Vulnerability Summary for the Week of January 9, 2023
Cybersecurity and Infrastructure Security Agency sent this bulletin at 01/18/2023 09:19 AM ESTYou are subscribed to Vulnerability Bulletins for Cybersecurity and Infrastructure Security Agency. This information has recently been updated, and is now available.
High Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
web-cyradm_project -- web-cyradm | A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640. | 2023-01-08 | 9.8 |
CVE-2007-10002 MISC MISC MISC |
eshop_project -- eshop | A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572. | 2023-01-06 | 9.8 |
CVE-2013-10008 MISC MISC MISC |
pychao_project -- pychao | A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The name of the patch is 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2013-10009 MISC MISC MISC MISC |
paginationserviceprovider_project -- paginationserviceprovider | A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2014-125029 MISC MISC MISC MISC |
cub-scout-tracker_project -- cub-scout-tracker | A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The name of the patch is b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551. | 2023-01-06 | 9.8 |
CVE-2014-125046 MISC MISC MISC |
school-store_project -- school-store | A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2014-125047 MISC MISC MISC |
blogile_project -- blogile | ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-01-06 | 9.8 |
CVE-2014-125049 MISC MISC MISC |
voter-js_project -- voter-js | A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The name of the patch is 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2014-125050 MISC MISC MISC MISC |
yii2-jqgrid-widget_project -- yii2-jqgrid-widget | A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564. | 2023-01-06 | 9.8 |
CVE-2014-125051 MISC MISC MISC MISC |
sparql-identifiers_project -- sparql-identifiers | A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The name of the patch is 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571. | 2023-01-06 | 9.8 |
CVE-2014-125052 MISC MISC MISC |
piwigo -- guestbook | A vulnerability was found in Piwigo-Guest-Book up to 1.3.0. It has been declared as critical. This vulnerability affects unknown code of the file include/guestbook.inc.php of the component Navigation Bar. The manipulation of the argument start leads to sql injection. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is 0cdd1c388edf15089c3a7541cefe7756e560581d. It is recommended to upgrade the affected component. VDB-217582 is the identifier assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2014-125053 MISC MISC MISC MISC |
robitailletheknot_project -- robitailletheknot | A vulnerability was found in mrobit robitailletheknot. It has been classified as problematic. This affects an unknown part of the file app/filters.php of the component CSRF Token Handler. The manipulation of the argument _token leads to incorrect comparison. It is possible to initiate the attack remotely. The name of the patch is 6b2813696ccb88d0576dfb305122ee880eb36197. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217599. | 2023-01-07 | 9.8 |
CVE-2014-125057 MISC MISC MISC |
address_book_project -- address_book | A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The name of the patch is d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code. | 2023-01-07 | 9.8 |
CVE-2014-125058 MISC MISC MISC |
sternenblog_project -- sternenblog | A vulnerability, which was classified as problematic, has been found in sternenseemann sternenblog. This issue affects the function blog_index of the file main.c. The manipulation of the argument post_path leads to file inclusion. The attack may be initiated remotely. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is cf715d911d8ce17969a7926dea651e930c27e71a. It is recommended to upgrade the affected component. The identifier VDB-217613 was assigned to this vulnerability. NOTE: This case is rather theoretical and probably won't happen. Maybe only on obscure Web servers. | 2023-01-07 | 9.8 |
CVE-2014-125059 MISC MISC MISC MISC |
collabcal_project -- collabcal | A vulnerability, which was classified as critical, was found in holdennb CollabCal. Affected is the function handleGet of the file calenderServer.cpp. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The name of the patch is b80f6d1893607c99e5113967592417d0fe310ce6. It is recommended to apply a patch to fix this issue. VDB-217614 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2014-125060 MISC MISC MISC |
filebroker_project -- filebroker | ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in peel filebroker and classified as critical. Affected by this issue is the function select_transfer_status_desc of the file lib/common.rb. The manipulation leads to sql injection. The name of the patch is 91097e26a6c84d3208a351afaa52e0f62e5853ef. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217616. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-01-07 | 9.8 |
CVE-2014-125061 MISC MISC MISC |
bitstorm_project -- bitstorm | A vulnerability classified as critical was found in ananich bitstorm. Affected by this vulnerability is an unknown functionality of the file announce.php. The manipulation of the argument event leads to sql injection. The name of the patch is ea8da92f94cdb78ee7831e1f7af6258473ab396a. It is recommended to apply a patch to fix this issue. The identifier VDB-217621 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2014-125062 MISC MISC MISC |
bid_project -- bid | A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2014-125063 MISC MISC MISC |
gosqljson_project -- gosqljson | A vulnerability, which was classified as critical, has been found in elgs gosqljson. This issue affects the function QueryDbToArray/QueryDbToMap/ExecDb of the file gosqljson.go. The manipulation of the argument sqlStatement leads to sql injection. The name of the patch is 2740b331546cb88eb61771df4c07d389e9f0363a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217631. | 2023-01-07 | 9.8 |
CVE-2014-125064 MISC MISC MISC |
bottle-auth_project -- bottle-auth | A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632. | 2023-01-07 | 9.8 |
CVE-2014-125065 MISC MISC MISC |
curiosity_project -- curiosity | A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/image_controller.rb. The manipulation of the argument sol leads to sql injection. The name of the patch is d64fddd74ca72714e73f4efe24259ca05c8190eb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217639. | 2023-01-08 | 9.8 |
CVE-2014-125067 MISC MISC MISC |
gribbit_project -- gribbit | A vulnerability was found in lukehutch Gribbit. It has been classified as problematic. Affected is the function messageReceived of the file src/gribbit/request/HttpRequestHandler.java. The manipulation leads to missing origin validation in websockets. The name of the patch is 620418df247aebda3dd4be1dda10fe229ea505dd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217716. | 2023-01-09 | 9.8 |
CVE-2014-125071 MISC MISC MISC |
voteapp_project -- voteapp | A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The name of the patch is b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability. | 2023-01-10 | 9.8 |
CVE-2014-125073 MISC MISC MISC |
opensim-utils_project -- opensim-utils | A vulnerability, which was classified as critical, has been found in jeff-kelley opensim-utils. Affected by this issue is the function DatabaseForRegion of the file regionscrits.php. The manipulation of the argument region leads to sql injection. The name of the patch is c29e5c729a833a29dbf5b1e505a0553fe154575e. It is recommended to apply a patch to fix this issue. VDB-217550 is the identifier assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2015-10016 MISC MISC MISC |
hpi -- prolod | A vulnerability has been found in HPI-Information-Systems ProLOD and classified as critical. This vulnerability affects unknown code. The manipulation of the argument this leads to sql injection. The name of the patch is 3f710905458d49c77530bd3cbcd8960457566b73. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217552. | 2023-01-06 | 9.8 |
CVE-2015-10017 MISC MISC MISC |
weberp -- d2files | A vulnerability has been found in DBRisinajumi d2files and classified as critical. Affected by this vulnerability is the function actionUpload/actionDownloadFile of the file controllers/D2filesController.php. The manipulation leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is b5767f2ec9d0f3cbfda7f13c84740e2179c90574. It is recommended to upgrade the affected component. The identifier VDB-217561 was assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2015-10018 MISC MISC MISC MISC |
nlgis2_project -- nlgis2 | A vulnerability was found in IISH nlgis2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file scripts/etl/custom_import.pl. The manipulation leads to sql injection. The name of the patch is 8bdb6fcf7209584eaf1232437f0f53e735b2b34c. It is recommended to apply a patch to fix this issue. The identifier VDB-217609 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2015-10022 MISC MISC MISC |
trello-octometric_project -- trello-octometric | A vulnerability classified as critical has been found in Fumon trello-octometric. This affects the function main of the file metrics-ui/server/srv.go. The manipulation of the argument num leads to sql injection. The name of the patch is a1f1754933fbf21e2221fbc671c81a47de6a04ef. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217611. | 2023-01-07 | 9.8 |
CVE-2015-10023 MISC MISC MISC |
larasync_project -- larasync | A vulnerability classified as critical was found in hoffie larasync. This vulnerability affects unknown code of the file repository/content/file_storage.go. The manipulation leads to path traversal. The name of the patch is 776bad422f4bd4930d09491711246bbeb1be9ba5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217612. | 2023-01-07 | 9.8 |
CVE-2015-10024 MISC MISC MISC |
flairbot_project -- flairbot | A vulnerability was found in tiredtyrant flairbot. It has been declared as critical. This vulnerability affects unknown code of the file flair.py. The manipulation leads to sql injection. The name of the patch is 5e112b68c6faad1d4699d02c1ebbb7daf48ef8fb. It is recommended to apply a patch to fix this issue. VDB-217618 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2015-10026 MISC MISC MISC |
