) fuel-cms -- fuel-cms Cross Site Request Forgery
vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code
via post ID to /users/delete/2. 2023-02-03 not yet calculated CVE-2021-36569
MISC(link is external) fuel-cms -- fuel-cms Cross Site Request Forgery
vulnerability in FUEL-CMS 1.4.13 allows remote attackers to run arbitrary code
via post ID to /permissions/delete/2---. 2023-02-03 not yet calculated
CVE-2021-36570
MISC(link is external) yzmcms -- yzmcms Cross Site Scripting (XSS) vulnerability
in yzmcms 6.1 allows attackers to steal user cookies via image clipping
function. 2023-02-03 not yet calculated CVE-2021-36712
MISC(link is external)
MISC(link is external) modern_honey_network -- modern_honey_network Incorrect
Access Control vulnerability in Modern Honey Network commit
0abf0db9cd893c6d5c727d036e1f817c02de4c7b allows remote attackers to view
sensitive information via crafted PUT request to Web API. 2023-02-03 not yet
calculated CVE-2021-37234
MISC(link is external) jeecg -- jeecg An Insecure Permissions issue in
jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated
privilege and view sensitive information via the httptrace interface. 2023-02-03
not yet calculated CVE-2021-37304
MISC(link is external) jeecg -- jeecg An Insecure Permissions issue in
jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege
and view sensitive information via api uri:
/sys/user/querySysUser?username=admin. 2023-02-03 not yet calculated
CVE-2021-37305
MISC(link is external) jeecg -- jeecg An Insecure Permissions issue in
jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege
and view sensitive information via api uri: api
uri:/sys/user/checkOnlyUser?username=admin. 2023-02-03 not yet calculated
CVE-2021-37306
MISC(link is external) fcitx5 -- fcitx5 Buffer Overflow vulnerability in fcitx5
5.0.8 allows attackers to cause a denial of service via crafted message to the
application's listening port. 2023-02-03 not yet calculated CVE-2021-37311
MISC
MISC(link is external) asus -- rt-ac68u Incorrect Access Control issue discoverd
in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634
allows remote attackers to write arbitrary files via improper sanitation on the
source for COPY and MOVE operations. 2023-02-03 not yet calculated
CVE-2021-37315
MISC(link is external) asus -- rt-ac68u SQL injection vulnerability in Cloud
Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows
remote attackers to view sensitive information via /etc/shadow. 2023-02-03 not
yet calculated CVE-2021-37316
MISC(link is external) asus -- rt-ac68u Directory Traversal vulnerability in
Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634
allows remote attackers to write arbitrary files via improper sanitation on the
target for COPY and MOVE operations. 2023-02-03 not yet calculated
CVE-2021-37317
MISC(link is external) pbootcms -- pbootcms SQL injection vulnerability in route
of PbootCMS 3.0.5 allows remote attackers to run arbitrary SQL commands via
crafted GET request. 2023-02-03 not yet calculated CVE-2021-37497
MISC(link is external)
MISC(link is external) hdfgroup -- hdf5-h5dump Buffer Overflow vulnerability in
HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of
service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c. 2023-02-03 not
yet calculated CVE-2021-37501
MISC(link is external)
MISC(link is external) automad -- automad Cross Site Scripting (XSS)
vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via
the user name field when adding a user. 2023-02-03 not yet calculated
CVE-2021-37502
MISC(link is external) vimium_extension -- vimium_extension Universal Cross Site
Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows
remote attackers to run arbitrary code via omnibar feature. 2023-02-03 not yet
calculated CVE-2021-37518
MISC(link is external)
MISC(link is external) memcached -- memcached Buffer Overflow vulnerability in
authfile.c memcached 1.6.9 allows attackers to cause a denial of service via
crafted authenticattion file. 2023-02-03 not yet calculated CVE-2021-37519
MISC(link is external)
MISC(link is external) hp -- bios Potential security vulnerabilities have been
identified in the BIOS (UEFI Firmware) for certain HP PC products, which might
allow arbitrary code execution. HP is releasing firmware updates to mitigate
these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3808
MISC(link is external) hp -- bios Potential security vulnerabilities have been
identified in the BIOS (UEFI Firmware) for certain HP PC products, which might
allow arbitrary code execution. HP is releasing firmware updates to mitigate
these potential vulnerabilities. 2023-02-01 not yet calculated CVE-2021-3809
MISC(link is external) nyuccl -- psiturk A vulnerability has been found in
NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability
affects unknown code of the file psiturk/experiment.py. The manipulation of the
argument mode leads to improper neutralization of special elements used in a
template engine. The exploit has been disclosed to the public and may be used.
Upgrading to version 3.2.1 is able to address this issue. The name of the patch
is 47787e15cecd66f2aa87687bf852ae0194a4335f. It is recommended to upgrade the
affected component. The identifier of this vulnerability is VDB-219676.
2023-01-28 not yet calculated CVE-2021-4315
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) wireguard -- wireguard WireGuard, such as WireGuard 0.5.3
on Windows, does not fully account for the possibility that an adversary might
be able to set a victim's system time to a future value, e.g., because
unauthenticated NTP is used. This can lead to an outcome in which one static
private key becomes permanently useless. 2023-01-29 not yet calculated
CVE-2021-46873
MISC(link is external) schneider_electric -- ecostruxure_power_commission A
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability exists that could allow an attacker to create or
overwrite critical files that are used to execute code, such as programs or
libraries and cause unauthenticated code execution. Affected Products:
EcoStruxure Power Commission (Versions prior to V2.22) 2023-01-30 not yet
calculated CVE-2022-0223
MISC(link is external) nemo-appium -- nemo-appium Versions of the package
nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper
input sanitization in the 'module.exports.setup' function. **Note:** In order to
exploit this vulnerability appium-running 0.1.3 has to be installed as one of
nemo-appium dependencies. 2023-01-31 not yet calculated CVE-2022-21129
MISC(link is external)
MISC(link is external)
MISC(link is external) ibm -- tivoli_workload_scheduler IBM Tivoli Workload
Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection
(XXE) attack when processing XML data. A remote attacker could exploit this
vulnerability to expose sensitive information or consume memory resources. IBM
X-Force ID: 226328. 2023-02-03 not yet calculated CVE-2022-22486
MISC(link is external)
MISC(link is external) schneider_electric -- ecostruxure_power_commission A
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path
Traversal') vulnerability exists in a function that could allow an attacker to
create or overwrite critical files that are used to execute code, such as
programs or libraries and cause path traversal attacks. Affected Products:
EcoStruxure Power Commission (Versions prior to V2.22) 2023-01-30 not yet
calculated CVE-2022-22731
MISC(link is external) schneider_electric -- ecostruxure_power_commission A
CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could
cause all remote domains to access the resources (data) supplied by the server
when an attacker sends a fetch request from third-party site or malicious site.
Affected Products: EcoStruxure Power Commission (Versions prior to V2.22)
2023-01-30 not yet calculated CVE-2022-22732
MISC(link is external) schneider_electric -- igss_data_server A CWE-190: Integer
Overflow or Wraparound vulnerability exists that could cause heap-based buffer
overflow, leading to denial of service and potentially remote code execution
when an attacker sends multiple specially crafted messages. Affected Products:
IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
2023-02-01 not yet calculated CVE-2022-2329
MISC(link is external) ip-label -- newtest The Robot application in Ip-label
Newtest before v8.5R0 was discovered to use weak signature checks on executed
binaries, allowing attackers to have write access and escalate privileges via
replacing NEWTESTREMOTEMANAGER.EXE. 2023-01-30 not yet calculated CVE-2022-23334
MISC(link is external)
MISC(link is external)
MISC(link is external) hp_inc -- hp_support_assistant Potential security
vulnerabilities have been identified in HP Support Assistant. These
vulnerabilities include privilege escalation, compromise of integrity, allowed
communication with untrusted clients, and unauthorized modification of files.
2023-02-01 not yet calculated CVE-2022-23453
MISC(link is external) hp_inc -- hp_support_assistant Potential security
vulnerabilities have been identified in HP Support Assistant. These
vulnerabilities include privilege escalation, compromise of integrity, allowed
communication with untrusted clients, and unauthorized modification of files.
2023-02-01 not yet calculated CVE-2022-23454
MISC(link is external) hp_inc -- hp_support_assistant Potential security
vulnerabilities have been identified in HP Support Assistant. These
vulnerabilities include privilege escalation, compromise of integrity, allowed
communication with untrusted clients, and unauthorized modification of files.
2023-02-01 not yet calculated CVE-2022-23455
MISC(link is external) grafana -- grafana Grafana is an open-source platform for
monitoring and observability. When datasource query caching is enabled, Grafana
caches all headers, including `grafana_session`. As a result, any user that
queries a datasource where the caching is enabled can acquire another user’s
session. To mitigate the vulnerability you can disable datasource query caching
for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.
2023-02-03 not yet calculated CVE-2022-23498
MISC(link is external) grafana -- grafana Grafana is an open-source platform for
monitoring and observability. Starting with the 8.1 branch and prior to versions
8.5.16, 9.2.10, and 9.3.4, Grafana had a stored XSS vulnerability affecting the
core plugin GeoMap. The stored XSS vulnerability was possible because SVG files
weren't properly sanitized and allowed arbitrary JavaScript to be executed in
the context of the currently authorized user of the Grafana instance. An
attacker needs to have the Editor role in order to change a panel to include
either an external URL to a SVG-file containing JavaScript, or use the `data:`
scheme to load an inline SVG-file containing JavaScript. This means that
vertical privilege escalation is possible, where a user with Editor role can
change to a known password for a user having Admin role if the user with Admin
role executes malicious JavaScript viewing a dashboard. Users may upgrade to
version 8.5.16, 9.2.10, or 9.3.4 to receive a fix. 2023-01-27 not yet calculated
CVE-2022-23552
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) schneider_electric – igss_data_server_igssdataserverexe A
CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that
could cause a stack-based buffer overflow potentially leading to remote code
execution when an attacker sends a specially crafted message. Affected Products:
IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)
2023-02-01 not yet calculated CVE-2022-24324
MISC(link is external) symfony -- symfony Symfony is a PHP framework for web and
console applications and a set of reusable PHP components. The Symfony HTTP
cache system, acts as a reverse proxy: It caches entire responses (including
headers) and returns them to the clients. In a recent change in the
`AbstractSessionListener`, the response might contain a `Set-Cookie` header. If
the Symfony HTTP cache system is enabled, this response might bill stored and
return to the next clients. An attacker can use this vulnerability to retrieve
the victim's session. This issue has been patched and is available for branch
4.4. 2023-02-03 not yet calculated CVE-2022-24894
MISC(link is external)
MISC(link is external) symfony -- symfony Symfony is a PHP framework for web and
console applications and a set of reusable PHP components. When authenticating
users Symfony by default regenerates the session ID upon login, but preserves
the rest of session attributes. Because this does not clear CSRF tokens upon
login, this might enables same-site attackers to bypass the CSRF protection
mechanism by performing an attack similar to a session-fixation. This issue has
been fixed in the 4.4 branch. 2023-02-03 not yet calculated CVE-2022-24895
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) apache -- portable_runtime_utility
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache
Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer.
This issue affects Apache Portable Runtime (APR) version 1.7.0. 2023-01-31 not
yet calculated CVE-2022-24963
MISC apache -- portable_runtime_utility Integer Overflow or Wraparound
vulnerability in apr_base64 functions of Apache Portable Runtime Utility
(APR-util) allows an attacker to write beyond bounds of a buffer. This issue
affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
2023-01-31 not yet calculated CVE-2022-25147
MISC wordpress -- wordpress The All-in-One WP Migration WordPress plugin before
7.63 uses the wrong content type, and does not properly escape the response from
the ai1wm_export AJAX action, allowing an attacker to craft a request that when
submitted by any visitor will inject arbitrary html or javascript into the
response that will be executed in the victims session. Note: This requires
knowledge of a static secret key 2023-02-02 not yet calculated CVE-2022-2546
MISC(link is external) cache_semantics -- cache_semantics This affects versions
of the package http-cache-semantics before 4.1.1. The issue can be exploited via
malicious request header values sent to a server, when that server reads the
cache policy from the request using this library. 2023-01-31 not yet calculated
CVE-2022-25881
MISC(link is external)
MISC(link is external)
MISC(link is external) snyk -- is-http2 All versions of the package is-http2 are
vulnerable to Command Injection due to missing input sanitization or other
checks, and sandboxes being employed to the isH2 function. 2023-02-01 not yet
calculated CVE-2022-25906
MISC(link is external)
MISC(link is external) snyk -- mt7688-wiscan Versions of the package
mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper
input sanitization in the 'wiscan.scan' function. 2023-02-01 not yet calculated
CVE-2022-25916
MISC(link is external)
MISC(link is external)
MISC(link is external) snyk -- servst Versions of the package servst before
2.0.3 are vulnerable to Directory Traversal due to improper sanitization of the
filePath variable. 2023-01-30 not yet calculated CVE-2022-25936
MISC(link is external)
MISC(link is external)
MISC(link is external) snyk -- eta Versions of the package eta before 2.0.0 are
vulnerable to Remote Code Execution (RCE) by overwriting template engine
configuration variables with view options received from The Express render API.
**Note:** This is exploitable only for users who are rendering templates with
user-defined data. 2023-01-30 not yet calculated CVE-2022-25967
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) snyk -- jsuites Versions of the package jsuites before
5.0.1 are vulnerable to Cross-site Scripting (XSS) due to improper user-input
sanitization in the Editor() function. 2023-01-31 not yet calculated
CVE-2022-25979
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) ami -- megarac_spx-12 AMI Megarac Password reset
interception via API 2023-01-30 not yet calculated CVE-2022-26872
MISC(link is external) hp -- bios Potential vulnerabilities have been identified
in the system BIOS of certain HP PC products, which might allow arbitrary code
execution, escalation of privilege, denial of service, and information
disclosure. HP is releasing BIOS updates to mitigate these potential
vulnerabilities. 2023-02-01 not yet calculated CVE-2022-27537
MISC(link is external) hp -- bios A potential Time-of-Check to Time-of-Use
(TOCTOU) vulnerability has been identified in the BIOS for certain HP PC
products which may allow arbitrary code execution, denial of service, and
information disclosure. HP is releasing BIOS updates to mitigate the potential
vulnerability. 2023-02-01 not yet calculated CVE-2022-27538
MISC(link is external) apache -- portable_runtime_utility On Windows, Apache
Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based
buffer in apr_socket_sendv(). This is a result of integer overflow. 2023-01-31
not yet calculated CVE-2022-28331
MISC schneider_electric -- somachine_hvac A CWE-787: Out-of-bounds Write
vulnerability exists that could cause sensitive information leakage when
accessing a malicious web page from the commissioning software. Affected
Products: SoMachine HVAC (Versions prior to V2.1.0), EcoStruxure Machine Expert
– HVAC (Versions prior to V1.4.0) 2023-01-30 not yet calculated CVE-2022-2988
MISC(link is external) toshiba -- storage_security_software Improper
Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is
that allows for sensitive information to be obtained via(local) password
authentication module. 2023-01-31 not yet calculated CVE-2022-30421
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) landisgyr – e850_zmq200 All versions of Landis+Gyr E850
(ZMQ200) are vulnerable to CWE-784: Reliance on Cookies Without Validation and
Integrity. The device's web application navigation depends on the value of the
session cookie. The web application could become inaccessible for the user if an
attacker changes the cookie values. 2023-02-01 not yet calculated CVE-2022-3083
MISC bestechnic -- bluetooth_mesh_sdk In Bestechnic Bluetooth Mesh SDK (BES2300)
V1.0, a buffer overflow vulnerability can be triggered during provisioning,
because there is no check for the SegN field of the Transaction Start PDU.
2023-02-01 not yet calculated CVE-2022-30904
MISC(link is external) cypress --
bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 Cypress :
https://www.infineon.com/ Cypress Bluetooth Mesh SDK
BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is:
execute arbitrary code (remote). The component is: affected function is
pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an
out-of-bound write vulnerability that can be triggered during mesh provisioning.
Because there is no check for mismatched SegN and TotalLength in Transaction
Start PDU. 2023-02-01 not yet calculated CVE-2022-31363
MISC(link is external) cypress --
bluetooth_mesh_sdk_bsa0107_05.01.00-bx8-amesh-08 Cypress :
https://www.infineon.com/ Cypress Bluetooth Mesh SDK
BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is:
execute arbitrary code (remote). The component is: affected function is
lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an
out-of-bound write vulnerability that can be triggered by sending a series of
segmented packets with inconsistent SegN. 2023-02-01 not yet calculated
CVE-2022-31364
MISC(link is external) cloud_foundry -- diego/cf_deployment
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF
Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego
cells, allowing application ingress without a client certificate. If mTLS route
integrity is enabled AND unproxied ports are turned off, then an attacker could
connect to an application that should be only reachable via mTLS, without
presenting a client certificate. 2023-02-03 not yet calculated CVE-2022-31733
MISC notepad++ -- notepad++ Notepad++ v8.4.1 was discovered to contain a stack
overflow via the component Finder::add(). 2023-02-01 not yet calculated
CVE-2022-31902
MISC(link is external)
MISC(link is external) dell -- bios Dell BIOS contains an improper input
validation vulnerability. A local authenticated malicious user with admin
privileges may potentially exploit this vulnerability in order to modify a UEFI
variable. 2023-02-01 not yet calculated CVE-2022-32482
MISC(link is external) schneider_electric -- canbrass A CWE-119: Improper
Restriction of Operations within the Bounds of a Memory Buffer vulnerability
exists that could cause remote code execution when a command which exploits this
vulnerability is utilized. Affected Products: CanBRASS (Versions prior to
V7.5.1) 2023-01-30 not yet calculated CVE-2022-32512
MISC(link is external) schneider_electric -- multiple_products A CWE-521: Weak
Password Requirements vulnerability exists that could allow an attacker to gain
control of the device when the attacker brute forces the password. Affected
Products: C-Bus Network Automation Controller - LSS5500NAC (Versions prior to
V1.10.0), Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to
V1.10.0), Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior
to V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions
prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2
(Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2
(Versions prior to V1.10.0) 2023-01-30 not yet calculated CVE-2022-32513
MISC(link is external) schneider_electric -- multiple_products A CWE-287:
Improper Authentication vulnerability exists that could allow an attacker to
gain control of the device when logging into a web page. Affected Products:
C-Bus Network Automation Controller - LSS5500NAC (Versions prior to V1.10.0),
Wiser for C-Bus Automation Controller - LSS5500SHAC (Versions prior to V1.10.0),
Clipsal C-Bus Network Automation Controller - 5500NAC (Versions prior to
V1.10.0), Clipsal Wiser for C-Bus Automation Controller - 5500SHAC (Versions
prior to V1.10.0), SpaceLogic C-Bus Network Automation Controller - 5500NAC2
(Versions prior to V1.10.0), SpaceLogic C-Bus Application Controller - 5500AC2
(Versions prior to V1.10.0) 2023-01-30 not yet calculated CVE-2022-32514
MISC(link is external) schneider_electric -- context_combox A CWE-307: Improper
Restriction of Excessive Authentication Attempts vulnerability exists that could
cause brute force attacks to take over the admin account when the product does
not implement a rate limit mechanism on the admin authentication form. Affected
Products: Conext™ ComBox (All Versions) 2023-01-30 not yet calculated
CVE-2022-32515
MISC(link is external) schneider_electric -- context_combox A CWE-352:
Cross-Site Request Forgery (CSRF) vulnerability exists that could cause system’s
configurations override and cause a reboot loop when the product suffers from
POST-Based Cross-Site Request Forgery (CSRF). Affected Products: Conext™ ComBox
(All Versions) 2023-01-30 not yet calculated CVE-2022-32516
MISC(link is external) schneider_electric -- context_combox A CWE-1021: Improper
Restriction of Rendered UI Layers or Frames vulnerability exists that could
cause an adversary to trick the interface user/admin into interacting with the
application in an unintended way when the product does not implement
restrictions on the ability to render within frames on external addresses.