ttrrs-auth-ldap_project -- ttrrs-auth-ldap | A vulnerability, which was classified as problematic, has been found in hydrian TTRSS-Auth-LDAP. Affected by this issue is some unknown functionality of the component Username Handler. The manipulation leads to ldap injection. Upgrading to version 2.0b1 is able to address this issue. The name of the patch is a7f7a5a82d9202a5c40d606a5c519ba61b224eb8. It is recommended to upgrade the affected component. VDB-217622 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2015-10027 MISC MISC MISC MISC MISC |
simplexrd_project -- simplexrd | A vulnerability classified as problematic was found in kelvinmo simplexrd up to 3.1.0. This vulnerability affects unknown code of the file simplexrd/simplexrd.class.php. The manipulation leads to xml external entity reference. Upgrading to version 3.1.1 is able to address this issue. The name of the patch is 4c9f2e028523ed705b555eca2c18c64e71f1a35d. It is recommended to upgrade the affected component. VDB-217630 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2015-10029 MISC MISC MISC MISC |
github -- 491-project | A vulnerability classified as critical was found in purpleparrots 491-Project. This vulnerability affects unknown code of the file update.php of the component Highscore Handler. The manipulation leads to sql injection. The name of the patch is a812a5e4cf72f2a635a716086fe1ee2b8fa0b1ab. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217648. | 2023-01-08 | 9.8 |
CVE-2015-10031 MISC MISC MISC |
workout-organizer_project -- workout-organizer | A vulnerability has been found in j-nowak workout-organizer and classified as critical. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is 13cd6c3d1210640bfdb39872b2bb3597aa991279. It is recommended to apply a patch to fix this issue. VDB-217714 is the identifier assigned to this vulnerability. | 2023-01-09 | 9.8 |
CVE-2015-10034 MISC MISC MISC |
angular-test-reporter_project -- angular-test-reporter | A vulnerability was found in gperson angular-test-reporter and classified as critical. This issue affects the function getProjectTables/addTest of the file rest-server/data-server.js. The manipulation leads to sql injection. The name of the patch is a29d8ae121b46ebfa96a55a9106466ab2ef166ae. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217715. | 2023-01-09 | 9.8 |
CVE-2015-10035 MISC MISC MISC |
e-contract -- dssp | A vulnerability classified as problematic was found in e-Contract dssp up to 1.3.1. Affected by this vulnerability is the function checkSignResponse of the file dssp-client/src/main/java/be/e_contract/dssp/client/SignResponseVerifier.java. The manipulation leads to xml external entity reference. Upgrading to version 1.3.2 is able to address this issue. The name of the patch is ec4238349691ec66dd30b416ec6eaab02d722302. It is recommended to upgrade the affected component. The identifier VDB-217549 was assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2016-15011 MISC MISC MISC MISC |
salesforce -- mobile_software_development_kit | ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The name of the patch is 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2023-01-07 | 9.8 |
CVE-2016-15012 MISC MISC MISC MISC |
forumhulp -- search_results | A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628. | 2023-01-07 | 9.8 |
CVE-2016-15013 MISC MISC MISC MISC |
joomla_mod_einsatz_stats_project -- joomla_mod_einsatz_stats | A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The name of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability. | 2023-01-08 | 9.8 |
CVE-2016-15016 MISC MISC MISC MISC |
ecodev -- media_upload | A vulnerability has been found in fabarea media_upload and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is b25d42a4981072321c1a363311d8ea2a4ac8763a. It is recommended to upgrade the affected component. VDB-217786 is the identifier assigned to this vulnerability. | 2023-01-10 | 9.8 |
CVE-2016-15017 MISC MISC MISC MISC MISC |
ecto_project -- ecto | Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. | 2023-01-10 | 9.8 |
CVE-2017-20166 MISC MISC MISC MISC |
nodebatis_project -- nodebatis | A vulnerability was found in PeterMu nodebatis up to 2.1.x. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is 6629ff5b7e3d62ad8319007a54589ec1f62c7c35. It is recommended to upgrade the affected component. VDB-217554 is the identifier assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2018-25066 MISC MISC MISC MISC |
globalpom-utils_project -- globalpom-utils | A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The name of the patch is 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2018-25068 MISC MISC MISC MISC |
netis-systems -- netcore_router_firmware | A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2018-25069 MISC MISC MISC |
aista -- phosphorus_five | A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The name of the patch is c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2018-25070 MISC MISC MISC MISC |
lmeve_project -- lmeve | A vulnerability was found in roxlukas LMeve up to 0.1.58. It has been rated as critical. Affected by this issue is the function insert_log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to sql injection. Upgrading to version 0.1.59-beta is able to address this issue. The name of the patch is c25ff7fe83a2cda1fcb365b182365adc3ffae332. It is recommended to upgrade the affected component. VDB-217610 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2018-25071 MISC MISC MISC MISC |
lojban -- jbovlaste | A vulnerability classified as critical has been found in lojban jbovlaste. This affects an unknown part of the file dict/listing.html. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The name of the patch is 6ff44c2e87b1113eb07d76ea62e1f64193b04d15. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217647. | 2023-01-08 | 9.8 |
CVE-2018-25072 MISC MISC MISC |
twmap_project -- twmap | A vulnerability was found in happyman twmap. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file twmap3/data/ajaxCRUD/pointdata2.php. The manipulation of the argument id leads to sql injection. Upgrading to version v2.9_v4.31 is able to address this issue. The name of the patch is babbec79b3fa4efb3bd581ea68af0528d11bba0c. It is recommended to upgrade the affected component. The identifier VDB-217645 was assigned to this vulnerability. | 2023-01-08 | 9.8 |
CVE-2019-25100 MISC MISC MISC MISC MISC |
jobe_project -- jobe | A vulnerability was found in trampgeek jobe up to 1.6.x and classified as critical. This issue affects the function run_in_sandbox of the file application/libraries/LanguageTask.php. The manipulation leads to command injection. Upgrading to version 1.7.0 is able to address this issue. The name of the patch is 8f43daf50c943b98eaf0c542da901a4a16e85b02. It is recommended to upgrade the affected component. The identifier VDB-217553 was assigned to this vulnerability. | 2023-01-06 | 9.8 |
CVE-2020-36642 MISC MISC MISC MISC MISC |
uqm-wasm_project -- uqm-wasm | A vulnerability was found in intgr uqm-wasm. It has been classified as critical. This affects the function log_displayBox in the library sc2/src/libs/log/msgbox_macosx.m. The manipulation leads to format string. The name of the patch is 1d5cbf3350a02c423ad6bef6dfd5300d38aa828f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217563. | 2023-01-06 | 9.8 |
CVE-2020-36643 MISC MISC MISC |
square -- squalor | A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The name of the patch is f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623. | 2023-01-07 | 9.8 |
CVE-2020-36645 MISC MISC MISC MISC MISC |
pouet -- pouet2.0 | A vulnerability, which was classified as critical, was found in pouetnet pouet 2.0. This affects an unknown part. The manipulation of the argument howmany leads to sql injection. The name of the patch is 11d615931352066fb2f6dcb07428277c2cd99baf. It is recommended to apply a patch to fix this issue. The identifier VDB-217641 was assigned to this vulnerability. | 2023-01-08 | 9.8 |
CVE-2020-36648 MISC MISC MISC |
phpwcms -- phpwcms | A vulnerability was found in slackero phpwcms up to 1.9.26 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument $phpwcms['db_prepend'] leads to sql injection. The attack may be launched remotely. Upgrading to version 1.9.27 is able to address this issue. The name of the patch is 77dafb6a8cc1015f0777daeb5792f43beef77a9d. It is recommended to upgrade the affected component. VDB-217418 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2021-4301 MISC MISC MISC MISC |
baobab_project -- baobab | A vulnerability was found in Yomguithereal Baobab up to 2.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The attack can be launched remotely. Upgrading to version 2.6.1 is able to address this issue. The name of the patch is c56639532a923d9a1600fb863ec7551b188b5d19. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217627. | 2023-01-07 | 9.8 |
CVE-2021-4307 MISC MISC MISC MISC MISC |
lboro -- webpa | A vulnerability was found in WebPA up to 3.1.1. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. Upgrading to version 3.1.2 is able to address this issue. The name of the patch is 8836c4f549181e885a68e0e7ca561fdbcbd04bf0. It is recommended to upgrade the affected component. The identifier VDB-217637 was assigned to this vulnerability. | 2023-01-08 | 9.8 |
CVE-2021-4308 MISC MISC MISC MISC MISC |
talend -- open_studio | A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability. | 2023-01-09 | 9.8 |
CVE-2021-4311 MISC MISC MISC MISC |
jfrog -- artifactory | JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | 2023-01-08 | 9.8 |
CVE-2022-0668 MISC |
event_management_system_project -- event_management_system | A vulnerability was found in SourceCodester Royale Event Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /royal_event/userregister.php. The manipulation leads to improper authentication. The attack may be initiated remotely. The identifier VDB-195785 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2022-1101 MISC MISC |
wifey_project -- wifey | All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | 2023-01-09 | 9.8 |
CVE-2022-25890 MISC |