Affected Products: Conext™ ComBox (All Versions) 2023-01-30 not yet calculated
CVE-2022-32517
MISC(link is external) schneider_electric -- data_center_expert A CWE-522:
Insufficiently Protected Credentials vulnerability exists that could result in
unwanted access to a DCE instance when performed over a network by a malicious
third-party. This CVE is unique from CVE-2022-32520. Affected Products: Data
Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated
CVE-2022-32518
MISC(link is external) schneider_electric -- data_center_expert A CWE-257:
Storing Passwords in a Recoverable Format vulnerability exists that could result
in unwanted access to a DCE instance when performed over a network by a
malicious third-party. Affected Products: Data Center Expert (Versions prior to
V7.9.0) 2023-01-30 not yet calculated CVE-2022-32519
MISC(link is external) schneider_electric -- data_center_expert A CWE-522:
Insufficiently Protected Credentials vulnerability exists that could result in
unwanted access to a DCE instance when performed over a network by a malicious
third-party. This CVE is unique from CVE-2022-32518. Affected Products: Data
Center Expert (Versions prior to V7.9.0) 2023-01-30 not yet calculated
CVE-2022-32520
MISC(link is external) schneider_electric -- data_center_expert A CWE 502:
Deserialization of Untrusted Data vulnerability exists that could allow code to
be remotely executed on the server when unsafely deserialized data is posted to
the web server. Affected Products: Data Center Expert (Versions prior to V7.9.0)
2023-01-30 not yet calculated CVE-2022-32521
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted mathematically reduced data request
messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions
prior to V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32522
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted online data request messages. Affected
Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to
V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32523
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted time reduced data messages. Affected
Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to
V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32524
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted alarm data messages. Affected Products: IGSS
Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30
not yet calculated CVE-2022-32525
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted setting value messages. Affected Products:
IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
2023-01-30 not yet calculated CVE-2022-32526
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted alarm cache data messages. Affected
Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to
V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32527
MISC(link is external) schneider_electric -- igss_data_server A CWE-306: Missing
Authentication for Critical Function vulnerability exists that could cause
access to manipulate and read files in the IGSS project report directory when an
attacker sends specific messages. Affected Products: IGSS Data Server -
IGSSdataServer.exe (Versions prior to V15.0.0.22170) 2023-01-30 not yet
calculated CVE-2022-32528
MISC(link is external) schneider_electric -- igss_data_server A CWE-120: Buffer
Copy without Checking Size of Input vulnerability exists that could cause a
stack-based buffer overflow, potentially leading to remote code execution when
an attacker sends specially crafted log data request messages. Affected
Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to
V15.0.0.22170) 2023-01-30 not yet calculated CVE-2022-32529
MISC(link is external) schneider_electric --
ecostruxure_cybersecurity_admin_expert
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could
cause legitimate users to be locked out of devices or facilitate backdoor
account creation by spoofing a device on the local network. Affected Products:
EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2) 2023-01-30
not yet calculated CVE-2022-32747
MISC(link is external) schneider_electric --
ecostruxure_cybersecurity_admin_expert A CWE-295: Improper Certificate
Validation vulnerability exists that could cause the CAE software to give wrong
data to end users when using CAE to configure devices. Additionally, credentials
could leak which would enable an attacker the ability to log into the
configuration tool and compromise other devices in the network. Affected
Products: EcoStruxure™ Cybersecurity Admin Expert (CAE) (Versions prior to 2.2)
2023-01-30 not yet calculated CVE-2022-32748
MISC(link is external) btcpay_server -- btcpay_server BTCPay Server 1.3.0
through 1.5.3 allows a remote attacker to obtain sensitive information when a
public Point of Sale app is exposed. The sensitive information, found in the
HTML source code, includes the xpub of the store. Also, if the store isn't using
the internal lightning node, the credentials of a lightning node are exposed.
2023-01-31 not yet calculated CVE-2022-32984
MISC mitsubishi_electric_corporation -- multiple_products Active Debug Code
vulnerability in robot controller of Mitsubishi Electric Corporation industrial
robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated
attacker to gain unauthorized access by authentication bypass through an
unauthorized telnet login. As for the affected model names, controller types and
firmware versions, see the Mitsubishi Electric's advisory which is listed in
[References] section. 2023-02-02 not yet calculated CVE-2022-33323
MISC(link is external)
MISC
MISC(link is external) biltema -- ip/baby_camera_software Insecure direct object
references (IDOR) in the web server of Biltema IP and Baby Camera Software v124
allows attackers to access sensitive information. 2023-02-03 not yet calculated
CVE-2022-34138
MISC
MISC(link is external) dell – openmanage_server_administrator Dell OpenManage
Server Administrator (OMSA) version 10.3.0.0 and earlier contains a DLL
Injection Vulnerability. A local low privileged authenticated attacker could
potentially exploit this vulnerability, leading to the execution of arbitrary
executable on the operating system with elevated privileges. Exploitation may
lead to a complete system compromise. 2023-02-01 not yet calculated
CVE-2022-34396
MISC(link is external) dell -- bios
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local
authenticated malicious user could\u00a0potentially exploit this vulnerability
by using a specifically timed DMA transaction during an SMI to gain arbitrary
code execution on the system. 2023-02-01 not yet calculated CVE-2022-34398
MISC(link is external) dell -- bios
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with
admin privileges could potentially exploit this vulnerability to perform an
arbitrary write to SMRAM during SMM. 2023-02-01 not yet calculated
CVE-2022-34400
MISC(link is external) dell -- bios
Dell BIOS contains a Stack based buffer overflow vulnerability. A local
authenticated attacker could potentially exploit this vulnerability by using an
SMI to send larger than expected input to a parameter to gain arbitrary code
execution in SMRAM. 2023-02-01 not yet calculated CVE-2022-34403
MISC(link is external) dell -- rugged _control_center Dell Rugged Control
Center, versions prior to 4.5, contain an Improper Input Validation in the
Service EndPoint. A Local Low Privilege attacker could potentially exploit this
vulnerability, leading to an Escalation of privileges. 2023-02-01 not yet
calculated CVE-2022-34443
MISC(link is external) dell -- multiple_products Dell Command | Update, Dell
Update, and Alienware Update versions prior to 4.7 contain a Exposure of
Sensitive System Information to an Unauthorized Control Sphere vulnerability in
download operation component. A local malicious user could potentially exploit
this vulnerability leading to the disclosure of confidential data. 2023-02-01
not yet calculated CVE-2022-34458
MISC(link is external) dell -- multiple_products Dell Command | Update, Dell
Update, and Alienware Update versions prior to 4.7 contain a improper
verification of cryptographic signature in get applicable driver component. A
local malicious user could potentially exploit this vulnerability leading to
malicious payload execution. 2023-02-01 not yet calculated CVE-2022-34459
MISC(link is external) lenovo -- xclarity_controller A buffer overflow exists in
the Remote Presence subsystem which can potentially allow valid, authenticated
users to cause a recoverable subsystem denial of service. 2023-01-30 not yet
calculated CVE-2022-34884
MISC(link is external) motorola -- mr2600 An improper input sanitization
vulnerability in the Motorola MR2600 router could allow a local user with
elevated permissions to execute arbitrary code. 2023-01-30 not yet calculated
CVE-2022-34885
MISC(link is external) lenovo -- xclarity_controller The Remote Mount feature
can potentially be abused by valid, authenticated users to make connections to
internal services that may not normally be accessible to users. Internal service
access controls, as applicable, remain in effect. 2023-01-30 not yet calculated
CVE-2022-34888
MISC(link is external) pesign -- pesign A flaw was found in pesign. The pesign
package provides a systemd service used to start the pesign daemon. This service
unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories
to grant access privileges to users in the 'pesign' group. However, the script
doesn't check for symbolic links. This could allow an attacker to gain access to
privileged files and directories via a path traversal attack. 2023-02-02 not yet
calculated CVE-2022-3560
MISC(link is external) wordpress -- wordpress Cross-Site Request Forgery (CSRF)
vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.
2023-02-02 not yet calculated CVE-2022-36401
MISC(link is external) dotcms -- tempfileapi In dotCMS 5.x-22.06, TempFileAPI
allows a user to create a temporary file based on a passed in URL, while
attempting to block any SSRF access to local IP addresses or private subnets. In
resolving this URL, the TempFileAPI follows any 302 redirects that the remote
URL returns. Because there is no re-validation of the redirect URL, the
TempFileAPI can be used to return data from those local/private hosts that
should not be accessible remotely. 2023-02-01 not yet calculated CVE-2022-37033
MISC(link is external) dotcms -- tempfileresource
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times,
each time requesting the dotCMS server to download a large file. If done
repeatedly, this will result in Tomcat request-thread exhaustion and ultimately
a denial of any other requests. 2023-02-01 not yet calculated CVE-2022-37034
MISC(link is external) docker -- docker Docker version 20.10.15, build fd82621
is vulnerable to Insecure Permissions. Unauthorized users outside the Docker
container can access any files within the Docker container. 2023-01-31 not yet
calculated CVE-2022-37708
MISC(link is external)
MISC(link is external)
MISC(link is external) ibm -- trivoli_workload_scheduler IBM Tivoli Workload
Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection
(XXE) attack when processing XML data. A remote attacker could exploit this
vulnerability to expose sensitive information or consume memory resources. IBM
X-Force ID: 233975. 2023-02-03 not yet calculated CVE-2022-38389
MISC(link is external)
MISC(link is external) talos -- freshtomato A directory traversal vulnerability
exists in the httpd update.cgi functionality of FreshTomato 2022.5. A specially
crafted HTTP request can lead to arbitrary file read. An attacker can send an
HTTP request to trigger this vulnerability. 2023-01-30 not yet calculated
CVE-2022-38451
MISC(link is external) rapid7 -- multiple_products Rapid7 Nexpose and InsightVM
versions 6.6.82 through 6.6.177 fail to validate the certificate of the update
server when downloading updates. This failure could allow an attacker in a
privileged position on the network to provide their own HTTPS endpoint, or
intercept communications to the legitimate endpoint. The attacker would need
some pre-existing access to at least one node on the network path between the
Rapid7-controlled update server and the Nexpose/InsightVM application, and the
ability to either spoof the update server's FQDN or redirect legitimate traffic
to the attacker's server in order to exploit this vulnerability. Note that even
in this scenario, an attacker could not normally replace an update package with
a malicious package, since the update process validates a separate, code-signing
certificate, distinct from the HTTPS certificate used for communication. This
issue was resolved on February 1, 2023 in update 6.6.178 of Nexpose and
InsightVM. 2023-02-01 not yet calculated CVE-2022-3913
MISC(link is external)
MISC(link is external) grafana -- grafana Grafana is an open-source platform for
monitoring and observability. Prior to versions 8.5.16 and 9.2.8, malicious user
can create a snapshot and arbitrarily choose the `originalUrl` parameter by
editing the query, thanks to a web proxy. When another user opens the URL of the
snapshot, they will be presented with the regular web interface delivered by the
trusted Grafana server. The `Open original dashboard` button no longer points to
the to the real original dashboard but to the attacker’s injected URL. This
issue is fixed in versions 8.5.16 and 9.2.8. 2023-01-27 not yet calculated
CVE-2022-39324
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) wire -- web-app Wire web-app is part of Wire
communications. Versions prior to 2022-11-02 are subject to Improper Handling of
Exceptional Conditions. In the wire-webapp, certain combinations of Markdown
formatting can trigger an unhandled error in the conversion to HTML
representation. The error makes it impossible to display the affected chat
history, other conversations are not affected. The issue has been fixed in
version 2022-11-02 and is already deployed on all Wire managed services.
On-premise instances of wire-webapp need to be updated to docker tag
2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03
(chart/4.26.0), so that their applications are no longer affected. As a
workaround, you may use an iOS or Android client and delete the corresponding
message from the history OR write 30 or more messages into the affected
conversation to prevent the client from further rendering of the corresponding
message. When attempting to retrieve messages from the conversation history, the
error will continue to occur once the malformed message is part of the result.
2023-01-27 not yet calculated CVE-2022-39380
MISC(link is external) italtel -- netmatch-s_ci Italtel NetMatch-S CI
5.2.0-20211008 has incorrect Access Control under
NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not
verifying permissions for access to resources, it allows an attacker to view
pages that are not allowed, and modify the system configuration, bypassing all
controls (without checking for user identity). 2023-01-27 not yet calculated
CVE-2022-39811
MISC(link is external) italtel -- netmatch-s_ci Italtel NetMatch-S CI
5.2.0-20211008 allows Absolute Path Traversal under
NMSCI-WebGui/SaveFileUploader. An unauthenticated user can upload files to an
arbitrary path. An attacker can change the uploadDir parameter in a POST request
(not possible using the GUI) to an arbitrary directory. Because the application
does not check in which directory a file will be uploaded, an attacker can
perform a variety of attacks that can result in unauthorized access to the
server. 2023-01-27 not yet calculated CVE-2022-39812
MISC(link is external) italtel -- netmatch-s_ci Italtel NetMatch-S CI
5.2.0-20211008 allows Multiple Reflected/Stored XSS issues under
NMSCIWebGui/j_security_check via the j_username parameter, or
NMSCIWebGui/actloglineview.jsp via the name or actLine parameter. An attacker
leveraging this vulnerability could inject arbitrary JavaScript. The payload
would then be triggered every time an authenticated user browses the page
containing it. 2023-01-27 not yet calculated CVE-2022-39813
MISC(link is external) hewlett_packard -- hpfsviewer HPSFViewer might allow
Escalation of Privilege. This potential vulnerability was remediated on July
29th, 2022. Customers who opted for automatic updates should have already
received the remediation. 2023-02-01 not yet calculated CVE-2022-3990
MISC(link is external) lenovo -- multiple_products An information leak
vulnerability in the SMI Set BIOS Password SMI Handler in some Lenovo models may
allow an attacker with local access and elevated privileges to read SMM memory.
2023-01-30 not yet calculated CVE-2022-40134
MISC(link is external) lenovo -- multiple_products An information leak
vulnerability in the Smart USB Protection SMI Handler in some Lenovo models may
allow an attacker with local access and elevated privileges to read SMM memory.
2023-01-30 not yet calculated CVE-2022-40135
MISC(link is external) lenovo -- multiple_products An information leak
vulnerability in SMI Handler used to configure platform settings over WMI in
some Lenovo models may allow an attacker with local access and elevated
privileges to read SMM memory. 2023-01-30 not yet calculated CVE-2022-40136
MISC(link is external) lenovo -- multiple_products A buffer overflow in the WMI
SMI Handler in some Lenovo models may allow an attacker with local access and
elevated privileges to execute arbitrary code. 2023-01-30 not yet calculated
CVE-2022-40137
MISC(link is external) ami -- megarac AMI Megarac Weak password hashes for
Redfish & API 2023-01-31 not yet calculated CVE-2022-40258
MISC(link is external) mitsubishi_electric -- multiple_products Improper
Restriction of Rendered UI Layers or Frames vulnerability in Mitsubishi Electric
Corporation GOT2000 Series GT27 model versions 01.14.000 to 01.47.000,
Mitsubishi Electric Corporation GOT2000 Series GT25 model versions 01.14.000 to
01.47.000 and Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to
1.285X allows a remote unauthenticated attacker to lead legitimate users to
perform unintended operations through clickjacking. 2023-02-02 not yet
calculated CVE-2022-40268
MISC(link is external)
MISC(link is external) mitsubishi_electric -- multiple_products Authentication
Bypass by Spoofing vulnerability in Mitsubishi Electric Corporation GOT2000
Series GT27 model versions 01.14.000 to 01.47.000, Mitsubishi Electric
Corporation GOT2000 Series GT25 model versions 01.14.000 to 01.47.000 and
Mitsubishi Electric Corporation GT SoftGOT2000 versions 1.265B to 1.285X allows
a remote unauthenticated attacker to disclose sensitive information from users'
browsers or spoof legitimate users by abusing inappropriate HTML attributes.
2023-02-02 not yet calculated CVE-2022-40269
MISC(link is external)
MISC(link is external) hitachi -- storage_plug-in_for_vmware_vcenter Incorrect
Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter
allows remote authenticated users to cause privilege escalation. This issue
affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
2023-01-31 not yet calculated CVE-2022-4041
MISC(link is external) schneider_electric -- ecostruxure_power_commission A
CWE-285: Improper Authorization vulnerability exists that could cause
unauthorized access to certain software functions when an attacker gets access
to localhost interface of the EcoStruxure Power Commission application. Affected
Products: EcoStruxure Power Commission (Versions prior to V2.25) 2023-02-01 not
yet calculated CVE-2022-4062
MISC(link is external) wordpress -- wordpress
Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo
Cart plugin <= 2.9.13 versions. 2023-02-02 not yet calculated CVE-2022-40692
MISC(link is external) gitlab -- gitlab A blind SSRF in GitLab CE/EE affecting
all from 11.3 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1
allows an attacker to connect to local addresses when configuring a malicious
GitLab Runner. 2023-01-27 not yet calculated CVE-2022-4201
CONFIRM(link is external)
MISC(link is external) gitlab -- gitlab In Gitlab EE/CE before 15.6.1, 15.5.5
and 15.4.6 using a branch with a hexadecimal name could override an existing
hash. 2023-01-27 not yet calculated CVE-2022-4205
MISC(link is external)
CONFIRM(link is external) gitlab -- gitlab A sensitive information leak issue
has been discovered in all versions of DAST API scanner from 1.6.50 prior to
2.0.102, exposing the Authorization header in the vulnerability report
2023-02-01 not yet calculated CVE-2022-4206
CONFIRM(link is external)
MISC(link is external) talos -- freshtomato An OS command injection
vulnerability exists in the httpd logs/view.cgi functionality of FreshTomato
2022.5. A specially crafted HTTP request can lead to arbitrary command
execution. An attacker can send an HTTP request to trigger this vulnerability.
2023-01-30 not yet calculated CVE-2022-42484
MISC(link is external) sssd -- sssd sssd: libsss_certmap fails to sanitise
certificate data used in LDAP filters 2023-02-01 not yet calculated
CVE-2022-4254
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) gitlab -- gitlab An info leak issue was identified in all
versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6
prior to 15.6.1 which exposes user email id through webhook payload. 2023-01-27
not yet calculated CVE-2022-4255
MISC(link is external)
CONFIRM(link is external) wepa -- print_away WEPA Print Away is vulnerable to a
stored XSS. It does not properly sanitize uploaded filenames, allowing an
attacker to deceive a user into uploading a document with a malicious filename,
which will be included in subsequent HTTP responses, allowing a stored XSS to
occur. This attack is persistent across victim sessions. 2023-02-03 not yet
calculated CVE-2022-42908
CONFIRM(link is external)
CONFIRM(link is external) wepa -- print_away WEPA Print Away does not verify
that a user has authorization to access documents before generating print orders
and associated release codes. This could allow an attacker to generate print
orders and release codes for documents they don´t own and print hem without
authorization. In order to exploit this vulnerability, the user must have an
account with wepanow.com or any of the institutions they serve, and be logged
in. 2023-02-03 not yet calculated CVE-2022-42909
CONFIRM(link is external)
CONFIRM(link is external) schneider_electric -- multiple_products A CWE-306:
Missing Authentication for Critical Function The software does not perform any
authentication for functionality that requires a provable user identity or
consumes a significant amount of resources. Affected Products: APC Easy UPS
Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022
- Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows
11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider
Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server
2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS
Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions
prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42970
MISC(link is external) schneider_electric -- multiple_products
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability
exists that could cause remote code execution when the attacker uploads a
malicious JSP file. Affected Products: APC Easy UPS Online Monitoring Software
(Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to
V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server
2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS
Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022
- Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring
Software (Windows 11, Windows Server 2019, 2022 - Versions prior to
V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42971
MISC(link is external) schneider_electric -- multiple_products A CWE-732:
Incorrect Permission Assignment for Critical Resource vulnerability exists that
could cause local privilege escalation when a local attacker modifies the
webroot directory. Affected Products: APC Easy UPS Online Monitoring Software
(Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to
V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server
2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS
Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022
- Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring
Software (Windows 11, Windows Server 2019, 2022 - Versions prior to
V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42972
MISC(link is external) schneider_electric -- multiple_products A CWE-798: Use of
Hard-coded Credentials vulnerability exists that could cause local privilege
escalation when local attacker connects to the database. Affected Products: APC
Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016,
2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software
(Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261),
Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 &
Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric
Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 -
Versions prior to V2.5-GS-01-22261) 2023-02-01 not yet calculated CVE-2022-42973
MISC(link is external) wordpress -- wordpress The Panda Pods Repeater Field
WordPress plugin before 1.5.4 does not sanitize and escapes a parameter before
outputting it back in the page, leading to a Reflected Cross-Site Scripting
which could be used against a user having at least Contributor permission.
2023-01-30 not yet calculated CVE-2022-4306
MISC(link is external) estsoft -- alyac A denial of service vulnerability exists
in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A
specially-crafted PE file can lead to killing target process. An attacker can
provide a malicious file to trigger this vulnerability. 2023-02-02 not yet
calculated CVE-2022-43665
MISC(link is external) ibm -- app_connect_enterprise_certified_container IBM App
Connect Enterprise Certified Container 4.1, 4.2, 5.0, 5.1, 5.2, 6.0, 6.1, and
6.2 could disclose sensitive information to an attacker due to a weak hash of an
API Key in the configuration. IBM X-Force ID: 241583. 2023-02-01 not yet
calculated CVE-2022-43922
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Membership For WooCommerce
WordPress plugin before 2.1.7 does not validate uploaded files, which could
allow unauthenticated users to upload arbitrary files, such as malicious PHP
code, and achieve RCE. 2023-01-30 not yet calculated CVE-2022-4395
MISC(link is external) pandora_fms -- pandora_fms There is an improper
authentication vulnerability in Pandora FMS v764. The application verifies that
the user has a valid session when he is not trying to do a login. Since the
secret is static in generatePublicHash function, an attacker with knowledge of a
valid session can abuse this in order to pass the authentication check.
2023-01-27 not yet calculated CVE-2022-43978
CONFIRM(link is external) pandora_fms -- pandora_fms There is a Path Traversal
that leads to a Local File Inclusion in Pandora FMS v764. A function is called
to check that the parameter that the user has inserted does not contain
malicious characteres, but this check is insufficient. An attacker could insert
an absolute path to overcome the heck, thus being able to incluse any PHP file
that resides on the disk. The exploitation of this vulnerability could lead to a
remote code execution. 2023-01-27 not yet calculated CVE-2022-43979
CONFIRM(link is external) pandora_fms -- pandora_fms There is a stored
cross-site scripting vulnerability in Pandora FMS v765 in the network maps
editing functionality. An attacker could modify a network map, including on
purpose the name of an XSS payload. Once created, if a user with admin
privileges clicks on the edited network maps, the XSS payload will be executed.
The exploitation of this vulnerability could allow an atacker to steal the value
of the admin user´s cookie. 2023-01-27 not yet calculated CVE-2022-43980
CONFIRM(link is external) hitachi -- storage_plug-in_for_vmware_vcenter
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for
VMware vCenter allows remote authenticated users to cause privilege escalation.
This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0
before 04.9.1. 2023-01-31 not yet calculated CVE-2022-4441
MISC(link is external) wordpress -- wordpress Cross-Site Request Forgery (CSRF)
vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.
2023-02-02 not yet calculated CVE-2022-44585
MISC(link is external) apache -- linkis In Apache Linkis <=1.3.0 when used with
the MySQL Connector/J, an authenticated attacker could read arbitrary local file
by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in
the jdbc parameter. Therefore, the parameters in the jdbc url should be
blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend
users upgrade the version of Linkis to version 1.3 2023-01-31 not yet calculated
CVE-2022-44644
MISC apache -- linkis In Apache Linkis <=1.3.0 when used with the MySQL
Connector/J, a deserialization vulnerability with possible remote code execution
impact exists when an attacker has write access to a database and configures new
datasource with a MySQL data source and malicious parameters. Therefore, the
parameters in the jdbc url should be blacklisted. Versions of Apache Linkis <=
1.3.0 will be affected. We recommend users to upgrade the version of Linkis to
version 1.3.1. 2023-01-31 not yet calculated CVE-2022-44645
MISC wordpress -- wordpress The Widgets for Google Reviews WordPress plugin
before 9.8 does not validate and escape some of its shortcode attributes before
outputting them back in the page, which could allow users with a role as low as
contributor to perform Stored Cross-Site Scripting attacks which could be used
against high privilege users such as admins. 2023-01-30 not yet calculated
CVE-2022-4470
MISC(link is external) wordpress -- wordpress The Simple Sitemap WordPress
plugin before 3.5.8 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4472
MISC(link is external) apollotheme -- ap_pagebuilder A cross-site scripting
(XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows
attackers to execute arbitrary web scripts or HTML via a crafted payload
injected into the show_number parameter. 2023-01-31 not yet calculated
CVE-2022-44897
MISC(link is external)
MISC(link is external) wordpress -- wordpress The SAML SSO Standard WordPress
plugin version 16.0.0 before 16.0.8, SAML SSO Premium WordPress plugin version
12.0.0 before 12.1.0 and SAML SSO Premium Multisite WordPress plugin version
20.0.0 before 20.0.7 does not validate that the redirect parameter to its SSO
login endpoint points to an internal site URL, making it vulnerable to an Open
Redirect issue when the user is already logged in. 2023-01-30 not yet calculated
CVE-2022-4496
MISC(link is external)
MISC(link is external)
MISC(link is external) wordpress -- wordpress Cross-Site Request Forgery (CSRF)
vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.
2023-02-02 not yet calculated CVE-2022-45067
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS,
8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user
having access local shell and having the privilege to gather logs from the
cluster could potentially exploit this vulnerability, leading to execute
arbitrary commands, denial of service, information disclosure, and data
deletion. 2023-02-01 not yet calculated CVE-2022-45095
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS, 8.2.0
through 9.3.0, contain an User Interface Security Issue. An unauthenticated
remote user could unintentionally lead an administrator to enable this
vulnerability, leading to disclosure of information. 2023-02-01 not yet
calculated CVE-2022-45096
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS
9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low
privileged network attacker could potentially exploit this vulnerability,
leading to escalation of privileges, and information disclosure. 2023-02-01 not
yet calculated CVE-2022-45097
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS,
9.0.0.x-9.4.0.x, contain a cleartext storage of sensitive information
vulnerability in S3 component. An authenticated local attacker could potentially
exploit this vulnerability, leading to information disclosure. 2023-02-01 not
yet calculated CVE-2022-45098
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS, versions
8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and
privileged local attacker could potentially exploit this vulnerability, leading
to a full system compromise 2023-02-01 not yet calculated CVE-2022-45099
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS, versions
8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An
remote unauthenticated attacker could potentially exploit this vulnerability,
leading to a full compromise of the system. 2023-02-01 not yet calculated
CVE-2022-45100
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS 9.0.0.x -
9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability
in NFS. A remote unauthenticated attacker could potentially exploit this
vulnerability, leading to information disclosure and remote execution.
2023-02-01 not yet calculated CVE-2022-45101
MISC(link is external) dell -- emc_data_protection_central Dell EMC Data
Protection Central, versions 19.1 through 19.7, contains a Host Header Injection
vulnerability. A remote unauthenticated attacker may potentially exploit this
vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a
web cache or trigger redirections. 2023-02-01 not yet calculated CVE-2022-45102
MISC(link is external) livebox -- collaboration_vdesk An issue was discovered in
LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under
the /api/v1/registration/validateEmail endpoint, the
/api/v1/vdeskintegration/user/adduser endpoint, and the
/api/v1/registration/changePasswordUser endpoint. The web application is
affected by flaws in authorization logic, through which a malicious user (with
no privileges) is able to perform privilege escalation to the administrator
role, and steal the accounts of any users on the system. 2023-01-31 not yet
calculated CVE-2022-45172
MISC(link is external) eq -- eq EQ v1.5.31 to v2.2.0 was discovered to contain a
SQL injection vulnerability via the UserPwd parameter. 2023-01-31 not yet
calculated CVE-2022-45297
MISC(link is external) identityiq -- multiple_products IdentityIQ 8.3 and all
8.3 patch levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior
to 8.2p5, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0
and all 8.0 patch levels prior to 8.0p6, and all prior versions allow
authenticated users assigned the Identity Administrator capability or any custom
capability that contains the SetIdentityForwarding right to modify the work item
forwarding configuration for identities other than the ones that should be
allowed by Lifecycle Manager Quicklink Population configuration. 2023-01-31 not
yet calculated CVE-2022-45435
MISC(link is external) json.h -- json_parse_string Buffer overflow vulnerability
in function json_parse_value in sheredom json.h before commit
0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to
code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated
CVE-2022-45491
MISC(link is external)
MISC(link is external) json.h -- json_parse_string Buffer overflow vulnerability
in function json_parse_number in sheredom json.h before commit
0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to
code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated
CVE-2022-45492
MISC(link is external)
MISC(link is external) json.h -- json_parse_string Buffer overflow vulnerability
in function json_parse_key in sheredom json.h before commit
0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to
code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated
CVE-2022-45493
MISC(link is external) json.h -- json_parse_string Buffer overflow vulnerability
in function json_parse_object in sheredom json.h before commit
0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to
code arbitrary code and gain escalated privileges. 2023-01-31 not yet calculated
CVE-2022-45494
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) json.h -- json_parse_string Buffer overflow vulnerability
in function json_parse_string in sheredom json.h before commit
0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to
code arbitrary code and gain escalated privileges. 2023-02-03 not yet calculated
CVE-2022-45496
MISC(link is external)
MISC(link is external) wordpress -- wordpress The FL3R FeelBox WordPress plugin
through 8.1 does not have CSRF check when updating its settings, and is missing
sanitisation as well as escaping, which could allow attackers to make logged in
admin add Stored XSS payloads via a CSRF attack 2023-01-30 not yet calculated
CVE-2022-4552
MISC(link is external) wordpress -- wordpress The FL3R FeelBox WordPress plugin
through 8.1 does not have CSRF check when updating reseting moods which could
allow attackers to make logged in admins perform such action via a CSRF attack
and delete the lydl_posts & lydl_poststimestamp DB tables 2023-01-30 not yet
calculated CVE-2022-4553
MISC(link is external) talend -- remote_engine_gen_2 XML External Entity (XXE)
vulnerability in Talend Remote Engine Gen 2 before R2022-09. 2023-02-03 not yet
calculated CVE-2022-45588
MISC(link is external)
MISC(link is external) joplin -- desktop_app Cross Site Scripting vulnerability
in Joplin Desktop App before v2.9.17 allows attacker to execute arbitrary code
via improper santization. 2023-01-31 not yet calculated CVE-2022-45598
MISC(link is external)
MISC(link is external) dotcms -- dotcms An issue was discovered in dotCMS core
5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure
random generation algorithm for password-reset token generation leads to account
takeover. 2023-02-01 not yet calculated CVE-2022-45782
MISC(link is external) dotcms -- dotcms An issue was discovered in dotCMS core
4.x through 22.10.2. An authenticated directory traversal vulnerability in the
dotCMS API can lead to Remote Code Execution. 2023-02-01 not yet calculated
CVE-2022-45783
MISC(link is external) apache -- age
There are issues with the AGE drivers for Golang and Python that enable SQL
injections to occur. This impacts AGE for PostgreSQL 11 & AGE for PostgreSQL 12,
all versions up-to-and-including 1.1.0, when using those drivers. The fix is to
update to the latest Golang and Python drivers in addition to the latest version
of AGE that is used for PostgreSQL 11 or PostgreSQL 12. The update of AGE will
add a new function to enable parameterization of the cypher() function, which,
in conjunction with the driver updates, will resolve this issue. Background (for
those who want more information): After thoroughly researching this issue, we
found that due to the nature of the cypher() function, it was not easy to
parameterize the values passed into it. This enabled SQL injections, if the
developer of the driver wasn't careful. The developer of the Golang and Pyton
drivers didn't fully utilize parameterization, likely because of this, thus
enabling SQL injections. The obvious fix to this issue is to use
parameterization in the drivers for all PG SQL queries. However, parameterizing
all PG queries is complicated by the fact that the cypher() function call itself
cannot be parameterized directly, as it isn't a real function. At least, not the
parameters that would take the graph name and cypher query. The reason the
cypher() function cannot have those values parameterized is because the function
is a placeholder and never actually runs. The cypher() function node, created by
PG in the query tree, is transformed and replaced with a query tree for the
actual cypher query during the analyze phase. The problem is that parameters -
that would be passed in and that the cypher() function transform needs to be
resolved - are only resolved in the execution phase, which is much later. Since
the transform of the cypher() function needs to know the graph name and cypher
query prior to execution, they can't be passed as parameters. The fix that we
are testing right now, and are proposing to use, is to create a function that
will be called prior to the execution of the cypher() function transform. This
new function will allow values to be passed as parameters for the graph name and
cypher query. As this command will be executed prior to the cypher() function
transform, its values will be resolved. These values can then be cached for the
immediately following cypher() function transform to use. As added features, the
cached values will store the calling session's pid, for validation. And, the
cypher() function transform will clear this cached information after function
invocation, regardless of whether it was used. This method will allow the
parameterizing of the cypher() function indirectly and provide a way to lock out
SQL injection attacks. 2023-02-04 not yet calculated CVE-2022-45786
MISC schneider_electric -- multiple_products A CWE-754: Improper Check for
Unusual or Exceptional Conditions vulnerability exists that could cause
arbitrary code execution, denial of service and loss of confidentiality &
integrity when a malicious project file is loaded onto the controller. Affected
Products: EcoStruxure™ Control Expert (All Versions), EcoStruxure™ Process
Expert (Versions prior to V2020), Modicon M340 CPU - part numbers BMXP34* (All
Versions), Modicon M580 CPU - part numbers BMEP* and BMEH* (All Versions),
Modicon M580 CPU Safety - part numbers BMEP58*S and BMEH58*S (All Versions),
Modicon Momentum Unity M1E Processor - 171CBU* (All Versions), Modicon MC80 -
BMKC80 (All Versions), Legacy Modicon Quantum - 140CPU65* and Premium CPUs -
TSXP57* (All Versions) 2023-01-30 not yet calculated CVE-2022-45788
MISC(link is external) schneider_electric -- multiple_products A CWE-294:
Authentication Bypass by Capture-replay vulnerability exists that could cause
execution of unauthorized Modbus functions on the controller when hijacking an
authenticated Modbus session. Affected Products: EcoStruxure™ Control Expert
(All Versions), EcoStruxure™ Process Expert (Versions prior to V2020), Modicon
M340 CPU - part numbers BMXP34* (All Versions), Modicon M580 CPU - part numbers
BMEP* and BMEH* (All Versions), Modicon M580 CPU Safety - part numbers BMEP58*S
and BMEH58*S (All Versions) 2023-01-31 not yet calculated CVE-2022-45789
MISC(link is external) wordpress -- wordpress Cross-Site Request Forgery (CSRF)
in WPVibes WP Mail Log plugin <= 1.0.1 versions. 2023-02-02 not yet calculated
CVE-2022-45807
MISC(link is external) xerox -- workcentre On Xerox WorkCentre 3550
25.003.03.000 devices, an authenticated attacker can view the SMB server
settings and can obtain the stored cleartext credentials associated with those
settings. 2023-01-31 not yet calculated CVE-2022-45897
MISC(link is external)
MISC(link is external) cloudschool -- cloudschool CloudSchool v3.0.1 is
vulnerable to Cross Site Scripting (XSS). A normal user can steal session
cookies of the admin users through notification received by the admin user.