exec-local-bin_project -- exec-local-bin | Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | 2023-01-06 | 9.8 |
CVE-2022-25923 MISC MISC MISC |
loan_management_system_project -- loan_management_system | A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205618 is the identifier assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2022-2666 MISC MISC MISC |
qualcomm -- qca7500_firmware | Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device. | 2023-01-09 | 9.8 |
CVE-2022-33265 MISC |
gullseye -- gullseye_terminal_operating_system | This issue affects: Terminal Operating System versions before 5.0.13 | 2023-01-10 | 9.8 |
CVE-2022-3792 CONFIRM CONFIRM CONFIRM |
zte -- mf286r_firmware | There is a command injection vulnerability in ZTE MF286R, Due to insufficient validation of the input parameters, an attacker could use the vulnerability to execute arbitrary commands. | 2023-01-06 | 9.8 |
CVE-2022-39073 MISC |
openvswitch -- openvswitch | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | 2023-01-10 | 9.8 |
CVE-2022-4337 MISC MISC MISC DEBIAN |
openvswitch -- openvswitch | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | 2023-01-10 | 9.8 |
CVE-2022-4338 MISC MISC MISC DEBIAN |
siemens -- automation_license_manager | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected component does not correctly validate the root path on folder related operations, allowing to modify files and folders outside the intended root directory. This could allow an unauthenticated remote attacker to execute file operations of files outside of the specified root folder. Chained with CVE-2022-43513 this could allow Remote Code Execution. | 2023-01-10 | 9.8 |
CVE-2022-43514 MISC |
matrixssl -- matrixssl | MatrixSSL 4.0.4 through 4.5.1 has an integer overflow in matrixSslDecodeTls13. A remote attacker might be able to send a crafted TLS Message to cause a buffer overflow and achieve remote code execution. This is fixed in 4.6.0. | 2023-01-09 | 9.8 |
CVE-2022-43974 CONFIRM CONFIRM MISC |
bulutses -- bulutdesk_callcenter | This issue affects: Bulutses Bilgi Teknolojileri LTD. ?T?. BULUTDESK CALLCENTER versions prior to 3.0. | 2023-01-10 | 9.8 |
CVE-2022-4422 CONFIRM |
dynamic_transaction_queuing_system_project -- dynamic_transaction_queuing_system | Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. | 2023-01-09 | 9.8 |
CVE-2022-47790 MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | 2023-01-11 | 9.8 |
CVE-2022-47859 MISC MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | 2023-01-11 | 9.8 |
CVE-2022-47860 MISC MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | 2023-01-11 | 9.8 |
CVE-2022-47861 MISC MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | 2023-01-11 | 9.8 |
CVE-2022-47862 MISC MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | 2023-01-11 | 9.8 |
CVE-2022-47864 MISC MISC |
lead_management_system_project -- lead_management_system | Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | 2023-01-11 | 9.8 |
CVE-2022-47865 MISC MISC |
lead_management_system_project -- lead_management_system | Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | 2023-01-11 | 9.8 |
CVE-2022-47866 MISC MISC |
openutau -- openutau | A vulnerability was found in stakira OpenUtau. It has been classified as critical. This affects the function VoicebankInstaller of the file OpenUtau.Core/Classic/VoicebankInstaller.cs of the component ZIP Archive Handler. The manipulation leads to path traversal. Upgrading to version 0.0.991 is able to address this issue. The name of the patch is 849a0a6912aac8b1c28cc32aa1132a3140caff4a. It is recommended to upgrade the affected component. The identifier VDB-217617 was assigned to this vulnerability. | 2023-01-07 | 9.8 |
CVE-2022-4880 MISC MISC MISC MISC MISC |
sap -- netweaver_application_server_abap | SAP NetWeaver ABAP Server and ABAP Platform - versions SAP_BASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. | 2023-01-10 | 9.8 |
CVE-2023-0014 MISC MISC |
sap -- netweaver_application_server_for_java | An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | 2023-01-10 | 9.8 |
CVE-2023-0017 MISC MISC |
nsa -- ghidra | Ghidra/RuntimeScripts/Linux/support/launch.sh in NSA Ghidra through 10.2.2 passes user-provided input into eval, leading to command injection when calling analyzeHeadless with untrusted input. | 2023-01-06 | 9.8 |
CVE-2023-22671 MISC MISC |
librephotos_project -- librephotos | api/views/user.py in LibrePhotos before e19e539 has incorrect access control. | 2023-01-10 | 9.8 |
CVE-2023-22903 MISC |
linux -- linux_kernel | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a | 2023-01-09 | 8.8 |
CVE-2022-2196 MISC MISC |
qualcomm -- apq8009_firmware | Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote | 2023-01-09 | 8.8 |
CVE-2022-22088 MISC |
nokia -- asik_airscale_474021a.102_firmware | A vulnerability exists in Nokia’s ASIK AirScale system module (versions 474021A.101 and 474021A.102) that could allow an attacker to place a script on the file system accessible from Linux. A script placed in the appropriate place could allow for arbitrary code execution in the bootloader. | 2023-01-06 | 8.8 |
CVE-2022-2482 MISC |
bravenewcode -- wptouch | The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import (intentionally or not) a malicious settings file and a suitable gadget chain is present on the blog. | 2023-01-09 | 8.8 |
CVE-2022-3417 MISC |
ibm -- maximo_asset_management | IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, 7.6.1.3 and the IBM Maximo Manage 8.3, 8.4 application in IBM Maximo Application Suite are vulnerable to CSV injection. IBM X-Force ID: 2306335. | 2023-01-09 | 8.8 |
CVE-2022-35281 MISC MISC |
kadencewp -- starter_templates | The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 2023-01-09 | 8.8 |
CVE-2022-3679 MISC |
easyvista -- service_manager | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. | 2023-01-10 | 8.8 |
CVE-2022-38490 MISC |
easyvista -- service_manager | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03 before 2022.1.110.1.02. One parameter allows SQL injection. | 2023-01-10 | 8.8 |
CVE-2022-38492 MISC |
rydesharing -- ryde | Information disclosure due to an insecure hostname validation in the RYDE application 5.8.43 for Android and iOS allows attackers to take over an account via a deep link. | 2023-01-06 | 8.8 |
CVE-2022-42979 MISC |
nexxtsolutions -- amp300_firmware | The web service on Nexxt Amp300 ARN02304U8 42.103.1.5095 devices allows remote OS command execution by placing &telnetd in the JSON host field to the ping feature of the goform/sysTools component. Authentication is required. | 2023-01-06 | 8.8 |
CVE-2022-44149 MISC MISC MISC |
siemens -- sinec_ins | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | 2023-01-10 | 8.8 |
CVE-2022-45092 MISC |
siemens -- sinec_ins | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. | 2023-01-10 | 8.8 |
CVE-2022-45093 MISC |
siemens -- sinec_ins | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component. | 2023-01-10 | 8.8 |
CVE-2022-45094 MISC |
72crm -- wukong_crm | 72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | 2023-01-10 | 8.8 |
CVE-2022-46610 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme. | 2023-01-10 | 8.8 |
CVE-2022-4700 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site. | 2023-01-10 | 8.8 |
CVE-2022-4701 MISC MISC MISC |
spitfire_project -- spitfire | Spitfire CMS 1.0.475 is vulnerable to PHP Object Injection. | 2023-01-10 | 8.8 |
CVE-2022-47083 MISC |
google -- chrome | Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2023-01-10 | 8.8 |
CVE-2023-0128 MISC MISC |
google -- chrome | Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) | 2023-01-10 | 8.8 |
CVE-2023-0129 MISC MISC |
google -- chrome | Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 8.8 |
CVE-2023-0134 MISC MISC |
google -- chrome | Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 8.8 |
CVE-2023-0135 MISC MISC |
google -- chrome | Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 8.8 |
CVE-2023-0136 MISC MISC |
google -- chrome | Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 8.8 |
CVE-2023-0137 MISC MISC |
google -- chrome | Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 2023-01-10 | 8.8 |
CVE-2023-0138 MISC MISC |
N/A -- N/A |
Windows SMB Witness Service Elevation of Privilege Vulnerability. | 2023-01-10 | 8.8 |
CVE-2023-21549 MISC |
N/A -- N/A |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21730. | 2023-01-10 | 8.8 |
CVE-2023-21561 MISC |
N/A -- N/A |
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. | 2023-01-10 | 8.8 |
CVE-2023-21674 MISC |
N/A -- N/A |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. | 2023-01-10 | 8.8 |
CVE-2023-21676 MISC |
N/A -- N/A |
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. | 2023-01-10 | 8.8 |
CVE-2023-21681 MISC |
N/A -- N/A |
Microsoft ODBC Driver Remote Code Execution Vulnerability. | 2023-01-10 | 8.8 |
CVE-2023-21732 MISC |
N/A -- N/A |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21744. | 2023-01-10 | 8.8 |
CVE-2023-21742 MISC |
N/A -- N/A |
Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21742. | 2023-01-10 | 8.8 |
CVE-2023-21744 MISC |
nextcloud -- desktop | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc). There are currently no known workarounds. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2. | 2023-01-09 | 8.8 |
CVE-2023-22472 MISC MISC |
asus -- rt-ax82u_firmware | An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability. | 2023-01-10 | 8.1 |
CVE-2022-35401 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to reset previously imported data. | 2023-01-10 | 8.1 |
CVE-2022-4703 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import preset site configuration templates including images and settings. | 2023-01-10 | 8.1 |
CVE-2022-4704 MISC MISC MISC |
N/A -- N/A |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21548. | 2023-01-10 | 8.1 |
CVE-2023-21535 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21546, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679. | 2023-01-10 | 8.1 |
CVE-2023-21543 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21555, CVE-2023-21556, CVE-2023-21679. | 2023-01-10 | 8.1 |
CVE-2023-21546 MISC |
N/A -- N/A |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21535. | 2023-01-10 | 8.1 |