2023-01-30 not yet calculated CVE-2022-46087
MISC(link is external)
MISC(link is external) delta_electronics -- cncsoft_screeneditor All versions
prior to Delta Electronic’s CNCSoft version 1.01.34 (running ScreenEditor
versions 1.01.5 and prior) are vulnerable to a stack-based buffer overflow,
which could allow an attacker to remotely execute arbitrary code. 2023-02-03 not
yet calculated CVE-2022-4634
MISC hp -- security_manager Potential vulnerabilities have been identified in HP
Security Manager which may allow escalation of privilege, arbitrary code
execution, and information disclosure. 2023-01-30 not yet calculated
CVE-2022-46356
MISC(link is external) hp -- security_manager Potential vulnerabilities have
been identified in HP Security Manager which may allow escalation of privilege,
arbitrary code execution, and information disclosure. 2023-01-30 not yet
calculated CVE-2022-46357
MISC(link is external) hp -- security_manager
Potential vulnerabilities have been identified in HP Security Manager which
may allow escalation of privilege, arbitrary code execution, and information
disclosure. 2023-01-30 not yet calculated CVE-2022-46358
MISC(link is external) hp -- security_manager Potential vulnerabilities have
been identified in HP Security Manager which may allow escalation of privilege,
arbitrary code execution, and information disclosure. 2023-01-30 not yet
calculated CVE-2022-46359
MISC(link is external) wordpress -- wordpress The WP Extended Search WordPress
plugin before 2.1.2 does not validate and escape one of its shortcode
attributes, which could allow users with a role as low as contributor to perform
Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4649
MISC(link is external) wordpress -- wordpress
The Justified Gallery WordPress plugin before 1.7.1 does not validate and
escape one of its shortcode attributes, which could allow users with a role as
low as contributor to perform Stored Cross-Site Scripting attack. 2023-01-30 not
yet calculated CVE-2022-4651
MISC(link is external) wordpress -- wordpress
The Pricing Tables WordPress Plugin WordPress plugin before 3.2.3 does not
validate and escape one of its shortcode attributes, which could allow users
with a role as low as contributor to perform Stored Cross-Site Scripting attack.
2023-01-30 not yet calculated CVE-2022-4654
MISC(link is external) d-link -- dir-846
D-Link DIR-846 Firmware FW100A53DBR was discovered to contain a remote command
execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This
vulnerability is exploited via a crafted POST request. 2023-02-02 not yet
calculated CVE-2022-46552
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC
MISC(link is external)
MISC(link is external) responsive_filemanager -- responsive_filemanager An issue
in Tecrail Responsive FileManager v9.9.5 and below allows attackers to bypass
the file extension check mechanism and upload a crafted PHP file, leading to
arbitrary code execution. 2023-02-02 not yet calculated CVE-2022-46604
MISC(link is external)
MISC(link is external)
MISC(link is external) wordpress -- wordpress The RSS Aggregator by Feedzy
WordPress plugin before 4.1.1 does not validate and escape some of its block
options before outputting them back in the page, which could allow users with a
role as low as contributor to perform Stored Cross-Site Scripting attacks which
could be used against high privilege users such as admins. 2023-01-30 not yet
calculated CVE-2022-4667
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS 8.2.x,
9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote
unauthenticated attacker could potentially exploit this vulnerability, leading
to denial of service. 2023-02-01 not yet calculated CVE-2022-46679
MISC(link is external) wordpress -- wordpress The PixCodes WordPress plugin
before 2.3.7 does not validate and escape some of its shortcode attributes
before outputting them back in the page, which could allow users with a role as
low as contributor to perform Stored Cross-Site Scripting attacks which could be
used against high privilege users such as admins. 2023-01-30 not yet calculated
CVE-2022-4671
MISC(link is external) dell -- vxrail
Dell VxRail, versions prior to 7.0.410, contain a Container Escape
Vulnerability. A local high-privileged attacker could potentially exploit this
vulnerability, leading to the execution of arbitrary OS commands on the
container's underlying OS. Exploitation may lead to a system take over by an
attacker. 2023-02-01 not yet calculated CVE-2022-46756
MISC(link is external) wordpress -- wordpress The Revive Old Posts WordPress
plugin before 9.0.11 unserializes user input provided via the settings, which
could allow high privilege users such as admin to perform PHP Object Injection
when a suitable gadget is present. 2023-01-30 not yet calculated CVE-2022-4680
MISC(link is external) conditional_shipping_for_woocommerce --
conditional_shipping_for_woocommerce Cross-Site Request Forgery (CSRF)
vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce
plugin <= 2.3.1 versions. 2023-02-02 not yet calculated CVE-2022-46815
MISC(link is external) identityiq -- identityiq IdentityIQ 8.3 and all 8.3 patch
levels prior to 8.3p2, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p5,
IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all
8.0 patch levels prior to 8.0p6 allow access to arbitrary files in the
application server filesystem due to a path traversal vulnerability in
JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. 2023-01-31 not yet
calculated CVE-2022-46835
MISC(link is external) wordpress -- wordpress Cross-Site Request Forgery (CSRF)
vulnerability in JS Help Desk plugin <= 2.7.1 versions. 2023-02-02 not yet
calculated CVE-2022-46842
MISC(link is external) kkfileview -- kkfileview kkFileView v4.1.0 was discovered
to contain a cross-site scripting (XSS) vulnerability via the url parameter at
/controller/OnlinePreviewController.java. 2023-02-01 not yet calculated
CVE-2022-46934
MISC(link is external) prestashop -- prestashop PrestaShop module,
totadministrativemandate before v1.7.1 was discovered to contain a SQL injection
vulnerability. 2023-02-02 not yet calculated CVE-2022-46965
MISC(link is external)
MISC(link is external)
MISC(link is external) revenue_collection_system -- revenue_collection_system A
stored cross-site scripting (XSS) vulnerability in /index.php?page=help of
Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts
or HTML via a crafted payload injected into sent messages. 2023-01-27 not yet
calculated CVE-2022-46968
MISC(link is external) wordpress -- wordpress The MediaElement.js WordPress
plugin through 4.2.8 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high-privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4699
MISC(link is external) masa_cms -- masa_cms A vulnerability in the Remember Me
function of Masa CMS v7.2, 7.3, and 7.4-beta allows attackers to bypass
authentication via a crafted web request. 2023-02-01 not yet calculated
CVE-2022-47002
MISC(link is external)
MISC(link is external) mura_cms -- mura_cms A vulnerability in the Remember Me
function of Mura CMS before v10.0.580 allows attackers to bypass authentication
via a crafted web request. 2023-02-01 not yet calculated CVE-2022-47003
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) d-link -- dir-825 Buffer Overflow Vulnerability in D-Link
DIR-825 v1.33.0.44ebdd4-embedded and below allows attacker to execute arbitrary
code via the GetConfig method to the /CPE endpoint. 2023-01-31 not yet
calculated CVE-2022-47035
MISC(link is external)
MISC(link is external) nvs365 -- nvs365 NVS365 V01 is vulnerable to Incorrect
Access Control. After entering a wrong password, the url will be sent to the
server twice. In the second package, the server will return the correct password
information. 2023-02-03 not yet calculated CVE-2022-47070
MISC(link is external)
MISC(link is external) academy_lms -- academy_lms A Cross-Site Request Forgery
(CSRF) in Academy LMS before v5.10 allows a discount coupon to be arbitrarily
created if an attacker with administrative privileges interacts on the CSRF
page. 2023-02-03 not yet calculated CVE-2022-47130
MISC(link is external)
MISC(link is external)
MISC(link is external) academy_lms -- academy_lms A Cross-Site Request Forgery
(CSRF) in Academy LMS before v5.10 allows an attacker to arbitrarily create a
page. 2023-02-03 not yet calculated CVE-2022-47131
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) academy_lms -- academy_lms A Cross-Site Request Forgery
(CSRF) in Academy LMS before v5.10 allows attackers to arbitrarily add
Administrator users. 2023-02-03 not yet calculated CVE-2022-47132
MISC(link is external)
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Posts List Designer by
Category WordPress plugin before 3.2 does not validate and escape some of its
shortcode attributes before outputting them back in the page, which could allow
users with a role as low as contributor to perform Stored Cross-Site Scripting
attacks which could be used against high privilege users such as admins.
2023-01-30 not yet calculated CVE-2022-4749
MISC(link is external) wordpress -- wordpress The Icon Widget WordPress plugin
before 1.3.0 does not validate and escape some of its shortcode attributes
before outputting them back in the page, which could allow users with a role as
low as contributor to perform Stored Cross-Site Scripting attacks which could be
used against high privilege users such as admins. 2023-01-30 not yet calculated
CVE-2022-4763
MISC(link is external) wordpress -- wordpress The Portfolio for Elementor
WordPress plugin before 2.3.1 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4765
MISC(link is external) comfast -- cf-wr623n COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is
vulnerable to Account takeover. Anyone can reset the password of the admin
accounts. 2023-01-31 not yet calculated CVE-2022-47697
MISC(link is external) comfast -- cf-wr623n COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to
Cross Site Scripting (XSS) via the URL filtering feature in the router.
2023-01-31 not yet calculated CVE-2022-47698
MISC(link is external) comfast -- cf-wr623n COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to
Incorrect Access Control. 2023-01-31 not yet calculated CVE-2022-47699
MISC(link is external) comfast -- cf-wr623n COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is
vulnerable to Incorrect Access Control. Improper authentication allows requests
to be made to back-end scripts without a valid session or authentication.
2023-01-31 not yet calculated CVE-2022-47700
MISC(link is external) comfast -- cf-wr623n COMFAST (Shenzhen Sihai Zhonglian
Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 is vulnerable to
Cross Site Scripting (XSS). 2023-01-31 not yet calculated CVE-2022-47701
MISC(link is external) last_yard_22.09.8-1 -- last_yard_22.09.8-1 Last Yard
22.09.8-1 does not enforce HSTS headers 2023-02-01 not yet calculated
CVE-2022-47714
MISC(link is external) last_yard_22.09.8-1 -- last_yard_22.09.8-1 In Last Yard
22.09.8-1, the cookie can be stolen via via unencrypted traffic. 2023-02-01 not
yet calculated CVE-2022-47715
MISC(link is external) last_yard_22.09.8-1 -- last_yard_22.09.8-1 Last Yard
22.09.8-1 is vulnerable to Cross-origin resource sharing (CORS). 2023-02-01 not
yet calculated CVE-2022-47717
MISC(link is external) wordpress -- wordpress The CC Child Pages WordPress
plugin before 1.43 does not validate and escape some of its shortcode attributes
before outputting them back in the page, which could allow users with a role as
low as contributor to perform Stored Cross-Site Scripting attacks which could be
used against high privilege users such as admins. 2023-01-30 not yet calculated
CVE-2022-4776
MISC(link is external) gin-vue-admin -- gin-vue-admin In gin-vue-admin < 2.5.5,
the download module has a Path Traversal vulnerability. 2023-02-03 not yet
calculated CVE-2022-47762
MISC(link is external) serenissima -- informatica_fast_checkin Serenissima
Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. 2023-02-01
not yet calculated CVE-2022-47768
MISC(link is external)
MISC(link is external) serenissima -- informatica_fast_checkin An arbitrary file
write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows
unauthenticated attackers to upload malicious files in the web root of the
application to gain access to the server via the web shell. 2023-02-01 not yet
calculated CVE-2022-47769
MISC(link is external)
MISC(link is external) serenissima -- informatica_fast_checkin Serenissima
Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL
Injection. 2023-02-01 not yet calculated CVE-2022-47770
MISC(link is external)
MISC(link is external)
MISC(link is external) bangresto -- bangresto SQL Injection vulnerability in
Bangresto 1.0 via the itemID parameter. 2023-01-31 not yet calculated
CVE-2022-47780
MISC(link is external) wordpress -- wordpress The Accordion Shortcodes WordPress
plugin through 2.4.2 does not validate and escape one of its shortcode
attributes, which could allow users with a role as low as contributor to perform
Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4781
MISC(link is external) i-librarian -- i-librarian i-librarian 4.10 is vulnerable
to Arbitrary file upload in ajaxsupplement.php. 2023-01-31 not yet calculated
CVE-2022-47854
MISC(link is external)
MISC(link is external) wordpress -- wordpress Themify Shortcodes WordPress
plugin before 2.0.8 does not validate and escape one of its shortcode
attributes, which could allow users with a role as low as contributor to perform
Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4787
MISC(link is external) maccms10 -- maccms10 maccms10 2021.1000.2000 is
vulnerable to Server-side request forgery (SSRF). 2023-02-01 not yet calculated
CVE-2022-47872
MISC(link is external) netcad_keos -- netcad_keos Netcad KEOS 1.0 is vulnerable
to XML External Entity (XXE) resulting in SSRF with XXE (remote). 2023-01-31 not
yet calculated CVE-2022-47873
MISC(link is external) wordpress -- wordpress The News & Blog Designer Pack
WordPress plugin before 3.3 does not validate and escape one of its shortcode
attributes, which could allow users with a role as low as contributor to perform
Stored Cross-Site Scripting attack. 2023-01-30 not yet calculated CVE-2022-4792
MISC(link is external) wordpress -- wordpress The Blog Designer WordPress plugin
before 2.4.1 does not validate and escape one of its shortcode attributes, which
could allow users with a role as low as contributor to perform Stored Cross-Site
Scripting attack. 2023-01-30 not yet calculated CVE-2022-4793
MISC(link is external) wordpress -- wordpress The AAWP WordPress plugin before
3.12.3 can be used to abuse trusted domains to load malware or other files
through it (Reflected File Download) to bypass firewall rules in companies.
2023-01-30 not yet calculated CVE-2022-4794
MISC(link is external) ibm -- infosphere_information_server IBM InfoSphere
Information Server 11.7 is vulnerable to cross-site scripting. This
vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus
altering the intended functionality potentially leading to credentials
disclosure within a trusted session. IBM X-Force ID: 243161. 2023-02-01 not yet
calculated CVE-2022-47983
MISC(link is external)
MISC(link is external) taocms -- taocms An arbitrary file upload vulnerability
in taocms v3.0.2 allows attackers to execute arbitrary code via a crafted PHP
file. This vulnerability is exploited via manipulation of the upext variable at
/include/Model/Upload.php. 2023-01-30 not yet calculated CVE-2022-48006
MISC(link is external) zammad -- zammad A vulnerability in Zammad v5.3.0 allows
attackers to execute arbitrary code or escalate privileges via a crafted message
sent to the server. 2023-02-03 not yet calculated CVE-2022-48021
MISC(link is external) zammad -- zammad An issue in the component
/api/v1/mentions of Zammad v5.3.0 allows authenticated attackers with agent
permissions to view information about tickets they are not authorized to see.
2023-02-03 not yet calculated CVE-2022-48022
MISC(link is external) zammad -- zammad Insufficient privilege verification in
Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of
their customer tickets using the Zammad API. This is now corrected in v5.3.1 so
that only agents with write permissions may change ticket tags. 2023-02-03 not
yet calculated CVE-2022-48023
MISC(link is external) nomachine -- nomachine An issue in NoMachine before
v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
2023-02-03 not yet calculated CVE-2022-48074
MISC(link is external) aapanel -- aapanel Monnai aaPanel host system v1.5
contains an access control issue which allows attackers to escalate privileges
and execute arbitrary code via uploading a crafted PHP file to the virtual host
directory of the system. 2023-02-02 not yet calculated CVE-2022-48079
MISC(link is external)
MISC(link is external) easyone_crm -- easyone_crm Easyone CRM v5.50.02 was
discovered to contain a SQL Injection vulnerability via the text parameter at
/Services/Misc.asmx/SearchTag. 2023-02-02 not yet calculated CVE-2022-48082
MISC(link is external) seacms -- seacms Seacms v12.7 was discovered to contain a
remote code execution (RCE) vulnerability via the ip parameter at admin_ ip.php.
2023-02-01 not yet calculated CVE-2022-48093
MISC(link is external) lmxcms -- lmxcms lmxcms v1.41 was discovered to contain
an arbitrary file read vulnerability via TemplateAction.class.php. 2023-02-01
not yet calculated CVE-2022-48094
MISC(link is external) d-link -- dir-878 D-Link DIR_878_FW1.30B08 was discovered
to contain a command injection vulnerability via the component
/setnetworksettings/IPAddress. This vulnerability allows attackers to escalate
privileges to root via a crafted payload. 2023-01-27 not yet calculated
CVE-2022-48107
MISC(link is external)
MISC(link is external) d-link -- dir-878 D-Link DIR_878_FW1.30B08 was discovered
to contain a command injection vulnerability via the component
/SetNetworkSettings/SubnetMask. This vulnerability allows attackers to escalate
privileges to root via a crafted payload. 2023-01-27 not yet calculated
CVE-2022-48108
MISC(link is external)
MISC(link is external) totolink -- n200re_v5 A vulnerability in TOTOLINK
N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the
telnet service via a crafted POST request. Attackers are also able to leverage
this vulnerability to login as root via hardcoded credentials. 2023-02-02 not
yet calculated CVE-2022-48113
MISC(link is external) ruoyi -- ruoyi RuoYi up to v4.7.5 was discovered to
contain a SQL injection vulnerability via the component /tool/gen/createTable.