CVE-2023-21548 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21556, CVE-2023-21679. | 2023-01-10 | 8.1 |
CVE-2023-21555 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21679. | 2023-01-10 | 8.1 |
CVE-2023-21556 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21543, CVE-2023-21546, CVE-2023-21555, CVE-2023-21556. | 2023-01-10 | 8.1 |
CVE-2023-21679 MISC |
N/A -- N/A |
Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21762. | 2023-01-10 | 8 |
CVE-2023-21745 MISC |
N/A -- N/A |
Microsoft Exchange Server Spoofing Vulnerability. This CVE ID is unique from CVE-2023-21745. | 2023-01-10 | 8 |
CVE-2023-21762 MISC |
klattr_project -- klattr | A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719. | 2023-01-09 | 7.8 |
CVE-2014-125072 MISC MISC MISC |
weave -- weave_gitops | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in GitOps run could allow a local user or process to alter a Kubernetes cluster's resources. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. Its endpoint had no security controls to block unauthorized access, therefore allowing local users (and processes) on the same machine to see and alter the bucket content. By leveraging this vulnerability, an attacker could pick a workload of their choosing and inject it into the S3 bucket, which resulted in the successful deployment in the target cluster, without the need to provide any credentials to either the S3 bucket nor the target Kubernetes cluster. There are no known workarounds for this issue, please upgrade. This vulnerability has been fixed by commits 75268c4 and 966823b. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. ### Workarounds There is no workaround for this vulnerability. ### References Disclosed by Paulo Gomes, Senior Software Engineer, Weaveworks. ### For more information If you have any questions or comments about this advisory: - Open an issue in [Weave GitOps repository](https://github.com/weaveworks/weave-gitops) - Email us at [support@weave.works](mailto:support@weave.works) | 2023-01-09 | 7.8 |
CVE-2022-23508 MISC MISC MISC |
nokia -- asik_airscale_474021a.101_firmware | The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs. | 2023-01-06 | 7.8 |
CVE-2022-2484 MISC |
qualcomm -- aqt1000_firmware | Memory corruption in display driver due to incorrect type casting while accessing the fence structure fields | 2023-01-09 | 7.8 |
CVE-2022-25715 MISC |
qualcomm -- apq8096au_firmware | Memory corruption in display due to double free while allocating frame buffer memory | 2023-01-09 | 7.8 |
CVE-2022-25717 MISC |
qualcomm -- aqt1000_firmware | Memory corruption in video driver due to type confusion error during video playback | 2023-01-09 | 7.8 |
CVE-2022-25721 MISC |
qualcomm -- aqt1000_firmware | Memory corruption in kernel due to missing checks when updating the access rights of a memextent mapping. | 2023-01-09 | 7.8 |
CVE-2022-25746 MISC |
qualcomm -- apq8064au_firmware | Memory corruption in Automotive due to improper input validation. | 2023-01-09 | 7.8 |
CVE-2022-33218 MISC |
qualcomm -- apq8064au_firmware | Memory corruption in Automotive due to integer overflow to buffer overflow while registering a new listener with shared buffer. | 2023-01-09 | 7.8 |
CVE-2022-33219 MISC |
qualcomm -- apq8009_firmware | Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modified content. | 2023-01-09 | 7.8 |
CVE-2022-33266 MISC |
qualcomm -- qam8295p_firmware | Memory corruption in android core due to improper validation of array index while returning feature ids after license authentication. | 2023-01-09 | 7.8 |
CVE-2022-33274 MISC |
qualcomm -- ar8035_firmware | Memory corruption due to buffer copy without checking size of input in modem while receiving WMI_REQUEST_STATS_CMDID command. | 2023-01-09 | 7.8 |
CVE-2022-33276 MISC |
qualcomm -- qam8295p_firmware | Memory corruption in Automotive Android OS due to improper input validation. | 2023-01-09 | 7.8 |
CVE-2022-33300 MISC |
zebra -- enterprise_home_screen | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The device allows the administrator to lock some communication channels (wireless and SD card) but it is still possible to use a physical connection (Ethernet cable) without restriction. | 2023-01-10 | 7.8 |
CVE-2022-36443 MISC MISC |
zoom -- rooms | Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service. | 2023-01-09 | 7.8 |
CVE-2022-36925 MISC |
zoom -- rooms | Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | 2023-01-09 | 7.8 |
CVE-2022-36926 MISC |
zoom -- rooms | Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | 2023-01-09 | 7.8 |
CVE-2022-36927 MISC |
zoom -- rooms | The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user. | 2023-01-09 | 7.8 |
CVE-2022-36929 MISC |
zoom -- rooms | Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user. | 2023-01-09 | 7.8 |
CVE-2022-36930 MISC |
bentley -- microstation_connect | Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to a Stack-Based Buffer Overflow when a malformed design (DGN) file is parsed. This may allow an attacker to execute arbitrary code. | 2023-01-06 | 7.8 |
CVE-2022-40201 MISC |
qualcomm -- aqt1000_firmware | Memory corruption in Core due to stack-based buffer overflow. | 2023-01-09 | 7.8 |
CVE-2022-40516 MISC |
qualcomm -- aqt1000_firmware | Memory corruption in core due to stack-based buffer overflow | 2023-01-09 | 7.8 |
CVE-2022-40517 MISC |
qualcomm -- apq8064au_firmware | Memory corruption due to stack-based buffer overflow in Core | 2023-01-09 | 7.8 |
CVE-2022-40520 MISC |
bentley -- microstation_connect | Bentley Systems MicroStation Connect versions 10.17.0.209 and prior are vulnerable to an Out-of-Bounds Read when when parsing DGN files, which may allow an attacker to crash the product, disclose sensitive information, or execute arbitrary code. | 2023-01-06 | 7.8 |
CVE-2022-41613 MISC |
avira -- avira_security | Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 2023-01-10 | 7.8 |
CVE-2022-4294 MISC |
openharmony -- openharmony | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysTimerGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 2023-01-09 | 7.8 |
CVE-2022-43662 MISC |
echatserver -- easy_chat_server | Efs Software Easy Chat Server Version 3.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL. | 2023-01-06 | 7.8 |
CVE-2022-44939 MISC |
openharmony -- openharmony | Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGettime. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked. | 2023-01-09 | 7.8 |
CVE-2022-45126 MISC |
openharmony -- openharmony | softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 2023-01-09 | 7.8 |
CVE-2023-0035 MISC |
openharmony -- openharmony | platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass authentication and attack other SAs with high privilege. | 2023-01-09 | 7.8 |
CVE-2023-0036 MISC |
N/A -- N/A |
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21524 MISC |
N/A -- N/A |
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21537 MISC |
microsoft -- windows_server_2008 | Windows Task Scheduler Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21541 MISC |
N/A -- N/A |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21561, CVE-2023-21730. | 2023-01-10 | 7.8 |
CVE-2023-21551 MISC |
N/A -- N/A |
Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21532. | 2023-01-10 | 7.8 |
CVE-2023-21552 MISC |
N/A -- N/A |
Windows Error Reporting Service Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21558 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21587 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21588 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21589 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21590 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21594 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21595 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21596 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 7.8 |
CVE-2023-21597 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21675 MISC |
N/A -- N/A |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21760, CVE-2023-21765. | 2023-01-10 | 7.8 |
CVE-2023-21678 MISC |
N/A -- N/A |
Windows Win32k Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21680 MISC |
N/A -- N/A |
Microsoft DWM Core Library Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21724 MISC |
N/A -- N/A |
Windows Credential Manager User Interface Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21726 MISC |
N/A -- N/A |
Microsoft Cryptographic Services Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21551, CVE-2023-21561. | 2023-01-10 | 7.8 |
CVE-2023-21730 MISC |
N/A -- N/A |
Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21735. | 2023-01-10 | 7.8 |
CVE-2023-21734 MISC |
N/A -- N/A |
Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21734. | 2023-01-10 | 7.8 |
CVE-2023-21735 MISC |
N/A -- N/A |
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21737, CVE-2023-21738. | 2023-01-10 | 7.8 |
CVE-2023-21736 MISC |
N/A -- N/A |
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21736, CVE-2023-21738. | 2023-01-10 | 7.8 |
CVE-2023-21737 MISC |
N/A -- N/A |
Windows NTLM Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21746 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21747 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21748 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21749 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21754 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21755 MISC |
N/A -- N/A |
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21764. | 2023-01-10 | 7.8 |
CVE-2023-21763 MISC |
N/A -- N/A |
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21763. | 2023-01-10 | 7.8 |
CVE-2023-21764 MISC |
N/A -- N/A |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21760. | 2023-01-10 | 7.8 |
CVE-2023-21765 MISC |
N/A -- N/A |
Windows Overlay Filter Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21767 MISC |
N/A -- N/A |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | 2023-01-10 | 7.8 |
CVE-2023-21768 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21772 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21774. | 2023-01-10 | 7.8 |
CVE-2023-21773 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21750, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773. | 2023-01-10 | 7.8 |
CVE-2023-21774 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21780 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21781 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21782 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21783 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21784 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21785 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21786 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21787 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21788 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21789 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21791, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21790 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21792, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21791 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21793. | 2023-01-10 | 7.8 |
CVE-2023-21792 MISC |
microsoft -- 3d_builder | 3D Builder Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21780, CVE-2023-21781, CVE-2023-21782, CVE-2023-21783, CVE-2023-21784, CVE-2023-21785, CVE-2023-21786, CVE-2023-21787, CVE-2023-21788, CVE-2023-21789, CVE-2023-21790, CVE-2023-21791, CVE-2023-21792. | 2023-01-10 | 7.8 |
CVE-2023-21793 MISC |
yuko-bot_project -- yuko-bot | A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attack can be initiated remotely. The name of the patch is e580584b877934a4298d4dd0c497c79e579380d0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217636. | 2023-01-08 | 7.5 |
CVE-2014-125066 MISC MISC MISC |
miniconf_project -- miniconf | A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the component URL Scanning. The manipulation leads to denial of service. Upgrading to version 1.7.7 and 1.8.0 is able to address this issue. The name of the patch is c06c2e5116c306e4e1bc79779f0eda2d1182f655. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217615. | 2023-01-07 | 7.5 |
CVE-2015-10025 MISC MISC MISC |
debug_project -- debug | A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. | 2023-01-09 | 7.5 |
CVE-2017-20165 MISC MISC MISC MISC MISC |
mediaarea -- zenlib | A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::Date_From_Seconds_1970_Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading to version 0.4.39 is able to address this issue. The name of the patch is 6475fcccd37c9cf17e0cfe263b5fe0e2e47a8408. It is recommended to upgrade the affected component. The identifier VDB-217629 was assigned to this vulnerability. | 2023-01-07 | 7.5 |
CVE-2020-36646 MISC MISC MISC MISC MISC |
terminal-kit_project -- terminal-kit | A vulnerability classified as problematic has been found in cronvel terminal-kit up to 2.1.7. Affected is an unknown function. The manipulation leads to inefficient regular expression complexity. Upgrading to version 2.1.8 is able to address this issue. The name of the patch is a2e446cc3927b559d0281683feb9b821e83b758c. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217620. | 2023-01-07 | 7.5 |
CVE-2021-4306 MISC MISC MISC MISC |
huawei -- emui | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | 2023-01-06 | 7.5 |
CVE-2021-46867 MISC MISC |
huawei -- emui | The HW_KEYMASTER module has a problem in releasing memory.Successful exploitation of this vulnerability may result in out-of-bounds memory access. | 2023-01-06 | 7.5 |
CVE-2021-46868 MISC MISC |
qualcomm -- apq8017_firmware | Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed. | 2023-01-09 | 7.5 |
CVE-2022-33290 MISC |
qualcomm -- apq8017_firmware | Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data. | 2023-01-09 | 7.5 |
CVE-2022-33299 MISC |
asus -- rt-ax82u_firmware | An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | 2023-01-10 | 7.5 |
CVE-2022-38105 MISC |
asus -- rt-ax82u_firmware | A denial of service vulnerability exists in the cfg_server cm_processConnDiagPktList opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2023-01-10 | 7.5 |
CVE-2022-38393 MISC |
easyvista -- service_manager | An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Part of the application does not implement protection against brute-force attacks. | 2023-01-10 | 7.5 |
CVE-2022-38491 MISC |
theme_park_ticketing_system_project -- theme_park_ticketing_system | SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page. | 2023-01-06 | 7.5 |
CVE-2022-40049 MISC |
siemens -- automation_license_manager | A vulnerability has been identified in Automation License Manager V5 (All versions), Automation License Manager V6 (All versions < V6.0 SP9 Upd4). The affected components allow to rename license files with user chosen input without authentication. This could allow an unauthenticated remote attacker to rename and move files as SYSTEM user. | 2023-01-10 | 7.5 |
CVE-2022-43513 MISC |
linux -- linux_kernel | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial | 2023-01-10 | 7.5 |
CVE-2022-4379 MISC MISC MISC FEDORA FEDORA |
linksys -- wrt54gl_firmware | A null pointer dereference vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A null pointer dereference in the soap_action function within the upnp binary can be triggered by an unauthenticated attacker via a malicious POST request invoking the AddPortMapping action. | 2023-01-09 | 7.5 |
CVE-2022-43972 CONFIRM CONFIRM CONFIRM |
musicpd -- music_player_daemon | An issue in MPD (Music Player Daemon) v0.23.10 allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2023-01-10 | 7.5 |
CVE-2022-46449 MISC |
huawei -- emui | The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | 2023-01-06 | 7.5 |
CVE-2022-46761 MISC MISC |
huawei -- emui | The memory management module has a logic bypass vulnerability.Successful exploitation of this vulnerability may affect data confidentiality. | 2023-01-06 | 7.5 |
CVE-2022-46762 MISC MISC |
huawei -- emui | The DUBAI module has a double free vulnerability.Successful exploitation of this vulnerability may affect system availability. | 2023-01-06 | 7.5 |
CVE-2022-47975 MISC MISC |
huawei -- emui | The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections. | 2023-01-06 | 7.5 |
CVE-2022-47976 MISC MISC |
forged_alliance_forever_project -- forged_alliance_forever | A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Vote Handler. The manipulation leads to improper authorization. Upgrading to version 3747 is able to address this issue. The name of the patch is 6880971bd3d73d942384aff62d53058c206ce644. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217555. | 2023-01-06 | 7.5 |
CVE-2022-4879 MISC MISC MISC MISC MISC |
netis-systems -- netcore_router_firmware | A vulnerability was found in Netis Netcore Router. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591. | 2023-01-07 | 7.5 |
CVE-2023-0113 MISC MISC |
N/A -- N/A |
Windows iSCSI Service Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21527 MISC |
N/A -- N/A |
.NET Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21538 MISC |
microsoft -- windows_server_2022 | Windows Authentication Remote Code Execution Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21539 MISC |
N/A -- N/A |
Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21547 MISC |
N/A -- N/A |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21557 MISC |
N/A -- N/A |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21683, CVE-2023-21758. | 2023-01-10 | 7.5 |
CVE-2023-21677 MISC |
N/A -- N/A |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21758. | 2023-01-10 | 7.5 |
CVE-2023-21683 MISC |
N/A -- N/A |
Windows Netlogon Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21728 MISC |
N/A -- N/A |
Windows Layer 2 Tunneling Protocol (L2TP) Denial of Service Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21757 MISC |
N/A -- N/A |
Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2023-21677, CVE-2023-21683. | 2023-01-10 | 7.5 |
CVE-2023-21758 MISC |
N/A -- N/A |
Microsoft Exchange Server Information Disclosure Vulnerability. | 2023-01-10 | 7.5 |
CVE-2023-21761 MISC |
openam -- openam | OpenAM Web Policy Agent (OpenAM Consortium Edition) provided by OpenAM Consortium parses URLs improperly, leading to a path traversal vulnerability(CWE-22). Furthermore, a crafted URL may be evaluated incorrectly. | 2023-01-10 | 7.5 |
CVE-2023-22320 JVN CONFIRM |
N/A -- N/A |
A vulnerability in class-of-service (CoS) queue management in Juniper Networks Junos OS on the ACX2K Series devices allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Specific packets are being incorrectly routed to a queue used for other high-priority traffic such as BGP, PIM, ICMP, ICMPV6 ND and ISAKMP. Due to this misclassification of traffic, receipt of a high rate of these specific packets will cause delays in the processing of other traffic, leading to a Denial of Service (DoS). Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on ACX2K Series: All versions prior to 19.4R3-S9; All 20.2 versions; 20.3 versions prior to 20.3R3-S6 on ACX2K Series; 20.4 versions prior to 20.4R3-S4 on ACX2K Series; All 21.1 versions; 21.2 versions prior to 21.2R3-S3 on ACX2K Series. Note: This issues affects legacy ACX2K Series PPC-based devices. This platform reached Last Supported Version (LSV) as of the Junos OS 21.2 Release. | 2023-01-13 | 7.5 |
CVE-2023-22391 CONFIRM |
N/A -- N/A |
An Improper Check for Unusual or Exceptional Conditions vulnerability in BGP route processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to cause Routing Protocol Daemon (RPD) crash by sending a BGP route with invalid next-hop resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems without import policy configured. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. Juniper Networks Junos OS Evolved 21.4-EVO versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1R1. Juniper Networks Junos OS Evolved versions prior to 21.3R1-EVO. | 2023-01-13 | 7.5 |
CVE-2023-22393 CONFIRM |
N/A -- N/A |
An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.1 versions 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S5; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2, 22.1R3-S1. This issue does not affect Juniper Networks Junos OS on SRX Series and on MX Series: All versions prior to 18.2R1. | 2023-01-13 | 7.5 |
CVE-2023-22394 CONFIRM |
N/A -- N/A |