2023-02-02 not yet calculated CVE-2022-48114
MISC(link is external) tenda -- w20e Tenda W20E v15.11.0.6 was discovered to
contain multiple stack overflows in the function formSetStaticRoute via the
parameters staticRouteNet, staticRouteMask, staticRouteGateway, staticRouteWAN.
2023-02-02 not yet calculated CVE-2022-48130
MISC(link is external) dedecms -- dedecms DedeCMS v5.7.97 was discovered to
contain a cross-site scripting (XSS) vulnerability in the component
/file_manage_view.php?fmdo=edit&filename. 2023-02-02 not yet calculated
CVE-2022-48140
MISC(link is external) easy_images_v2.0 -- easy_images_v2.0 Easy Images v2.0 was
discovered to contain an arbitrary file download vulnerability via the component
/application/down.php. This vulnerability is exploited via a crafted GET
request. 2023-02-01 not yet calculated CVE-2022-48161
MISC(link is external) wavlink -- wl-wn530h4 An access control issue in the
component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows
unauthenticated attackers to download configuration data and log files and
obtain admin credentials. 2023-02-03 not yet calculated CVE-2022-48165
MISC(link is external)
MISC(link is external) rukovoditel -- rukovoditel Rukovoditel v3.2.1 was
discovered to contain a remote code execution (RCE) vulnerability in the
component /rukovoditel/index.php?module=dashboard/ajax_request. 2023-01-30 not
yet calculated CVE-2022-48175
MISC(link is external) netgear -- multiple_products Netgear routers R7000P
before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P
before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.
2023-01-31 not yet calculated CVE-2022-48176
MISC(link is external)
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Bold Timeline Lite WordPress
plugin before 1.1.5 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4828
MISC(link is external) jszip -- jszip loadAsync in JSZip before 3.8.0 allows
Directory Traversal via a crafted ZIP archive. 2023-01-29 not yet calculated
CVE-2022-48285
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) gnu -- tar GNU Tar through 1.34 has a one-byte
out-of-bounds read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been demonstrated. The
issue occurs in from_header in list.c via a V7 archive in which mtime has
approximately 11 whitespace characters. 2023-01-30 not yet calculated
CVE-2022-48303
MISC
MISC wordpress -- wordpress The Custom User Profile Fields for User Registration
WordPress plugin before 1.8.1 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4831
MISC(link is external) wordpress -- wordpress The CPT Bootstrap Carousel
WordPress plugin through 1.12 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4834
MISC(link is external) wordpress -- wordpress The Social Sharing Toolkit
WordPress plugin through 2.6 does not validate and escape some of its shortcode
attributes before outputting them back in the page, which could allow users with
a role as low as contributor to perform Stored Cross-Site Scripting attacks
which could be used against high privilege users such as admins. 2023-01-30 not
yet calculated CVE-2022-4835
MISC(link is external) wordpress -- wordpress The CPO Companion WordPress plugin
before 1.1.0 does not validate and escape some of its shortcode attributes
before outputting them back in the page, which could allow users with a role as
low as contributor to perform Stored Cross-Site Scripting attacks which could be
used against high privilege users such as admins. 2023-01-30 not yet calculated
CVE-2022-4837
MISC(link is external) wordpress -- wordpress The Chained Products WordPress
plugin before 2.12.0 does not have authorisation and CSRF checks, as well as
does not ensure that the option to be updated belong to the plugin, allowing
unauthenticated attackers to set arbitrary options to 'no' 2023-01-30 not yet
calculated CVE-2022-4872
MISC(link is external) octopus_deploy -- octopus_server In affected versions of
Octopus Server the help sidebar can be customized to include a Cross-Site
Scripting payload in the support link. This was initially resolved in advisory
2022-07 however it was identified that the fix could be bypassed in certain
circumstances. A different approach was taken to prevent the possibility of the
support link being susceptible to XSS 2023-01-31 not yet calculated
CVE-2022-4898
MISC(link is external) wordpress -- wordpress The PDF Viewer WordPress plugin
before 1.0.0 does not validate and escape one of its shortcode attributes, which
could allow users with a role as low as contributor to perform Stored Cross-Site
Scripting attack. 2023-01-30 not yet calculated CVE-2023-0033
MISC(link is external) wordpress -- wordpress The WP Tabs WordPress plugin
before 2.1.17 does not validate and escape some of its shortcode attributes
before outputting them back in a page/post where the shortcode is embed, which
could allow users with the contributor role and above to perform Stored
Cross-Site Scripting attacks. 2023-01-30 not yet calculated CVE-2023-0071
MISC(link is external) wordpress -- wordpress The WP Social Widget WordPress
plugin before 2.2.4 does not validate and escape some of its shortcode
attributes before outputting them back in a page/post where the shortcode is
embed, which could allow users with the contributor role and above to perform
Stored Cross-Site Scripting attacks. 2023-01-30 not yet calculated CVE-2023-0074
MISC(link is external) wordpress -- wordpress The Post Grid, Post Carousel, &
List Category Posts WordPress plugin before 2.4.19 does not validate and escape
some of its block options before outputting them back in a page/post where the
block is embed, which could allow users with the contributor role and above to
perform Stored Cross-Site Scripting attacks. 2023-01-30 not yet calculated
CVE-2023-0097
MISC(link is external) delta_electronics -- dopsoft Delta Electronics DOPSoft
versions 4.00.16.22 and prior are vulnerable to a stack-based buffer overflow,
which could allow an attacker to remotely execute arbitrary code when a
malformed file is introduced to the software. 2023-02-03 not yet calculated
CVE-2023-0123
MISC delta_electronics -- dopsoft Delta Electronics DOPSoft versions 4.00.16.22
and prior are vulnerable to an out-of-bounds write, which could allow an
attacker to remotely execute arbitrary code when a malformed file is introduced
to the software. 2023-02-03 not yet calculated CVE-2023-0124
MISC linux -- kernel There is a logic error in io_uring's implementation which
can be used to trigger a use-after-free vulnerability leading to privilege
escalation. In the io_prep_async_work function the assumption that the last
io_grab_identity call cannot return false is not true, and in this case the
function will use the init_cred or the previous linked requests identity to do
operations instead of using the current identity. This can lead to reference
counting issues causing use-after-free. We recommend upgrading past version
5.10.161. 2023-01-30 not yet calculated CVE-2023-0240
MISC
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Real Media Library: Media
Library Folder & File Manager plugin for WordPress is vulnerable to Stored
Cross-Site Scripting via folder names in versions up to, and including, 4.18.28
due to insufficient input sanitization and output escaping. This makes it
possible for authenticated attackers with author-level permissions and above to
inject arbitrary web scripts in pages that will execute whenever a user accesses
an injected page. 2023-02-02 not yet calculated CVE-2023-0253
MISC(link is external)
MISC
MISC(link is external) linux -- kernel A use after free vulnerability exists in
the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is
missing locks that can be used in a use-after-free that can result in a
priviledge escalation to gain ring0 access from the system user. We recommend
upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e 2023-01-30 not
yet calculated CVE-2023-0266
MISC(link is external)
MISC
MISC(link is external) editorconfig -- editorconfig_c_core A stack buffer
overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6
which allowed an attacker to arbitrarily write to the stack and possibly allows
remote code execution. editorconfig-core-c v0.12.6 resolved this vulnerability
by bound checking all write operations over the p_pcre buffer. 2023-02-01 not
yet calculated CVE-2023-0341
MISC(link is external)
MISC(link is external) trellix -- data_loss_prevention The protection bypass
vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This
allowed a local user to bypass DLP controls when uploading sensitive data from a
mapped drive into a web email client. Loading from a local driver was correctly
prevented. Versions prior to 11.9 correctly detected and blocked the attempted
upload of sensitive data. 2023-02-02 not yet calculated CVE-2023-0400
MISC(link is external) orangescrum -- orangescrum OrangeScrum version 2.0.11
allows an authenticated external attacker to delete arbitrary local files from
the server. This is possible because the application uses an unsanitized
attacker-controlled parameter to construct an internal path. 2023-02-01 not yet
calculated CVE-2023-0454
MISC(link is external)
MISC(link is external) google -- chrome Use after free in WebTransport in Google
Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit
heap corruption via a crafted HTML page. (Chromium security severity: High)
2023-01-30 not yet calculated CVE-2023-0471
MISC(link is external)
MISC(link is external) google -- chrome Use after free in WebRTC in Google
Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit
heap corruption via a crafted HTML page. (Chromium security severity: High)
2023-01-30 not yet calculated CVE-2023-0472
MISC(link is external)
MISC(link is external) google -- chrome Type Confusion in ServiceWorker API in
Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially
exploit heap corruption via a crafted HTML page. (Chromium security severity:
Medium) 2023-01-30 not yet calculated CVE-2023-0473
MISC(link is external)
MISC(link is external) google -- chrome Use after free in GuestView in Google
Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to
install a malicious extension to potentially exploit heap corruption via a
Chrome web app. (Chromium security severity: Medium) 2023-01-30 not yet
calculated CVE-2023-0474
MISC(link is external)
MISC(link is external) vim -- vim Divide By Zero in GitHub repository vim/vim
prior to 9.0.1247. 2023-01-30 not yet calculated CVE-2023-0512
MISC(link is external)
CONFIRM(link is external) tenable -- multiple_products As part of our Security
Development Lifecycle, a potential privilege escalation issue was identified
internally. This could allow a malicious actor with sufficient permissions to
modify environment variables and abuse an impacted plugin in order to escalate
privileges. We have resolved the issue and also made several defense-in-depth
fixes alongside. While the probability of successful exploitation is low,
Tenable is committed to securing our customers’ environments and our products.
The updates have been distributed via the Tenable plugin feed in feed serial
numbers equal to or greater than #202212212055. 2023-02-01 not yet calculated
CVE-2023-0524
MISC(link is external) yafnet -- yafnet A vulnerability, which was classified as
problematic, has been found in YAFNET up to 3.1.10. This issue affects some
unknown processing of the file /forum/PostPrivateMessage of the component
Private Message Handler. The manipulation of the argument subject/message leads
to cross site scripting. The attack may be initiated remotely. The exploit has
been disclosed to the public and may be used. Upgrading to version 3.1.11 is
able to address this issue. The name of the patch is
2237a9d552e258a43570bb478a92a5505e7c8797. It is recommended to upgrade the
affected component. The identifier VDB-219665 was assigned to this
vulnerability. 2023-01-27 not yet calculated CVE-2023-0549
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Quick Restaurant Menu plugin
for WordPress is vulnerable to Insecure Direct Object Reference in versions up
to, and including, 2.0.2. This is due to the fact that during menu item
deletion/modification, the plugin does not verify that the post ID provided to
the AJAX action is indeed a menu item. This makes it possible for authenticated
attackers, with subscriber-level access or higher, to modify or delete arbitrary
posts. 2023-01-27 not yet calculated CVE-2023-0550
MISC
MISC
MISC(link is external) wordpress -- wordpress The Quick Restaurant Menu plugin
for WordPress is vulnerable to Stored Cross-Site Scripting via its settings
parameters in versions up to, and including, 2.0.2 due to insufficient input
sanitization and output escaping. This makes it possible for authenticated
attackers, with administrator-level permissions and above, to inject arbitrary
web scripts in pages that will execute whenever a user accesses an injected
page. 2023-01-27 not yet calculated CVE-2023-0553
MISC
MISC(link is external)
MISC wordpress -- wordpress The Quick Restaurant Menu plugin for WordPress is
vulnerable to Cross-Site Request Forgery in versions up to, and including,
2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions.
This makes it possible for unauthenticated attackers to update menu items, via
forged request granted they can trick a site administrator into performing an
action such as clicking on a link. 2023-01-27 not yet calculated CVE-2023-0554
MISC(link is external)
MISC
MISC wordpress -- wordpress The Quick Restaurant Menu plugin for WordPress is
vulnerable to authorization bypass due to a missing capability check on its AJAX
actions in versions up to, and including, 2.0.2. This makes it possible for
authenticated attackers, with subscriber-level permissions and above, to invoke
those actions intended for administrator use. Actions include menu item
creation, update and deletion and other menu management functions. Since the
plugin does not verify that a post ID passed to one of its AJAX actions belongs
to a menu item, this can lead to arbitrary post deletion/alteration. 2023-01-27
not yet calculated CVE-2023-0555
MISC
MISC
MISC(link is external) wordpress -- wordpress The ContentStudio plugin for
WordPress is vulnerable to authorization bypass due to a missing capability
check on several functions in versions up to, and including, 1.2.5. This makes
it possible for unauthenticated attackers to obtain the blog metadata (via the
function cstu_get_metadata) that includes the plugin's contentstudio_token.
Knowing this token allows for other interactions with the plugin such as
creating posts in versions prior to 1.2.5, which added other requirements to
posting and updating. 2023-01-27 not yet calculated CVE-2023-0556
MISC
MISC
MISC(link is external) wordpress -- wordpress The ContentStudio plugin for
WordPress is vulnerable to Sensitive Information Exposure in versions up to, and
including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce
needed for the creation of posts. 2023-01-27 not yet calculated CVE-2023-0557
MISC
MISC
MISC(link is external) wordpress -- wordpress The ContentStudio plugin for
WordPress is vulnerable to authorization bypass due to an unsecure token check
that is susceptible to type juggling in versions up to, and including, 1.2.5.
This makes it possible for unauthenticated attackers to execute functions
intended for use by users with proper API keys. 2023-01-27 not yet calculated
CVE-2023-0558
MISC
MISC(link is external)
MISC(link is external) froxlor -- froxlor Business Logic Errors in GitHub
repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated
CVE-2023-0565
CONFIRM(link is external)
MISC(link is external) froxlor -- froxlor Static Code Injection in GitHub
repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated
CVE-2023-0566
CONFIRM(link is external)
MISC(link is external) publify -- publify Weak Password Requirements in GitHub
repository publify/publify prior to 9.2.10. 2023-01-29 not yet calculated
CVE-2023-0569
CONFIRM(link is external)
MISC(link is external) sourcecodester --
online_tours_&_travels_management_system A vulnerability, which was classified
as critical, was found in SourceCodester Online Tours & Travels Management
System 1.0. This affects an unknown part of the file
user\operations\payment_operation.php. The manipulation of the argument
booking_id leads to sql injection. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-219729 was assigned to this vulnerability. 2023-01-29 not yet
calculated CVE-2023-0570
MISC(link is external)
MISC(link is external)
MISC(link is external) sourcecodester -- canteen_management_system A
vulnerability has been found in SourceCodester Canteen Management System 1.0 and
classified as problematic. This vulnerability affects unknown code of the file
createcustomer.php of the component Add Customer. The manipulation of the
argument name leads to cross site scripting. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.
VDB-219730 is the identifier assigned to this vulnerability. 2023-01-29 not yet
calculated CVE-2023-0571
MISC(link is external)
MISC(link is external)
MISC(link is external) froxlor -- froxlor Unchecked Error Condition in GitHub
repository froxlor/froxlor prior to 2.0.10. 2023-01-29 not yet calculated
CVE-2023-0572
CONFIRM(link is external)
MISC(link is external) yugabyte -- yugabyte Server-Side Request Forgery (SSRF),
Improperly Controlled Modification of Dynamically-Determined Object Attributes,
Improper Restriction of Excessive Authentication Attempts vulnerability in
Yugabyte DB allows Accessing Functionality Not Properly Constrained by ACLs,
Communication Channel Manipulation, Authentication Abuse.This issue affects
Yugabyte DB: v2.17.0.0. 2023-02-02 not yet calculated CVE-2023-0576
MISC(link is external) wordpress -- wordpress The PrivateContent plugin for
WordPress is vulnerable to protection mechanism bypass due to the use of client
side validation in versions up to, and including, 8.4.3. This is due to the
plugin checking if an IP had been blocklist via client-side scripts rather than
server-side. This makes it possible for unauthenticated attackers to bypass any
login restrictions that may prevent a brute force attack. 2023-01-30 not yet
calculated CVE-2023-0581
MISC(link is external)
MISC(link is external) tenable -- micro_apex_one_server_build A file upload
vulnerability in exists in Trend Micro Apex One server build 11110. Using a
malformed Content-Length header in an HTTP PUT message sent to URL
/officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker
can upload arbitrary files to the SampleSubmission directory (i.e.,
\PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large
number of large files to fill up the file system on which the Apex One server is
installed. 2023-02-01 not yet calculated CVE-2023-0587
MISC(link is external) ubireader -- ubireader ubireader_extract_files is
vulnerable to path traversal when run against specifically crafted UBIFS files,
allowing the attacker to overwrite files outside of the extraction directory
(provided the process has write access to that file or directory). This is due
to the fact that a node name (dent_node.name) is considered trusted and joined
to the extraction directory path during processing, then the node content is
written to that joined path. By crafting a malicious UBIFS file with node names
holding path traversal payloads (e.g. ../../tmp/outside.txt), it's possible to
force ubi_reader to write outside of the extraction directory. This issue
affects ubi-reader before 0.8.5. 2023-01-31 not yet calculated CVE-2023-0591
MISC(link is external)
MISC(link is external) jefferson -- jffs2 A path traversal vulnerability affects
jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files,
attackers could force jefferson to write outside of the extraction
directory.This issue affects jefferson: before 0.4.1. 2023-01-31 not yet
calculated CVE-2023-0592
MISC(link is external)
MISC(link is external) yaffshiv --yaffshiv
A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By
crafting a malicious YAFFS file, an attacker could force yaffshiv to write
outside of the extraction directory. This issue affects yaffshiv up to version
0.1 included, which is the most recent at time of publication. 2023-01-31 not
yet calculated CVE-2023-0593
MISC(link is external)
MISC(link is external) rapid7 -- metasploit_pro Rapid7 Metasploit Pro versions
4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to
a lack of JavaScript request string sanitization. Using this vulnerability, an
authenticated attacker can execute arbitrary HTML and script code in the target
browser against another Metasploit Pro user using a specially crafted request.