An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF leak that ultimately leads to a Denial of Service (DoS). The system does not recover automatically and must be manually restarted to restore service. This issue occurs when crafted TCP packets are sent directly to a configured IPv4 or IPv6 interface on the device. Transit traffic will not trigger this issue. MBUF usage can be monitored through the use of the 'show system buffers' command. For example: user@junos> show system buffers | refresh 5 4054/566/4620 mbufs in use (current/cache/total) ... 4089/531/4620 mbufs in use (current/cache/total) ... 4151/589/4740 mbufs in use (current/cache/total) ... 4213/527/4740 mbufs in use (current/cache/total) This issue affects Juniper Networks Junos OS: 12.3 version 12.3R12-S19 and later versions; 15.1 version 15.1R7-S10 and later versions; 17.3 version 17.3R3-S12 and later versions; 18.4 version 18.4R3-S9 and later versions; 19.1 version 19.1R3-S7 and later versions; 19.2 version 19.2R3-S3 and later versions; 19.3 version 19.3R2-S7, 19.3R3-S3 and later versions prior to 19.3R3-S7; 19.4 version 19.4R2-S7, 19.4R3-S5 and later versions prior to 19.4R3-S10; 20.1 version 20.1R3-S1 and later versions; 20.2 version 20.2R3-S2 and later versions prior to 20.2R3-S6; 20.3 version 20.3R3-S1 and later versions prior to 20.3R3-S6; 20.4 version 20.4R2-S2, 20.4R3 and later versions prior to 20.4R3-S5; 21.1 version 21.1R2 and later versions prior to 21.1R3-S4; 21.2 version 21.2R1-S1, 21.2R2 and later versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2; 22.3 versions prior to 22.3R1-S1, 22.3R2. | 2023-01-13 | 7.5 |
CVE-2023-22396 CONFIRM |
N/A -- N/A |
When sFlow is enabled and it monitors a packet forwarded via ECMP, a buffer management vulnerability in the dcpfe process of Juniper Networks Junos OS on QFX10K Series systems allows an attacker to cause the Packet Forwarding Engine (PFE) to crash and restart by sending specific genuine packets to the device, resulting in a Denial of Service (DoS) condition. The dcpfe process tries to copy more data into a smaller buffer, which overflows and corrupts the buffer, causing a crash of the dcpfe process. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS on QFX10K Series: All versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2-S2, 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R1-S2, 22.2R2. | 2023-01-13 | 7.5 |
CVE-2023-22399 CONFIRM MISC |
N/A -- N/A |
An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a specific SNMP GET operation or a specific CLI command is executed this will cause a GUID resource leak, eventually leading to exhaustion and result in an FPC crash and reboot. GUID exhaustion will trigger a syslog message like one of the following for example: evo-pfemand[<pid>]: get_next_guid: Ran out of Guid Space ... evo-aftmand-zx[<pid>]: get_next_guid: Ran out of Guid Space ... This leak can be monitored by running the following command and taking note of the value in the rightmost column labeled Guids: user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3448 0 3448 re0 evo-pfemand net::juniper::interfaces::IFLId 0 561 0 561 user@host> show platform application-info allocations app evo-pfemand | match "IFDId|IFLId|Context" Node Application Context Name Live Allocs Fails Guids re0 evo-pfemand net::juniper::interfaces::IFDId 0 3784 0 3784 re0 evo-pfemand net::juniper::interfaces::IFLId 0 647 0 647 This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-S4-EVO; 21.3-EVO version 21.3R1-EVO and later versions; 21.4-EVO versions prior to 21.4R2-EVO. | 2023-01-13 | 7.5 |
CVE-2023-22400 CONFIRM |
N/A -- N/A |
An Improper Validation of Array Index vulnerability in the Advanced Forwarding Toolkit Manager daemon (aftmand) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On the PTX10008 and PTX10016 platforms running Junos OS or Junos OS Evolved, when a specific SNMP MIB is queried this will cause a PFE crash and the FPC will go offline and not automatically recover. A system restart is required to get the affected FPC in an operational state again. This issue affects: Juniper Networks Junos OS 22.1 version 22.1R2 and later versions; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. Juniper Networks Junos OS Evolved 21.3-EVO version 21.3R3-EVO and later versions; 21.4-EVO version 21.4R1-S2-EVO, 21.4R2-EVO and later versions prior to 21.4R2-S1-EVO; 22.1-EVO version 22.1R2-EVO and later versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. | 2023-01-13 | 7.5 |
CVE-2023-22401 CONFIRM |
N/A -- N/A |
An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On QFX10k Series Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device. This issue affects Juniper Networks Junos OS: All versions prior to 20.2R3-S7; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | 2023-01-13 | 7.5 |
CVE-2023-22403 CONFIRM |
N/A -- N/A |
An Improper Validation of Array Index vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX 5000 Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). When an attacker sends an SIP packets with a malformed SDP field then the SIP ALG can not process it which will lead to an FPC crash and restart. Continued receipt of these specific packets will lead to a sustained Denial of Service. This issue can only occur when both below mentioned conditions are fulfilled: 1. Call distribution needs to be enabled: [security alg sip enable-call-distribution] 2. The SIP ALG needs to be enabled, either implicitly / by default or by way of configuration. To confirm whether SIP ALG is enabled on SRX, and MX with SPC3 use the following command: user@host> show security alg status | match sip SIP : Enabled This issue affects Juniper Networks Junos OS on SRX 5000 Series: 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S2; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R3; 22.3 versions prior to 22.3R1-S1, 22.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. | 2023-01-13 | 7.5 |
CVE-2023-22408 CONFIRM |
N/A -- N/A |
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions. | 2023-01-13 | 7.5 |
CVE-2023-22410 CONFIRM |
N/A -- N/A |
An Out-of-Bounds Write vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted. This issue affects: Juniper Networks Junos OS on SRX Series: 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R2. | 2023-01-13 | 7.5 |
CVE-2023-22411 CONFIRM |
N/A -- N/A |
An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC or MS-MIC card and SRX Series allows an unauthenticated, network-based attacker to cause a flow processing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue occurs when SIP ALG is enabled and specific SIP messages are processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on MX Series, or SRX Series. | 2023-01-13 | 7.5 |
CVE-2023-22412 CONFIRM |
N/A -- N/A |
An Improper Check or Handling of Exceptional Conditions vulnerability in the IPsec library of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause Denial of Service (DoS). On all MX platforms with MS-MPC or MS-MIC card, when specific IPv4 packets are processed by an IPsec6 tunnel, the Multiservices PIC Management Daemon (mspmand) process will core and restart. This will lead to FPC crash. Traffic flow is impacted while mspmand restarts. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue only occurs if an IPv4 address is not configured on the multiservice interface. This issue affects: Juniper Networks Junos OS on MX Series All versions prior to 19.4R3-S9; 20.1 version 20.1R3-S5 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. | 2023-01-13 | 7.5 |
CVE-2023-22413 CONFIRM |
N/A -- N/A |
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all MX Series and SRX Series platform, when H.323 ALG is enabled and specific H.323 packets are received simultaneously, a flow processing daemon (flowd) crash will occur. Continued receipt of these specific packets will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series All versions prior to 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2-S1, 22.1R3; 22.2 versions prior to 22.2R1-S2, 22.2R2. | 2023-01-13 | 7.5 |
CVE-2023-22415 CONFIRM |
N/A -- N/A |
A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series. | 2023-01-13 | 7.5 |
CVE-2023-22416 CONFIRM |
N/A -- N/A |
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2. | 2023-01-13 | 7.5 |
CVE-2023-22417 CONFIRM |
mercurius_project -- mercurius | Mercurius is a GraphQL adapter for Fastify. Any users of Mercurius until version 10.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`. This issue was patched in #940. As a workaround, users can disable subscriptions. | 2023-01-09 | 7.5 |
CVE-2023-22477 MISC MISC MISC |
bzip2_project -- bzip2 | The bzip2 crate before 0.4.4 for Rust allow attackers to cause a denial of service via a large file that triggers an integer overflow in mem.rs. NOTE: this is unrelated to the https://crates.io/crates/bzip2-rs product. | 2023-01-10 | 7.5 |
CVE-2023-22895 MISC MISC |
N/A -- N/A |
Visual Studio Code Remote Code Execution. | 2023-01-10 | 7.3 |
CVE-2023-21779 MISC |
joomgallery_project -- joomgallery | A vulnerability, which was classified as critical, was found in JoomGallery up to 3.3.3. This affects an unknown part of the file administrator/components/com_joomgallery/views/config/tmpl/default.php of the component Image Sort Handler. The manipulation leads to sql injection. Upgrading to version 3.3.4 is able to address this issue. The name of the patch is dc414ee954e849082260f8613e15a1c1e1d354a1. It is recommended to upgrade the affected component. The identifier VDB-217569 was assigned to this vulnerability. | 2023-01-06 | 7.2 |
CVE-2018-25067 MISC MISC MISC MISC MISC |
bravenewcode -- wptouch | The WPtouch WordPress plugin before 4.3.45 does not properly validate images to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup) | 2023-01-09 | 7.2 |
CVE-2022-3416 MISC |
wp_custom_admin_interface_project -- wp_custom_admin_interface | The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 2023-01-09 | 7.2 |
CVE-2022-4043 MISC |
linksys -- wrt54gl_firmware | A buffer overflow vulnerability exists in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. A stack-based buffer overflow in the Start_EPI function within the httpd binary allows an authenticated attacker with administrator privileges to execute arbitrary commands on the underlying Linux operating system as root. This vulnerablity can be triggered over the network via a malicious POST request to /apply.cgi. | 2023-01-09 | 7.2 |