Note that in most deployments, all Metasploit Pro users tend to enjoy privileges
equivalent to local administrator. 2023-02-01 not yet calculated CVE-2023-0599
MISC(link is external) ampache -- ampache Cross-site Scripting (XSS) - Reflected
in GitHub repository ampache/ampache prior to 5.5.7. 2023-02-01 not yet
calculated CVE-2023-0606
MISC(link is external)
CONFIRM(link is external) projectsend -- projectsend Cross-site Scripting (XSS)
- Stored in GitHub repository projectsend/projectsend prior to r1606. 2023-02-01
not yet calculated CVE-2023-0607
MISC(link is external)
CONFIRM(link is external) microweber -- microweber Cross-site Scripting (XSS) -
DOM in GitHub repository microweber/microweber prior to 1.3.2. 2023-02-01 not
yet calculated CVE-2023-0608
MISC(link is external)
CONFIRM(link is external) wallabag -- wallabag Improper Authorization in GitHub
repository wallabag/wallabag prior to 2.5.3. 2023-02-01 not yet calculated
CVE-2023-0609
MISC(link is external)
CONFIRM(link is external) wallabag -- wallabag Improper Authorization in GitHub
repository wallabag/wallabag prior to 2.5.3. 2023-02-01 not yet calculated
CVE-2023-0610
MISC(link is external)
CONFIRM(link is external) trendnet -- tew-652brp_3.04b01 A vulnerability, which
was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01. This
issue affects some unknown processing of the file get_set.ccp of the component
Web Management Interface. The manipulation leads to command injection. The
attack may be initiated remotely. The exploit has been disclosed to the public
and may be used. The associated identifier of this vulnerability is VDB-219935.
2023-02-01 not yet calculated CVE-2023-0611
MISC(link is external)
MISC(link is external) trendnet -- tew-811dru A vulnerability, which was
classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Affected is
an unknown function of the file /wireless/basic.asp of the component httpd. The
manipulation leads to buffer overflow. It is possible to launch the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-219936. 2023-02-01 not yet calculated
CVE-2023-0612
MISC(link is external)
MISC(link is external) trendnet -- tew-811dru A vulnerability has been found in
TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Affected by this
vulnerability is an unknown functionality of the file /wireless/security.asp of
the component httpd. The manipulation leads to memory corruption. The attack can
be launched remotely. The exploit has been disclosed to the public and may be
used. The identifier VDB-219937 was assigned to this vulnerability. 2023-02-01
not yet calculated CVE-2023-0613
MISC(link is external)
MISC(link is external) trendnet -- tew-811dru A vulnerability was found in
TRENDNet TEW-811DRU 1.0.10.0. It has been classified as critical. This affects
an unknown part of the file /wireless/guestnetwork.asp of the component httpd.
The manipulation leads to buffer overflow. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-219957 was assigned to this vulnerability. 2023-02-01 not yet
calculated CVE-2023-0617
MISC(link is external)
MISC(link is external) trendnet -- tew-652brp_3.04b01 A vulnerability was found
in TRENDnet TEW-652BRP 3.04B01. It has been declared as critical. This
vulnerability affects unknown code of the file cfg_op.ccp of the component Web
Service. The manipulation leads to memory corruption. The attack can be
initiated remotely. The exploit has been disclosed to the public and may be
used. VDB-219958 is the identifier assigned to this vulnerability. 2023-02-01
not yet calculated CVE-2023-0618
MISC(link is external)
MISC(link is external) wordpress -- wordpress The Kraken.io Image Optimizer
plugin for WordPress is vulnerable to authorization bypass due to a missing
capability check on its AJAX actions in versions up to, and including, 2.6.8.
This makes it possible for authenticated attackers, with subscriber-level
permissions and above, to reset image optimizations. 2023-02-01 not yet
calculated CVE-2023-0619
MISC(link is external)
MISC shadow-utils -- shadow-utils An uncontrolled process operation was found in
the newgrp command provided by the shadow-utils package. This issue could cause
the execution of arbitrary code provided by a user when running the newgrp
command. 2023-02-02 not yet calculated CVE-2023-0634
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) trendnet -- tew-811dru A vulnerability, which was
classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects
an unknown part of the file wan.asp of the component Web Management Interface.
The manipulation leads to memory corruption. It is possible to initiate the
attack remotely. The exploit has been disclosed to the public and may be used.
The identifier VDB-220017 was assigned to this vulnerability. 2023-02-02 not yet
calculated CVE-2023-0637
MISC(link is external)
MISC(link is external) trendnet -- tew-811dru A vulnerability has been found in
TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability
affects unknown code of the component Web Interface. The manipulation leads to
command injection. The attack can be initiated remotely. The exploit has been
disclosed to the public and may be used. VDB-220018 is the identifier assigned
to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0638
MISC(link is external)
MISC(link is external) trendnet -- tew-652brp_3.04b01 A vulnerability was found
in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects
some unknown processing of the file get_set.ccp of the component Web Management
Interface. The manipulation of the argument nextPage leads to cross site
scripting. The attack may be initiated remotely. The associated identifier of
this vulnerability is VDB-220019. 2023-02-02 not yet calculated CVE-2023-0639
MISC(link is external)
MISC(link is external) trendnet -- tew-652brp_3.04b01 A vulnerability was found
in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is
an unknown function of the file ping.ccp of the component Web Interface. The
manipulation leads to command injection. It is possible to launch the attack
remotely. The exploit has been disclosed to the public and may be used. The
identifier of this vulnerability is VDB-220020. 2023-02-02 not yet calculated
CVE-2023-0640
MISC(link is external)
MISC(link is external) phpgurukul -- employee_leaves_management_system A
vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It
has been declared as problematic. Affected by this vulnerability is an unknown
functionality of the file changepassword.php. The manipulation of the argument
newpassword/confirmpassword leads to weak password requirements. The attack can
be launched remotely. The exploit has been disclosed to the public and may be
used. The identifier VDB-220021 was assigned to this vulnerability. 2023-02-02
not yet calculated CVE-2023-0641
MISC(link is external)
MISC(link is external)
MISC(link is external) squidex -- squidex Cross-Site Request Forgery (CSRF) in
GitHub repository squidex/squidex prior to 7.4.0. 2023-02-02 not yet calculated
CVE-2023-0642
MISC(link is external)
CONFIRM(link is external) squidex -- squidex Improper Handling of Additional
Special Element in GitHub repository squidex/squidex prior to 7.4.0. 2023-02-02
not yet calculated CVE-2023-0643
CONFIRM(link is external)
MISC(link is external) dst-admin -- dst-admin A vulnerability classified as
critical was found in dst-admin 1.5.0. Affected by this vulnerability is an
unknown functionality of the file /home/cavesConsole. The manipulation of the
argument command leads to command injection. The attack can be launched
remotely. The exploit has been disclosed to the public and may be used. The
identifier VDB-220033 was assigned to this vulnerability. 2023-02-02 not yet
calculated CVE-2023-0646
MISC(link is external)
MISC(link is external)
MISC(link is external) dst-admin -- dst-admin A vulnerability, which was
classified as critical, has been found in dst-admin 1.5.0. Affected by this
issue is some unknown functionality of the file /home/kickPlayer. The
manipulation of the argument userId leads to command injection. The attack may
be launched remotely. The exploit has been disclosed to the public and may be
used. VDB-220034 is the identifier assigned to this vulnerability. 2023-02-02
not yet calculated CVE-2023-0647
MISC(link is external)
MISC(link is external)
MISC(link is external) dst-admin -- dst-admin A vulnerability, which was
classified as critical, was found in dst-admin 1.5.0. This affects an unknown
part of the file /home/masterConsole. The manipulation of the argument command
leads to command injection. It is possible to initiate the attack remotely. The
exploit has been disclosed to the public and may be used. The associated
identifier of this vulnerability is VDB-220035. 2023-02-02 not yet calculated
CVE-2023-0648
MISC(link is external)
MISC(link is external)
MISC(link is external) dst-admin -- dst-admin A vulnerability has been found in
dst-admin 1.5.0 and classified as critical. This vulnerability affects unknown
code of the file /home/sendBroadcast. The manipulation of the argument message
leads to command injection. The attack can be initiated remotely. The exploit
has been disclosed to the public and may be used. The identifier of this
vulnerability is VDB-220036. 2023-02-02 not yet calculated CVE-2023-0649
MISC(link is external)
MISC(link is external)
MISC(link is external) yafnet -- yafnet A vulnerability was found in YAFNET up
to 3.1.11 and classified as problematic. This issue affects some unknown
processing of the component Signature Handler. The manipulation leads to cross
site scripting. The attack may be initiated remotely. The exploit has been
disclosed to the public and may be used. Upgrading to version 3.1.12 is able to
address this issue. The name of the patch is
a1442a2bacc3335461b44c250e81f8d99c60735f. It is recommended to upgrade the
affected component. The identifier VDB-220037 was assigned to this
vulnerability. 2023-02-02 not yet calculated CVE-2023-0650
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) fastcms -- fastcms A vulnerability was found in FastCMS
0.1.0. It has been classified as critical. Affected is an unknown function of
the component Template Management. The manipulation leads to unrestricted
upload. It is possible to launch the attack remotely. The exploit has been
disclosed to the public and may be used. VDB-220038 is the identifier assigned
to this vulnerability. 2023-02-02 not yet calculated CVE-2023-0651
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) multilaser -- re057/ re170 A vulnerability, which was
classified as critical, was found in Multilaser RE057 and RE170 2.1/2.2. This
affects an unknown part of the file /param.file.tgz of the component Backup File
Handler. The manipulation leads to information disclosure. It is possible to
initiate the attack remotely. The identifier VDB-220053 was assigned to this
vulnerability. 2023-02-03 not yet calculated CVE-2023-0658
MISC(link is external)
MISC(link is external) bdcom -- 1704-wgl A vulnerability was found in BDCOM
1704-WGL 2.0.6314. It has been classified as critical. This affects an unknown
part of the file /param.file.tgz of the component Backup File Handler. The
manipulation leads to information disclosure. It is possible to initiate the
attack remotely. The identifier VDB-220101 was assigned to this vulnerability.
2023-02-03 not yet calculated CVE-2023-0659
MISC(link is external)
MISC(link is external) calendar_event_management_system --
calendar_event_management_system A vulnerability was found in Calendar Event
Management System 2.3.0. It has been rated as critical. This issue affects some
unknown processing of the component Login Page. The manipulation of the argument
name/pwd leads to sql injection. The attack may be initiated remotely. The
exploit has been disclosed to the public and may be used. The associated
identifier of this vulnerability is VDB-220175. 2023-02-03 not yet calculated
CVE-2023-0663
MISC(link is external)
MISC(link is external)
MISC(link is external) froxlor -- froxlor Code Injection in GitHub repository
froxlor/froxlor prior to 2.0.10. 2023-02-04 not yet calculated CVE-2023-0671
CONFIRM(link is external)
MISC(link is external) sourcecodester -- online_eyewear_shop A vulnerability
classified as critical was found in SourceCodester Online Eyewear Shop 1.0.
Affected by this vulnerability is an unknown functionality of the file
oews/products/view_product.php. The manipulation of the argument id leads to sql
injection. The attack can be launched remotely. The associated identifier of
this vulnerability is VDB-220195. 2023-02-04 not yet calculated CVE-2023-0673
MISC(link is external)
MISC(link is external) xxl-job -- xxl-job A vulnerability, which was classified
as problematic, has been found in XXL-JOB 2.3.1. Affected by this issue is some
unknown functionality of the file /user/updatePwd of the component New Password
Handler. The manipulation leads to cross-site request forgery. The attack may be
launched remotely. The exploit has been disclosed to the public and may be used.
The identifier of this vulnerability is VDB-220196. 2023-02-04 not yet
calculated CVE-2023-0674
MISC(link is external)
MISC(link is external)
MISC(link is external) calendar_event_management_system --
calendar_event_management_system A vulnerability, which was classified as
critical, was found in Calendar Event Management System 2.3.0. This affects an
unknown part. The manipulation of the argument start/end leads to sql injection.
It is possible to initiate the attack remotely. The exploit has been disclosed
to the public and may be used. The identifier VDB-220197 was assigned to this
vulnerability. 2023-02-04 not yet calculated CVE-2023-0675
MISC(link is external)
MISC(link is external)
MISC(link is external) phpipam -- phpipam Cross-site Scripting (XSS) - Reflected
in GitHub repository phpipam/phpipam prior to 1.5.1. 2023-02-04 not yet
calculated CVE-2023-0676
MISC(link is external)
CONFIRM(link is external) phpipam -- phpipam Cross-site Scripting (XSS) -
Reflected in GitHub repository phpipam/phpipam prior to v1.5.1. 2023-02-04 not
yet calculated CVE-2023-0677
CONFIRM(link is external)
MISC(link is external) phpipam -- phpipam Improper Authorization in GitHub
repository phpipam/phpipam prior to v1.5.1. 2023-02-04 not yet calculated
CVE-2023-0678
MISC(link is external)
CONFIRM(link is external) vmware -- workstation VMware Workstation contains an
arbitrary file deletion vulnerability. A malicious actor with local user
privileges on the victim's machine may exploit this vulnerability to delete
arbitrary files from the file system of the machine on which Workstation is
installed. 2023-02-03 not yet calculated CVE-2023-20854
MISC(link is external) vmware -- vrealize_operations VMware vRealize Operations
(vROps) contains a CSRF bypass vulnerability. A malicious user could execute
actions on the vROps platform on behalf of the authenticated victim user.
2023-02-01 not yet calculated CVE-2023-20856
MISC(link is external) f5 -- big-ip On versions 17.0.x before 17.0.0.2, 16.1.x
before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions
of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is
configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic
Management Microkernel (TMM) to terminate. Note: Software versions which have
reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet
calculated CVE-2023-22281
MISC(link is external) f5 -- apm_clients On versions beginning in 7.1.5 to
before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client
for Windows. User interaction and administrative privileges are required to
exploit this vulnerability because the victim user needs to run the executable
on the system and the attacker requires administrative privileges for modifying
the files in the trusted search path. Note: Software versions which have reached
End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated
CVE-2023-22283
MISC(link is external) f5 -- big-ip In BIG-IP versions 17.0.x before 17.0.0.2,
and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is
configured on a virtual server and conditions beyond the attacker’s control
exist on the target pool member, undisclosed requests sent to the BIG-IP system
can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software
versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-02-01 not yet calculated CVE-2023-22302
MISC(link is external) snap_one -- wattbox_wb-300-ip-3 Snap One Wattbox
WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network
(LAN) protocol that does not verify updates to the device. An attacker could
upload a malformed update file to the device and execute arbitrary code.
2023-01-30 not yet calculated CVE-2023-22315
MISC omron -- cx-motion_pro Improper restriction of XML external entity
reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and
earlier. If a user opens a specially crafted project file created by an
attacker, sensitive information in the file system where CX-Motion Pro is
installed may be disclosed. 2023-01-30 not yet calculated CVE-2023-22322
MISC(link is external) f5 -- big-ip In BIP-IP versions 17.0.x before 17.0.0.2,
16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all
versions of 13.1.x, when OCSP authentication profile is configured on a virtual
server, undisclosed requests can cause an increase in CPU resource utilization.
Note: Software versions which have reached End of Technical Support (EoTS) are
not evaluated. 2023-02-01 not yet calculated CVE-2023-22323
MISC(link is external) contec -- conprosys_hmi_system SQL injection
vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a
remote authenticated attacker to execute an arbitrary SQL command. As a result,
information stored in the database may be obtained. 2023-01-30 not yet
calculated CVE-2023-22324
MISC(link is external)
MISC(link is external)
MISC(link is external) f5 -- big-ip In BIG-IP versions 17.0.x before 17.0.0.2,
16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all
versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect
permission assignment vulnerabilities exist in the iControl REST and TMOS shell
(tmsh) dig command which may allow an authenticated attacker with resource
administrator or administrator role privileges to view sensitive information.
Note: Software versions which have reached End of Technical Support (EoTS) are
not evaluated. 2023-02-01 not yet calculated CVE-2023-22326
MISC(link is external) pgpool_globabl_development_group -- pgpool-ii Information
disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0
to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1
series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions
of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All
versions of 3.3 series. A specific database user's authentication information
may be obtained by another database user. As a result, the information stored in
the database may be altered and/or database may be suspended by a remote
attacker who successfully logged in the product with the obtained credentials.
2023-01-30 not yet calculated CVE-2023-22332
MISC(link is external)
MISC(link is external) first_net_japan -- easymail Cross-site scripting
vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated
attacker to inject an arbitrary script. 2023-01-30 not yet calculated
CVE-2023-22333
MISC(link is external)
MISC(link is external) f5 -- big-ip On BIG-IP versions 16.1.x before 16.1.3.3,
15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a
SIP profile is configured on a Message Routing type virtual server, undisclosed
traffic can cause TMM to terminate. Note: Software versions which have reached
End of Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated
CVE-2023-22340
MISC(link is external) f5 -- big-ip
On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP
APM system is configured with all the following elements, undisclosed requests
may cause the Traffic Management Microkernel (TMM) to terminate: * An OAuth
Server that references an OAuth Provider * An OAuth profile with the
Authorization Endpoint set to '/' * An access profile that references the above
OAuth profile and is associated with an HTTPS virtual server Note: Software
versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-02-01 not yet calculated CVE-2023-22341
MISC(link is external) f5 -- apm_clients
In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking
vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software
versions which have reached End of Technical Support (EoTS) are not evaluated.
2023-02-01 not yet calculated CVE-2023-22358
MISC(link is external) f5 -- big-ip
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and
13.1.5 on their respective branches, a format string vulnerability exists in
iControl SOAP that allows an authenticated attacker to crash the iControl SOAP
CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a
successful exploit of this vulnerability can allow the attacker to cross a
security boundary. Note: Software versions which have reached End of Technical
Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22374
MISC(link is external) snap_one – wattbox_wb-300-ip-3
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a
plaintext file when the device configuration is exported via
Save/Restore–>Backup Settings, which could be read by any user accessing the
file. 2023-01-30 not yet calculated CVE-2023-22389
MISC f5 -- big-ip
On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before
15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect
vulnerability exists on virtual servers enabled with a BIG-IP APM access policy.