CVE-2022-43970 CONFIRM CONFIRM CONFIRM |
linksys -- wumc710_firmware | An arbitrary code exection vulnerability exists in Linksys WUMC710 Wireless-AC Universal Media Connector with firmware <= 1.0.02 (build3). The do_setNTP function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious GET or POST request to /setNTP.cgi to execute arbitrary commands on the underlying Linux operating system as root. | 2023-01-09 | 7.2 |
CVE-2022-43971 CONFIRM CONFIRM CONFIRM |
linksys -- wrt54gl_firmware | An arbitrary code execution vulnerability exisits in Linksys WRT54GL Wireless-G Broadband Router with firmware <= 4.30.18.006. The Check_TSSI function within the httpd binary uses unvalidated user input in the construction of a system command. An authenticated attacker with administrator privileges can leverage this vulnerability over the network via a malicious POST request to /apply.cgi to execute arbitrary commands on the underlying Linux operating system as root. | 2023-01-09 | 7.2 |
CVE-2022-43973 CONFIRM CONFIRM CONFIRM |
nokia -- asik_airscale_474021a.102_firmware | The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. | 2023-01-06 | 7.1 |
CVE-2022-2483 MISC |
zebra -- enterprise_home_screen | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. The Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. | 2023-01-10 | 7.1 |
CVE-2022-36441 MISC MISC |
zoom -- zoom | Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory. | 2023-01-09 | 7.1 |
CVE-2022-36928 MISC |
N/A -- N/A |
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2023-21736, CVE-2023-21737. | 2023-01-10 | 7.1 |
CVE-2023-21738 MISC |
N/A -- N/A |
Microsoft Office Visio Information Disclosure Vulnerability. | 2023-01-10 | 7.1 |
CVE-2023-21741 MISC |
N/A -- N/A |
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21675, CVE-2023-21747, CVE-2023-21748, CVE-2023-21749, CVE-2023-21754, CVE-2023-21755, CVE-2023-21772, CVE-2023-21773, CVE-2023-21774. | 2023-01-10 | 7.1 |
CVE-2023-21750 MISC |
N/A -- N/A |
Windows Backup Service Elevation of Privilege Vulnerability. | 2023-01-10 | 7.1 |
CVE-2023-21752 MISC |
N/A -- N/A |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21678, CVE-2023-21765. | 2023-01-10 | 7.1 |
CVE-2023-21760 MISC |
qualcomm -- sd888_5g_firmware | Memory corruption in Multimedia Framework due to unsafe access to the data members | 2023-01-09 | 7 |
CVE-2022-25716 MISC |
N/A -- N/A |
Azure Service Fabric Container Elevation of Privilege Vulnerability. | 2023-01-10 | 7 |
CVE-2023-21531 MISC |
N/A -- N/A |
Windows GDI Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2023-21552. | 2023-01-10 | 7 |
CVE-2023-21532 MISC |
microsoft -- windows_server_2008 | Windows Installer Elevation of Privilege Vulnerability. | 2023-01-10 | 7 |
CVE-2023-21542 MISC |
N/A -- N/A |
Windows Bind Filter Driver Elevation of Privilege Vulnerability. | 2023-01-10 | 7 |
CVE-2023-21733 MISC |
N/A -- N/A |
Windows Bluetooth Driver Elevation of Privilege Vulnerability. | 2023-01-10 | 7 |
CVE-2023-21739 MISC |
N/A -- N/A |
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability. | 2023-01-10 | 7 |
CVE-2023-21771 MISC |
Medium Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
siemens -- simatic_drive_controller_cpu_1504d_tf_firmware | Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. | 2023-01-10 | 6.8 |
CVE-2022-38773 MISC |
N/A -- N/A |
BitLocker Security Feature Bypass Vulnerability. | 2023-01-10 | 6.8 |
CVE-2023-21563 MISC |
sap -- host_agent | In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | 2023-01-10 | 6.7 |
CVE-2023-0012 MISC MISC |
N/A -- N/A |
Windows Boot Manager Security Feature Bypass Vulnerability. | 2023-01-10 | 6.6 |
CVE-2023-21560 MISC |
merlinsboard_project -- merlinsboard | A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This affects an unknown part of the component Grade Handler. The manipulation leads to improper authorization. The name of the patch is 134f5481e2914b7f096cd92a22b1e6bcb8e6dfe5. It is recommended to apply a patch to fix this issue. The identifier VDB-217713 was assigned to this vulnerability. | 2023-01-09 | 6.5 |
CVE-2015-10033 MISC MISC MISC |
qualcomm -- apq8009_firmware | Information disclosure due to buffer over-read in Bluetooth HOST while processing GetFolderItems and GetItemAttribute Cmds from peer device. | 2023-01-09 | 6.5 |
CVE-2022-33255 MISC |
qualcomm -- ar8035_firmware | Information disclosure due to buffer over-read in WLAN while WLAN frame parsing due to missing frame length check. | 2023-01-09 | 6.5 |
CVE-2022-33283 MISC |
qualcomm -- aqt1000_firmware | Information disclosure due to buffer over-read in WLAN while parsing BTM action frame. | 2023-01-09 | 6.5 |
CVE-2022-33284 MISC |
qualcomm -- apq8009_firmware | Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames. | 2023-01-09 | 6.5 |
CVE-2022-33285 MISC |
qualcomm -- apq8009_firmware | Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames. | 2023-01-09 | 6.5 |
CVE-2022-33286 MISC |
github -- enterprise_server | An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability affected all versions of GitHub Enterprise Server prior to version 3.7 and was fixed in versions 3.3.16, 3.4.11, 3.5.8, and 3.6.4. This vulnerability was reported via the GitHub Bug Bounty program. | 2023-01-09 | 6.5 |
CVE-2022-46258 MISC MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin on the site unless it is part of an extremely limited hardcoded selection. This also switches the site to the 'royal-elementor-kit' theme, potentially resulting in availability issues. | 2023-01-10 | 6.5 |
CVE-2022-4702 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. This is due to missing nonce validation in the 'wpr_create_mega_menu_template' AJAX function. This allows unauthenticated attackers to create Mega Menu templates, granted they can trick an administrator into performing an action, such as clicking a link. | 2023-01-10 | 6.5 |
CVE-2022-4707 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to modify the conditions under which templates are displayed. | 2023-01-10 | 6.5 |
CVE-2022-4708 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate templates from the plugin's template library. | 2023-01-10 | 6.5 |
CVE-2022-4709 MISC MISC MISC |
huawei -- emui | The Bluetooth AVRCP module has a vulnerability that can lead to DoS attacks.Successful exploitation of this vulnerability may cause the Bluetooth process to restart. | 2023-01-06 | 6.5 |
CVE-2022-47974 MISC MISC |
google -- chrome | Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 6.5 |
CVE-2023-0132 MISC MISC |
google -- chrome | Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | 6.5 |
CVE-2023-0133 MISC MISC |
google -- chrome | Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-01-10 | 6.5 |
CVE-2023-0139 MISC MISC |
google -- chrome | Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | 2023-01-10 | 6.5 |
CVE-2023-0140 MISC MISC |
N/A -- N/A |
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2. | 2023-01-13 | 6.5 |
CVE-2023-22395 CONFIRM |
N/A -- N/A |
An Out-of-bounds Write vulnerability in the Internet Key Exchange Protocol daemon (iked) of Juniper Networks Junos OS on SRX series and MX with SPC3 allows an authenticated, network-based attacker to cause a Denial of Service (DoS). iked will crash and restart, and the tunnel will not come up when a peer sends a specifically formatted payload during the negotiation. This will impact other IKE negotiations happening at the same time. Continued receipt of this specifically formatted payload will lead to continuous crashing of iked and thereby the inability for any IKE negotiations to take place. Note that this payload is only processed after the authentication has successfully completed. So the issue can only be exploited by an attacker who can successfully authenticate. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2. | 2023-01-13 | 6.5 |
CVE-2023-22404 CONFIRM |
N/A -- N/A |
An Improper Preservation of Consistency Between Independent Representations of Shared State vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS) to device due to out of resources. When a device is configured with "service-provider/SP style" switching, and mac-limiting is configured on an Aggregated Ethernet (ae) interface, and then a PFE is restarted or the device is rebooted, mac-limiting doesn't work anymore. Please note that the issue might not be apparent as traffic will continue to flow through the device although the mac table and respective logs will indicate that mac limit is reached. Functionality can be restored by removing and re-adding the MAC limit configuration. This issue affects Juniper Networks Junos OS on QFX5k Series, EX46xx Series: All versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3 on; 21.4 versions prior to 21.4R3 on; 22.1 versions prior to 22.1R2 on. | 2023-01-13 | 6.5 |
CVE-2023-22405 CONFIRM |
N/A -- N/A |
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO. | 2023-01-13 | 6.5 |
CVE-2023-22406 CONFIRM |
N/A -- N/A |
An Incomplete Cleanup vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). An rpd crash can occur when an MPLS TE tunnel configuration change occurs on a directly connected router. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R2-S7; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2. Juniper Networks Junos OS Evolved All versions prior to 19.2R3-EVO; 19.3 versions prior to 19.3R3-EVO; 19.4 versions prior to 19.4R3-EVO; 20.1 versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO. | 2023-01-13 | 6.5 |
CVE-2023-22407 CONFIRM |
N/A -- N/A |
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series. | 2023-01-13 | 6.5 |
CVE-2023-22414 CONFIRM |
fit2cloud -- kubepi | KubePi is a modern Kubernetes panel. A session fixation attack allows an attacker to hijack a legitimate user session, versions 1.6.3 and below are susceptible. A patch will be released in version 1.6.4. | 2023-01-10 | 6.5 |
CVE-2023-22479 MISC |
circl -- pandora | workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). | 2023-01-10 | 6.5 |
CVE-2023-22898 MISC |
linux -- linux_kernel | A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side. | 2023-01-10 | 6.4 |
CVE-2022-4382 MISC |
N/A -- N/A |
Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability. | 2023-01-10 | 6.3 |