This vulnerability allows an unauthenticated malicious attacker to build an open
redirect URI. Note: Software versions which have reached End of Technical
Support (EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22418
MISC(link is external) f5 -- big-ip
On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a
HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance
and Unknown Methods: Reject are configured on a virtual server, undisclosed
requests can cause the Traffic Management Microkernel (TMM) to terminate. Note:
Software versions which have reached End of Technical Support (EoTS) are not
evaluated. 2023-02-01 not yet calculated CVE-2023-22422
MISC(link is external) parse_server -- parse_server Parse Server is an open
source backend that can be deployed to any infrastructure that can run Node.js.
Parse Server uses the request header `x-forwarded-for` to determine the client
IP address. If Parse Server doesn't run behind a proxy server, then a client can
set this header and Parse Server will trust the value of the header. The
incorrect client IP address will be used by various features in Parse Server.
This allows to circumvent the security mechanism of the Parse Server option
`masterKeyIps` by setting an allowed IP address as the `x-forwarded-for` header
value. This issue has been patched in version 5.4.1. The mechanism to determine
the client IP address has been rewritten. The correct IP address determination
now requires to set the Parse Server option `trustProxy`. 2023-02-03 not yet
calculated CVE-2023-22474
MISC(link is external)
MISC(link is external) atlassian -- jira An authentication vulnerability was
discovered in Jira Service Management Server and Data Center which allows an
attacker to impersonate another user and gain access to a Jira Service
Management instance under certain circumstances_._ With write access to a User
Directory and outgoing email enabled on a Jira Service Management instance, an
attacker could gain access to signup tokens sent to users with accounts that
have never been logged into. Access to these tokens can be obtained in two
cases: * If the attacker is included on Jira issues or requests with these
users, or * If the attacker is forwarded or otherwise gains access to emails
containing a “View Request” link from these users. Bot accounts are particularly
susceptible to this scenario. On instances with single sign-on, external
customer accounts can be affected in projects where anyone can create their own
account. 2023-02-01 not yet calculated CVE-2023-22501
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS
9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file
vulnerability in change password api. A low privilege local attacker could
potentially exploit this vulnerability, leading to system takeover. 2023-02-01
not yet calculated CVE-2023-22572
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS
9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file
vulnerability in cloudpool. A low privileged local attacker could potentially
exploit this vulnerability, leading to sensitive information disclosure.
2023-02-01 not yet calculated CVE-2023-22573
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS 9.0.0.x -
9.4.0.x contain an insertion of sensitive information into log file
vulnerability in platform API of IPMI module. A low-privileged user with
permission to read logs on the cluster could potentially exploit this
vulnerability, leading to Information disclosure and denial of service.
2023-02-01 not yet calculated CVE-2023-22574
MISC(link is external) dell -- powerscale_onefs Dell PowerScale OneFS 9.0.0.x -
9.4.0.x contain an insertion of sensitive information into log file
vulnerability in celog. A low privileges user could potentially exploit this
vulnerability, leading to information disclosure and escalation of privileges.
2023-02-01 not yet calculated CVE-2023-22575
MISC(link is external) ecostruxure -- geo_scada_expert A CWE-285: Improper
Authorization vulnerability exists that could cause Denial of Service against
the Geo SCADA server when specific messages are sent to the server over the
database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert 2019 -
2021 (formerly known as ClearSCADA) (Versions prior to October 2022) 2023-01-31
not yet calculated CVE-2023-22610
MISC(link is external) ecostruxure -- geo_scada_expert A CWE-200: Exposure of
Sensitive Information to an Unauthorized Actor vulnerability exists that could
cause information disclosure when specific messages are sent to the server over
the database server TCP port. Affected Products: EcoStruxure Geo SCADA Expert
2019 - 2021 (formerly known as ClearSCADA) (Versions prior to October 2022)
2023-01-31 not yet calculated CVE-2023-22611
MISC(link is external) f5 -- f5os On F5OS-A beginning in version 1.2.0 to before
1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS
tenant file names may allow for command injection. Note: Software versions which
have reached End of Technical Support (EoTS) are not evaluated. 2023-02-01 not
yet calculated CVE-2023-22657
MISC(link is external) f5 -- big-ip On BIG-IP versions 17.0.x before 17.0.0.2
and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a
client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a
virtual server, undisclosed requests can cause an increase in memory resource
utilization. Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22664
MISC(link is external) wireapp -- wire-server wire-server provides back end
services for Wire, a team communication and collaboration platform. Prior to
version 2022-12-09, every member of a Conversation can remove a Bot from a
Conversation due to a missing permissions check. Only Conversation admins should
be able to remove Bots. Regular Conversations are not allowed to do so. The
issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire
managed services. On-premise instances of wire-server need to be updated to
2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There
are no known workarounds. 2023-01-28 not yet calculated CVE-2023-22737
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) ckan -- ckan CKAN is an open-source DMS (data management
system) for powering data hubs and data portals. When creating a new container
based on one of the Docker images listed below, the same secret key was being
used by default. If the users didn't set a custom value via environment
variables in the `.env` file, that key was shared across different CKAN
instances, making it easy to forge authentication requests. Users overriding the
default secret key in their own `.env` file are not affected by this issue. Note
that the legacy images (ckan/ckan) located in the main CKAN repo are not
affected by this issue. The affected images are ckan/ckan-docker,
(ckan/ckan-base images), okfn/docker-ckan (openknowledge/ckan-base and
openknowledge/ckan-dev images) keitaroinc/docker-ckan (keitaro/ckan images).
2023-02-03 not yet calculated CVE-2023-22746
MISC(link is external)
MISC(link is external)
MISC(link is external) f5 -- big-ip On BIG-IP versions 17.0.x before 17.0.0.2,
16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all
version of 13.1.x, when a DNS profile with the Rapid Response Mode setting
enabled is configured on a virtual server with hardware SYN cookies enabled,
undisclosed requests cause the Traffic Management Microkernel (TMM) to
terminate. Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22839
MISC(link is external) f5 -- big-ip On BIG-IP versions 16.1.x before 16.1.3.3,
15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when
a SIP profile is configured on a Message Routing type virtual server,
undisclosed traffic can cause the Traffic Management Microkernel (TMM) to
terminate. Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-22842
MISC(link is external) apache_software -- apache_sling_app An improper
neutralization of input during web page generation ('Cross-site Scripting')
[CWE-79] vulnerability in Sling App CMS version 1.1.4 and prior may allow an
authenticated remote attacker to perform a reflected cross-site scripting (XSS)
attack in multiple features. Upgrade to Apache Sling App CMS >= 1.1.6 2023-02-04
not yet calculated CVE-2023-22849
MISC jfinal_cms -- jfinal_cms jfinal_cms 5.1.0 is vulnerable to Cross Site
Scripting (XSS). 2023-02-03 not yet calculated CVE-2023-22975
MISC(link is external) zoho -- manageengine_servicedesk_plus Cross site
scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in
the purchase component. 2023-02-01 not yet calculated CVE-2023-23073
MISC(link is external) zoho -- manageengine_servicedesk_plus Cross site
scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via
embedding videos in the language component. 2023-02-01 not yet calculated
CVE-2023-23074
MISC(link is external) zoho -- asset_explorer Cross Site Scripting (XSS)
vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a
new Assets Workstation. 2023-02-01 not yet calculated CVE-2023-23075
MISC(link is external) zoho -- support_center OS Command injection vulnerability
in Support Center Plus 11 via Executor in Action when creating new schedules.
2023-02-01 not yet calculated CVE-2023-23076
MISC(link is external) zoho -- manageengine_servicedesk_plus Cross site
scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the
comment field when adding a new status comment. 2023-02-01 not yet calculated
CVE-2023-23077
MISC(link is external) zoho -- manageengine_servicedesk_plus Cross site
scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the
comment field when changing the credentials in the Assets. 2023-02-01 not yet
calculated CVE-2023-23078
MISC(link is external) kodi -- home_theater_software A heap buffer overflow
vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause
a denial of service due to an improper length of the value passed to the offset
argument. 2023-02-03 not yet calculated CVE-2023-23082
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) mojojson -- mojojson Buffer OverFlow Vulnerability in
MojoJson v1.2.3 allows an attacker to execute arbitrary code via the SkipString
function. 2023-02-03 not yet calculated CVE-2023-23086
MISC(link is external) mojojson -- mojojson An issue was found in MojoJson
v1.2.3 allows attackers to execute arbitary code via the destroy function.
2023-02-03 not yet calculated CVE-2023-23087
MISC(link is external) json-parser -- json-parser Buffer OverFlow Vulnerability
in Barenboim json-parser master and v1.1.0 fixed in v1.1.1 allows an attacker to
execute arbitrary code via the json_value_parse function. 2023-02-03 not yet
calculated CVE-2023-23088
MISC(link is external) netgear -- multiple_products An exploitable firmware
modification vulnerability was discovered in certain Netgear products. The data
integrity of the uploaded firmware image is ensured with a fixed checksum
number. Therefore, an attacker can conduct a MITM attack to modify the
user-uploaded firmware image and bypass the checksum verification. This affects
WNR612v2 Wireless Routers 1.0.0.3 and earlier, DGN1000v3 Modem Router 1.0.0.22
and earlier, D6100 WiFi DSL Modem Routers 1.0.0.63 and earlier, WNR1000v2
Wireless Routers 1.1.2.60 and earlier, XAVN2001v2 Wireless-N Extenders 0.4.0.7
and earlier, WNR2200 Wireless Routers 1.0.1.102 and earlier, WNR2500 Wireless
Routers 1.0.0.34 and earlier, R8900 Smart WiFi Routers 1.0.3.6 and earlier, and
R9000 Smart WiFi Routers 1.0.3.6 and earlier. 2023-02-02 not yet calculated
CVE-2023-23110
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) ubiquiti -- airfiber_af2x_radio The use of the cyclic
redundancy check (CRC) algorithm for integrity check during firmware update
makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable
to firmware modification attacks. An attacker can conduct a man-in-the-middle
(MITM) attack to modify the new firmware image and bypass the checksum
verification. 2023-02-02 not yet calculated CVE-2023-23119
MISC(link is external)
MISC(link is external) trendnet -- tv-ip651wi The use of the cyclic redundancy
check (CRC) algorithm for integrity check during firmware update makes TRENDnet
TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to
firmware modification attacks. An attacker can conduct a man-in-the-middle
(MITM) attack to modify the new firmware image and bypass the checksum
verification. 2023-02-02 not yet calculated CVE-2023-23120
MISC(link is external)
MISC(link is external) selfwealth -- ios_mobile_app_3.3.1 Selfwealth iOS mobile
App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings.
2023-02-01 not yet calculated CVE-2023-23131
MISC(link is external) selfwealth -- ios_mobile_app_3.3.1 Selfwealth iOS mobile
App 3.3.1 is vulnerable to Sensitive key disclosure. The application reveals
hardcoded API keys. 2023-02-01 not yet calculated CVE-2023-23132
MISC(link is external) ftdms -- ftdms An arbitrary file upload vulnerability in
Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted
JPG file. 2023-02-01 not yet calculated CVE-2023-23135
MISC(link is external) lmxcms -- lmxcms lmxcms v1.41 was discovered to contain
an arbitrary file deletion vulnerability via BackdbAction.class.php. 2023-02-01
not yet calculated CVE-2023-23136
MISC(link is external) ibm -- automation_decision_services IBM ICP4A -
Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3,
20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web
pages to be stored locally which can be read by another user on the system. IBM
X-Force ID: 244504. 2023-02-01 not yet calculated CVE-2023-23469
MISC(link is external)
MISC(link is external) ibm -- websphere_application_server IBM WebSphere
Application Server 8.5 and 9.0 traditional could allow a remote attacker to
execute arbitrary code on the system with a specially crafted sequence of
serialized objects. IBM X-Force ID: 245513. 2023-02-03 not yet calculated
CVE-2023-23477
MISC(link is external)
MISC(link is external) f5 -- big-ip On versions 17.0.x before 17.0.0.2, 16.1.x
before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions
of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is
configured on a virtual server, undisclosed requests can cause an increase in
memory resource utilization. Note: Software versions which have reached End of
Technical Support (EoTS) are not evaluated. 2023-02-01 not yet calculated
CVE-2023-23552
MISC(link is external) f5 -- big-ip
On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8
and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in
1.5.0 to before 1.6.0, when FastL4 profile is configured on a virtual server,
undisclosed traffic can cause the Traffic Management Microkernel (TMM) to
terminate. Note: Software versions which have reached End of Technical Support
(EoTS) are not evaluated. 2023-02-01 not yet calculated CVE-2023-23555
MISC(link is external) snap_one -- wattbox_wb-300-ip-3 Snap One Wattbox
WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer
overflow, which could allow an attacker to execute arbitrary code or crash the
device remotely. 2023-01-30 not yet calculated CVE-2023-23582
MISC discourse -- discourse Discourse is an open source discussion platform. The
embeddable comments can be exploited to create new topics as any user but
without any clear title or content. This issue is patched in the latest stable,
beta and tests-passed versions of Discourse. As a workaround, disable embeddable
comments by deleting all embeddable hosts. 2023-02-03 not yet calculated
CVE-2023-23615
MISC(link is external) discourse -- discourse Discourse is an open-source
discussion platform. Prior to version 3.0.1 on the `stable` branch and
3.1.0.beta2 on the `beta` and `tests-passed` branches, when submitting a
membership request, there is no character limit for the reason provided with the
request. This could potentially allow a user to flood the database with a large
amount of data. However it is unlikely this could be used as part of a DoS
attack, as the paths reading back the reasons are only available to
administrators. Starting in version 3.0.1 on the `stable` branch and 3.1.0.beta2
on the `beta` and `tests-passed` branches, a limit of 280 characters has been
introduced for membership requests. 2023-01-28 not yet calculated CVE-2023-23616
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
MISC(link is external) openmage_lts -- openmage_lts OpenMage LTS is an
e-commerce platform. Versions prior to 19.4.22 and 20.0.19 contain an infinite
loop in malicious code filter in certain conditions. Versions 19.4.22 and
20.0.19 have a fix for this issue. There are no known workarounds. 2023-01-28
not yet calculated CVE-2023-23617
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) discourse -- discourse Discourse is an open-source
discussion platform. Prior to version 3.0.1 on the `stable` branch and
3.1.0.beta2 on the `beta` and `tests-passed` branches, the contents of
latest/top routes for restricted tags can be accessed by unauthorized users.
This issue is patched in version 3.0.1 on the `stable` branch and 3.1.0.beta2 on
the `beta` and `tests-passed` branches. There are no known workarounds.
2023-01-28 not yet calculated CVE-2023-23620
CONFIRM(link is external)
MISC(link is external)
MISC(link is external) discourse -- discourse Discourse is an open-source
discussion platform. Prior to version 3.0.1 on the `stable` branch and version
3.1.0.beta2 on the `beta` and `tests-passed` branches, a malicious user can
cause a regular expression denial of service using a carefully crafted user
agent. This issue is patched in version 3.0.1 on the `stable` branch and version
3.1.0.beta2 on the `beta` and `tests-passed` branches. There are no known
workarounds. 2023-01-28 not yet calculated CVE-2023-23621
MISC(link is external)
MISC(link is external)
MISC(link is external) discourse -- discourse Discourse is an open-source
discussion platform. Prior to version 3.0.1 on the `stable` branch and version
3.1.0.beta2 on the `beta` and `tests-passed` branches, someone can use the
`exclude_tag param` to filter out topics and deduce which ones were using a
specific hidden tag. This affects any Discourse site using hidden tags in public
categories. This issue is patched in version 3.0.1 on the `stable` branch and
version 3.1.0.beta2 on the `beta` and `tests-passed` branches. As a workaround,
secure any categories that are using hidden tags, change any existing hidden
tags to not include private data, or remove any hidden tags currently in use.
2023-01-28 not yet calculated CVE-2023-23624
MISC(link is external)
MISC(link is external)
MISC(link is external) sanitize -- sanitize Sanitize is an allowlist-based HTML
and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to
Cross-site Scripting. When Sanitize is configured with a custom allowlist that
allows `noscript` elements, attackers are able to include arbitrary HTML,
resulting in XSS (cross-site scripting) or other undesired behavior when that
HTML is rendered in a browser. The default configurations do not allow
`noscript` elements and are not vulnerable. This issue only affects users who
are using a custom config that adds `noscript` to the element allowlist. This
issue has been patched in version 6.0.1. Users who are unable to upgrade can
prevent this issue by using one of Sanitize's default configs or by ensuring
that their custom config does not include `noscript` in the element allowlist.
2023-01-28 not yet calculated CVE-2023-23627
MISC(link is external) metabase -- metabase Metabase is an open source data
analytics platform. Affected versions are subject to Exposure of Sensitive
Information to an Unauthorized Actor. Sandboxed users shouldn't be able to view
data about other Metabase users anywhere in the Metabase application. However,
when a sandbox user views the settings for a dashboard subscription, and another
user has added users to that subscription, the sandboxed user is able to view
the list of recipients for that subscription. This issue is patched in versions
0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1, 0.45.2.1, and 1.45.2.1. There are no
workarounds. 2023-01-28 not yet calculated CVE-2023-23628
MISC(link is external) metabase -- metabase Metabase is an open source data
analytics platform. Affected versions are subject to Improper Privilege
Management. As intended, recipients of dashboards subscriptions can view the
data as seen by the creator of that subscription. This allows someone with
greater access to data to create a dashboard subscription, add people with fewer
data privileges, and all recipients of that subscription receive the same data:
the charts shown in the email would abide by the privileges of the user who
created the subscription. The issue is users with fewer privileges who can view
a dashboard are able to add themselves to a dashboard subscription created by
someone with additional data privileges, and thus get access to more data via
email. This issue is patched in versions 0.43.7.1, 1.43.7.1, 0.44.6.1, 1.44.6.1,
0.45.2.1, and 1.45.2.1. On Metabase instances running Enterprise Edition, admins
can disable the "Subscriptions and Alerts" permission for groups that have
restricted data permissions, as a workaround. 2023-01-28 not yet calculated
CVE-2023-23629
MISC(link is external) eta_dev -- eta Eta is an embedded JS templating engine
that works inside Node, Deno, and the browser. XSS attack - anyone using the
Express API is impacted. The problem has been resolved. Users should upgrade to
version 2.0.0. As a workaround, don't pass user supplied things directly to
`res.render`. 2023-02-01 not yet calculated CVE-2023-23630
MISC(link is external)
MISC(link is external)
MISC(link is external) jellyfin -- jellyfin-web In Jellyfin 10.8.x through
10.8.3, the name of a collection is vulnerable to stored XSS. This allows an
attacker to steal access tokens from the localStorage of the victim. 2023-02-03
not yet calculated CVE-2023-23635
MISC(link is external)
MISC(link is external)
MISC(link is external) jellyfin -- jellyfin-web In Jellyfin 10.8.x through
10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an
attacker to steal access tokens from the localStorage of the victim. 2023-02-03
not yet calculated CVE-2023-23636
MISC(link is external)
MISC(link is external)
MISC(link is external) dell -- data_domain Dell EMC prior to version DDOS 7.9
contain(s) an OS command injection Vulnerability. An authenticated non admin
attacker could potentially exploit this vulnerability, leading to the execution
of arbitrary OS commands on the application's underlying OS, with the privileges
of the vulnerable application. 2023-02-01 not yet calculated CVE-2023-23692
MISC(link is external) joomla!_project -- joomla!_cms An issue was discovered in
Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability
in the handling of post-installation messages. 2023-02-01 not yet calculated
CVE-2023-23750
MISC joomla!_project -- joomla!_cms An issue was discovered in Joomla! 4.0.0
through 4.2.4. A missing ACL check allows non super-admin users to access
com_actionlogs. 2023-02-01 not yet calculated CVE-2023-23751
MISC open5gs -- open5gs Due to insufficient length validation in the Open5GS GTP
library versions prior to versions 2.4.13 and 2.5.7, when parsing extension
headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with
any extension header length set to zero causes an infinite loop. The affected
process becomes immediately unresponsive, resulting in denial of service and
excessive resource consumption.
CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C 2023-02-01 not yet
calculated CVE-2023-23846
MISC(link is external) dompdf -- dompdf Dompdf is an HTML to PDF converter. The
URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing
`<image>` tags with uppercase letters. This may lead to arbitrary object
unserialize on PHP < 8, through the `phar` URL wrapper. An attacker can exploit
the vulnerability to call arbitrary URL with arbitrary protocols, if they can
provide a SVG file to dompdf. In PHP versions before 8.0.0, it leads to
arbitrary unserialize, that will lead to the very least to an arbitrary file
deletion and even remote code execution, depending on classes that are
available. 2023-02-01 not yet calculated CVE-2023-23924
MISC(link is external)
MISC(link is external)
MISC(link is external) switcherapie -- switcher-client-master Switcher Client is
a JavaScript SDK to work with Switcher API which is cloud-based Feature Flag.
Unsanitized input flows into Strategy match operation (EXIST), where it is used
to build a regular expression. This may result in a Regular expression Denial of
Service attack (reDOS). This issue has been patched in version 3.1.4. As a
workaround, avoid using Strategy settings that use REGEX in conjunction with
EXIST and NOT_EXIST operations. 2023-02-03 not yet calculated CVE-2023-23925
MISC(link is external)
MISC(link is external) reason-jose -- reason-jose reason-jose is a JOSE
implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256
signatures. This allows tampering of JWS header and payload data if the service
does not perform additional checks. Such tampering could expose applications
using reason-jose to authorization bypass. Applications relying on JWS claims
assertion to enforce security boundaries may be vulnerable to privilege
escalation. This issue has been patched in version 0.8.2. 2023-02-01 not yet
calculated CVE-2023-23928
MISC(link is external)
MISC(link is external)
MISC(link is external) opendds -- opendds OpenDDS is an open source C++
implementation of the Object Management Group (OMG) Data Distribution Service
(DDS). OpenDDS applications that are exposed to untrusted RTPS network traffic
may crash when parsing badly-formed input. This issue has been patched in
version 3.23.1. 2023-02-03 not yet calculated CVE-2023-23932
MISC(link is external)
MISC(link is external) opensearch-project -- anomaly-detection OpenSearch
Anomaly Detection identifies atypical data and receives automatic notifications.
There is an issue with the application of document and field level restrictions
in the Anomaly Detection plugin, where users with the Anomaly Detector role can
read aggregated numerical data (e.g. averages, sums) of fields that are
otherwise restricted to them. This issue only affects authenticated users who
were previously granted read access to the indexes containing the restricted
fields. This issue has been patched in versions 1.3.8 and 2.6.0. There are no
known workarounds for this issue. 2023-02-03 not yet calculated CVE-2023-23933
MISC(link is external) pimcore -- pimcore Pimcore is an Open Source Data &
Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce.
The upload functionality for updating user profile does not properly validate
the file content-type, allowing any authenticated user to bypass this security
check by adding a valid signature (p.e. GIF89) and sending any invalid
content-type. This could allow an authenticated attacker to upload HTML files
with JS content that will be executed in the context of the domain. This issue
has been patched in version 10.5.16. 2023-02-03 not yet calculated
CVE-2023-23937
MISC(link is external)
MISC(link is external) onezeppelin -- cairo-contracts OpenZeppelin Contracts for
Cairo is a library for secure smart contract development written in Cairo for
StarkNet, a decentralized ZK Rollup. `is_valid_eth_signature` is missing a call
to `finalize_keccak` after calling `verify_eth_signature`. As a result, any
contract using `is_valid_eth_signature` from the account library (such as the
`EthAccount` preset) is vulnerable to a malicious sequencer. Specifically, the
malicious sequencer would be able to bypass signature validation to impersonate
an instance of these accounts. The issue has been patched in 0.6.1. 2023-02-03
not yet calculated CVE-2023-23940
MISC(link is external)
MISC(link is external) shopware -- swagpaypal SwagPayPal is a PayPal integration
for shopware/platform. If JavaScript-based PayPal checkout methods are used
(PayPal Plus, Smart Payment Buttons, SEPA, Pay Later, Venmo, Credit card), the
amount and item list sent to PayPal may not be identical to the one in the
created order. The problem has been fixed with version 5.4.4. As a workaround,
disable the aforementioned payment methods or use the Security Plugin in version
>= 1.0.21. 2023-02-03 not yet calculated CVE-2023-23941
MISC(link is external)
MISC(link is external) djangoproject -- django In Django 3.2 before 3.2.17, 4.0
before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers
are cached in order to avoid repetitive parsing. This leads to a potential
denial-of-service vector via excessive memory usage if the raw value of
Accept-Language headers is very large. 2023-02-01 not yet calculated
CVE-2023-23969
MISC(link is external)
CONFIRM(link is external)
MISC(link is external)
MLIST snap_one -- wattbox_wb-300-ip-3 Snap One Wattbox WB-300-IP-3 versions
WB10.9a17 and prior could bypass the brute force protection, allowing multiple
attempts to force a login. 2023-01-30 not yet calculated CVE-2023-24020
MISC progress -- ws_ftp In Progress WS_FTP Server before 8.8, it is possible for
a host administrator to elevate their privileges via the administrative
interface due to insufficient authorization controls applied on user
modification workflows. 2023-02-03 not yet calculated CVE-2023-24029
MISC(link is external)
MISC(link is external) wordpress -- wordpress NOSH 4a5cfdb allows stored XSS via
the create user page. For example, a first name (of a physician, assistant, or
billing user) can have a JavaScript payload that is executed upon visiting the
/users/2/1 page. This may allow attackers to steal Protected Health Information
because the product is for health charting. 2023-01-29 not yet calculated
CVE-2023-24065
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the host_time
parameter in the NTPSyncWithHost function. 2023-02-03 not yet calculated
CVE-2023-24138
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the NetDiagHost
parameter in the setNetworkDiag function. 2023-02-03 not yet calculated
CVE-2023-24139
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the NetDiagPingNum
parameter in the setNetworkDiag function. 2023-02-03 not yet calculated
CVE-2023-24140
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the
NetDiagPingTimeOut parameter in the setNetworkDiag function. 2023-02-03 not yet
calculated CVE-2023-24141
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the NetDiagPingSize
parameter in the setNetworkDiag function. 2023-02-03 not yet calculated
CVE-2023-24142
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the
NetDiagTracertHop parameter in the setNetworkDiag function. 2023-02-03 not yet
calculated CVE-2023-24143
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the hour parameter
in the setRebootScheCfg function. 2023-02-03 not yet calculated CVE-2023-24144
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the plugin_version
parameter in the setUnloadUserData function. 2023-02-03 not yet calculated
CVE-2023-24145
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the minute parameter
in the setRebootScheCfg function. 2023-02-03 not yet calculated CVE-2023-24146
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a hard code password for the telnet service which is
stored in the component /etc/config/product.ini. 2023-02-03 not yet calculated
CVE-2023-24147
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a command injection vulnerability via the FileName
parameter in the setUploadUserData function. 2023-02-03 not yet calculated
CVE-2023-24148
MISC(link is external) totolink -- ca300-poe TOTOLINK CA300-PoE V6.2c.884 was
discovered to contain a hard code password for root which is stored in the
component /etc/shadow. 2023-02-03 not yet calculated CVE-2023-24149
MISC(link is external) totolink -- t8 A command injection vulnerability in the
serverIp parameter in the function meshSlaveDlfw of TOTOLINK T8 V4.1.5cu allows
attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03
not yet calculated CVE-2023-24150
MISC(link is external) totolink -- t8 A command injection vulnerability in the
ip parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8 V4.1.5cu
allows attackers to execute arbitrary commands via a crafted MQTT packet.
2023-02-03 not yet calculated CVE-2023-24151
MISC(link is external) totolink -- t8 A command injection vulnerability in the
serverIp parameter in the function meshSlaveUpdate of TOTOLINK T8 V4.1.5cu
allows attackers to execute arbitrary commands via a crafted MQTT packet.
2023-02-03 not yet calculated CVE-2023-24152
MISC(link is external) totolink -- t8 A command injection vulnerability in the
version parameter in the function recvSlaveCloudCheckStatus of TOTOLINK T8
V4.1.5cu allows attackers to execute arbitrary commands via a crafted MQTT
packet. 2023-02-03 not yet calculated CVE-2023-24153
MISC(link is external) totolink -- t8 TOTOLINK T8 V4.1.5cu was discovered to
contain a command injection vulnerability via the slaveIpList parameter in the
function setUpgradeFW. 2023-02-03 not yet calculated CVE-2023-24154
MISC(link is external) totolink -- t8 TOTOLINK T8 V4.1.5cu was discovered to
contain a hard code password for the telnet service which is stored in the
component /web_cste/cgi-bin/product.ini. 2023-02-03 not yet calculated
CVE-2023-24155
MISC(link is external) totolink -- t8 A command injection vulnerability in the
ip parameter in the function recvSlaveUpgstatus of TOTOLINK T8 V4.1.5cu allows
attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03
not yet calculated CVE-2023-24156
MISC(link is external) totolink -- t8 A command injection vulnerability in the
serverIp parameter in the function updateWifiInfo of TOTOLINK T8 V4.1.5cu allows
attackers to execute arbitrary commands via a crafted MQTT packet. 2023-02-03
not yet calculated CVE-2023-24157
MISC(link is external) dromara -- hutool Deserialization vulnerability in
Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the
XmlUtil.readObjectFromXml parameter. 2023-01-31 not yet calculated
CVE-2023-24162
MISC(link is external)
MISC(link is external) dromara -- hutool
SQL Inection vulnerability in Dromara hutool v5.8.11 allows attacker to
execute arbitrary code via the aviator template engine. 2023-01-31 not yet
calculated CVE-2023-24163
MISC(link is external) forget_heart_message_box -- forget_heart_message_box
Forget Heart Message Box v1.1 was discovered to contain a SQL injection
vulnerability via the name parameter at /admin/loginpost.php. 2023-02-01 not yet
calculated CVE-2023-24241
MISC(link is external) dell -- enterprise_somic_os Dell Enterprise SONiC OS,
3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption
vulnerability" in authentication component. An unauthenticated remote attacker
could potentially exploit this vulnerability, leading to uncontrolled resource
consumption by creating permanent home directories for unauthenticated users.
2023-02-02 not yet calculated CVE-2023-24574
MISC(link is external) dell -- networker_nve EMC NetWorker may potentially be
vulnerable to an unauthenticated remote code execution vulnerability in the
Networker Client execution service (nsrexecd) when oldauth authentication method
is used. An unauthenticated remote attacker could send arbitrary commands via
RPC service to be executed on the host system with the privileges of the
nsrexecd service, which runs with administrative privileges. 2023-02-03 not yet
calculated CVE-2023-24576
MISC(link is external) dell -- networker_nve NOSH 4a5cfdb allows remote
authenticated users to execute PHP arbitrary code via the "practice logo" upload
feature. The client-side checks can be bypassed. This may allow attackers to
steal Protected Health Information because the product is for health charting.
2023-02-01 not yet calculated CVE-2023-24610
MISC(link is external)
MISC(link is external)
MISC(link is external)
MISC(link is external) pdfbook -- pdfbook The PdfBook extension through 2.0.5
before b07b6a64 for MediaWiki allows command injection via an option. 2023-01-30
not yet calculated CVE-2023-24612
MISC(link is external) array_networks -- ag_vxag_ui The user interface of Array
Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to
use the gdb tool to overwrite the backend function call stack after accessing
the system with administrator privileges. A successful exploit could leverage
this vulnerability in the backend binary file that handles the user interface to
a cause denial of service attack. This is fixed in AG 9.4.0.481. 2023-02-03 not
yet calculated CVE-2023-24613
MISC(link is external) safeurl-python -- safeurl-python isInList in the
safeurl-python package before 1.2 for Python has an insufficiently restrictive
regular expression for external domains, leading to SSRF. 2023-01-30 not yet
calculated CVE-2023-24622
MISC(link is external) paranoidhttp -- paranoidhttp Paranoidhttp before 0.3.0
allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not
match the filter for private addresses. 2023-01-30 not yet calculated
CVE-2023-24623
MISC(link is external)
MISC(link is external)
MISC(link is external) apache -- iotdb Incorrect Authorization vulnerability in
Apache Software Foundation Apache IoTDB.This issue affects the
iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is
an optional component of IoTDB, providing a web console of the database. This
problem is fixed from version 0.13.3 of iotdb-web-workbench onwards. 2023-01-31
not yet calculated CVE-2023-24829
MISC apache -- iotdb Improper Authentication vulnerability in Apache Software
Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before
0.13.3. 2023-01-30 not yet calculated CVE-2023-24830
MISC forget_heart_message_box -- forget_heart_message_box Forget Heart Message
Box v1.1 was discovered to contain a SQL injection vulnerability via the name
parameter at /cha.php. 2023-02-01 not yet calculated CVE-2023-24956
MISC(link is external) apache -- inlong Out-of-bounds Read vulnerability in
Apache Software Foundation Apache InLong.This issue affects Apache InLong: from
1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest
version or cherry-pick https://github.com/apache/inlong/pull/7214
https://github.com/apache/inlong/pull/7214 to solve it. 2023-02-01 not yet
calculated CVE-2023-24977
MISC apache -- inlong Deserialization of Untrusted Data vulnerability in Apache
Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0
through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or
cherry-pick https://github.com/apache/inlong/pull/7223
https://github.com/apache/inlong/pull/7223 to solve it. 2023-02-01 not yet
calculated CVE-2023-24997
MISC linux -- kernel The Linux kernel through 6.1.9 has a Use-After-Free in
bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the
LED controllers remain registered for too long. 2023-02-02 not yet calculated
CVE-2023-25012
MISC
MISC
MLIST(link is external) typo3 -- femanger_extension An issue was discovered in
the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for
TYPO3. Missing access checks in the InvitationController allow an
unauthenticated user to set the password of all frontend users. 2023-02-02 not
yet calculated CVE-2023-25013
MISC
MISC typo3 -- femanger_extension An issue was discovered in the femanager
extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3.
Missing access checks in the InvitationController allow an unauthenticated user
to delete all frontend users. 2023-02-02 not yet calculated CVE-2023-25014
MISC
MISC clockwork_web -- clockwork_web Clockwork Web before 0.1.2, when Rails
before 5.2 is used, allows CSRF. 2023-02-02 not yet calculated CVE-2023-25015
MISC(link is external)
CONFIRM(link is external)
MISC(link is external) vbulletin -- vbulletin vBulletin before 5.6.9 PL1 allows
an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP
request that triggers deserialization. This occurs because verify_serialized
checks that a value is serialized by calling unserialize and then checking for
errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1. 2023-02-03
not yet calculated CVE-2023-25135
MISC(link is external)
MISC(link is external) openssh -- openssh_server OpenSSH server (sshd) 9.1
introduced a double-free vulnerability during options.kex_algorithms handling.
This is fixed in OpenSSH 9.2. The double free can be triggered by an
unauthenticated attacker in the default configuration; however, the
vulnerability discoverer reports that "exploiting this vulnerability will not be
easy." 2023-02-03 not yet calculated CVE-2023-25136
MISC
MISC
MISC(link is external)
MISC(link is external) glibc -- glibc sprintf in the GNU C Library (glibc) 2.37
has a buffer overflow (out-of-bounds write) in some situations with a correct
buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the
destination buffer when attempting to write a padded, thousands-separated string
representation of a number, if the buffer is allocated the exact size required
to represent that number as a string. For example, 1,234,567 (with padding to
13) overflows by two bytes. 2023-02-03 not yet calculated CVE-2023-25139
MISC harfbuzz -- harfbuzz hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0
allows attackers to trigger O(n^2) growth via consecutive marks during the
process of looking back for base glyphs when attaching marks. 2023-02-04 not yet
calculated CVE-2023-25193
MISC(link is external)
MISC(link is external)
MISC(link is external)
Back to top
This product is provided subject to this Notification and this Privacy & Use
policy.
Please share your thoughts.
We recently updated our anonymous product survey; we'd welcome your feedback.
CONTACT US
(888)282-0870
Send us email(link sends email)
Download PGP/GPG keys
Submit website feedback
SUBSCRIBE TO ALERTS
Receive security alerts, tips, and other updates.
Enter your email address
HSIN
Report
--------------------------------------------------------------------------------
Home Site Map FAQ Contact Us Traffic Light Protocol PCII
Accountability Disclaimer Privacy Policy FOIA No Fear Act
AccessibilityPlain WritingPlug-ins Inspector General The White House
USA.gov
CISA is part of the Department of Homeland Security