CVE-2023-21725 MISC |
simplesamlphp -- information_cards_module | A vulnerability was found in Information Cards Module and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 1.0 is able to address this issue. The name of the patch is f6bfea49ae16dc6e179df8306d39c3694f1ef186. It is recommended to upgrade the affected component. The identifier VDB-217661 was assigned to this vulnerability. | 2023-01-09 | 6.1 |
CVE-2010-10004 MISC MISC MISC MISC |
console_project -- console | A vulnerability has been found in yanheven console and classified as problematic. Affected by this vulnerability is the function get_zone_hosts/AvailabilityZonesTable of the file openstack_dashboard/dashboards/admin/aggregates/tables.py. The manipulation leads to cross site scripting. The attack can be launched remotely. The name of the patch is ba908ae88d5925f4f6783eb234cc4ea95017472b. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217651. | 2023-01-08 | 6.1 |
CVE-2014-125070 MISC MISC MISC |
mysimplifiedsql_project -- mysimplifiedsql | A vulnerability, which was classified as problematic, has been found in foxoverflow MySimplifiedSQL. This issue affects some unknown processing of the file MySimplifiedSQL_Examples.php. The manipulation of the argument FirstName/LastName leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 3b7481c72786f88041b7c2d83bb4f219f77f1293. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217595. | 2023-01-07 | 6.1 |
CVE-2015-10019 MISC MISC MISC |
rimdev -- definely | A vulnerability was found in ritterim definely. It has been classified as problematic. Affected is an unknown function of the file src/database.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is b31a022ba4d8d17148445a13ebb5a42ad593dbaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217608. | 2023-01-07 | 6.1 |
CVE-2015-10021 MISC MISC MISC MISC |
pear_programming_project -- pear_programming | A vulnerability has been found in ss15-this-is-sparta and classified as problematic. This vulnerability affects unknown code of the file js/roomElement.js of the component Main Page. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is ba2f71ad3a46e5949ee0c510b544fa4ea973baaa. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217624. | 2023-01-07 | 6.1 |
CVE-2015-10028 MISC MISC MISC MISC |
healthmateweb_project -- healthmateweb | A vulnerability was found in HealthMateWeb. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file createaccount.php. The manipulation of the argument username/password/first_name/last_name/company/phone leads to cross site scripting. The attack can be launched remotely. The name of the patch is 472776c25b1046ecaf962c46fed7c713c72c28e3. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217663. | 2023-01-09 | 6.1 |
CVE-2015-10032 MISC MISC MISC |
symbiote -- seed | A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The name of the patch is b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability. | 2023-01-07 | 6.1 |
CVE-2017-20164 MISC MISC MISC MISC |
inline_svg_project -- inline_svg | A vulnerability has been found in jamesmartin Inline SVG up to 1.7.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file lib/inline_svg/action_view/helpers.rb of the component URL Parameter Handler. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.7.2 is able to address this issue. The name of the patch is f5363b351508486021f99e083c92068cf2943621. It is recommended to upgrade the affected component. The identifier VDB-217597 was assigned to this vulnerability. | 2023-01-07 | 6.1 |
CVE-2020-36644 MISC MISC MISC MISC MISC |
tasmota_project -- tasmota | Cross Site Scripting (XSS) in Tasmota firmware 6.5.0 allows remote attackers to inject JavaScript code via a crafted string in the field "Friendly Name 1". | 2023-01-09 | 6.1 |
CVE-2021-36603 MISC |
01-scripts -- 01acp | A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be initiated remotely. The name of the patch is a16eb7da46ed22bc61067c212635394f2571d3c4. It is recommended to apply a patch to fix this issue. The identifier VDB-217649 was assigned to this vulnerability. | 2023-01-08 | 6.1 |
CVE-2021-4309 MISC MISC MISC |
01-scripts -- 01-artikelsystem | A vulnerability was found in 01-Scripts 01-Artikelsystem. It has been classified as problematic. Affected is an unknown function of the file 01article.php. The manipulation of the argument $_SERVER['PHP_SELF'] leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is ae849b347a58c2cb1be38d04bbe56fc883d5d84a. It is recommended to apply a patch to fix this issue. VDB-217662 is the identifier assigned to this vulnerability. | 2023-01-09 | 6.1 |
CVE-2021-4310 MISC MISC MISC |
phoenixframework -- phoenix_html | tag.ex in Phoenix Phoenix.HTML (aka phoenix_html) before 3.0.4 allows XSS in HEEx class attributes. | 2023-01-10 | 6.1 |
CVE-2021-46871 MISC MISC |
event_management_system_project -- event_management_system | A vulnerability classified as problematic has been found in SourceCodester Royale Event Management System 1.0. Affected is an unknown function of the file /royal_event/companyprofile.php. The manipulation of the argument companyname/regno/companyaddress/companyemail leads to cross site scripting. It is possible to launch the attack remotely. VDB-195786 is the identifier assigned to this vulnerability. | 2023-01-07 | 6.1 |
CVE-2022-1102 MISC MISC MISC |
mega -- hopex | An issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP2. The application is prone to reflected Cross-site Scripting (XSS) in several features. | 2023-01-10 | 6.1 |
CVE-2022-38481 MISC MISC |
sunshinephotocart -- sunshine_photo_cart | The Sunshine Photo Cart WordPress plugin before 2.9.15 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | 2023-01-09 | 6.1 |
CVE-2022-4301 MISC |
wp-slimstat -- slimstat_analytics | The Slimstat Analytics WordPress plugin before 4.9.3 does not sanitise and escape the URI when logging requests, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks against logged in admin viewing the logs | 2023-01-09 | 6.1 |
CVE-2022-4310 MISC |
ifeelweb -- post_status_notifier_lite | The Post Status Notifier Lite WordPress plugin before 1.10.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high privilege users such as admin. | 2023-01-09 | 6.1 |
CVE-2022-4325 MISC |
cpkwebsolutions -- wp_csv | The WP CSV WordPress plugin through 1.8.0.0 does not sanitize and escape a parameter before outputting it back in the page when importing a CSV, and doe snot have CSRF checks in place as well, leading to a Reflected Cross-Site Scripting. | 2023-01-09 | 6.1 |
CVE-2022-4368 MISC |
bg_bible_references_project -- bg_bible_references | The Bg Bible References WordPress plugin through 3.8.14 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. | 2023-01-09 | 6.1 |
CVE-2022-4374 MISC |
maccms -- maccms | A reflected cross-site scripting (XSS) vulnerability in maccms10 v2022.1000.3032 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the AD Management module. | 2023-01-06 | 6.1 |
CVE-2022-44870 MISC MISC |
zimbra -- collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information. | 2023-01-06 | 6.1 |
CVE-2022-45911 MISC MISC |
zimbra -- collaboration | An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure. | 2023-01-06 | 6.1 |
CVE-2022-45913 MISC MISC |
inkdrop -- inkdrop | An issue in Inkdrop v5.4.1 allows attackers to execute arbitrary commands via uploading a crafted markdown file. | 2023-01-09 | 6.1 |
CVE-2022-46603 MISC |
mendix -- saml | A vulnerability has been identified in Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.3.4), Mendix SAML (Mendix 9 compatible, New Track) (All versions >= V3.3.0 < V3.3.9), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.8). The affected module is vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. | 2023-01-10 | 6.1 |
CVE-2022-46823 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output escaping of the 'wpr_ajax_search_link_target' parameter in the 'data_fetch' function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is occurring because 'sanitize_text_field' is insufficient to prevent attribute-based Cross-Site Scripting | 2023-01-10 | 6.1 |
CVE-2022-4710 MISC MISC MISC |
kaltura -- mwembed | A vulnerability was found in kaltura mwEmbed up to 2.91. It has been rated as problematic. Affected by this issue is some unknown functionality of the file modules/KalturaSupport/components/share/share.js of the component Share Plugin. The manipulation of the argument res leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.92.rc1 is able to address this issue. The name of the patch is 4f11b6f6610acd6d89de5f8be47cf7c610643845. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217664. | 2023-01-09 | 6.1 |
CVE-2022-4882 MISC MISC MISC MISC MISC |
sap -- netweaver_application_server_abap | The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | 2023-01-10 | 6.1 |
CVE-2023-0013 MISC MISC |
sap -- businessobjects_business_intelligence_platform | Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges can modify/upload crystal reports containing a malicious payload. Once these reports are viewable, anyone who opens those reports would be susceptible to stored XSS attacks. As a result of the attack, information maintained in the victim's web browser can be read, modified, and sent to the attacker. | 2023-01-10 | 6.1 |
CVE-2023-0018 MISC MISC |
control_id_panel_project -- control_id_panel | A vulnerability was found in Control iD Panel. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability. | 2023-01-09 | 6.1 |
CVE-2023-0125 MISC MISC MISC |
N/A -- N/A |
An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the attacker is able to sustain the offending traffic, a Distributed Denial of Service (DDoS) event occurs. As a DDoS event, the offending packets sent by the attacker will continue to flow from one device to another as long as they are received and processed by any devices, ultimately causing a cascading outage to any vulnerable devices. Devices not vulnerable to the memory leak will process and forward the offending packet(s) to neighboring devices. Due to internal anti-flood security controls and mechanisms reaching their maximum limit of response in the worst-case scenario, all affected Junos OS Evolved devices will reboot in as little as 1.5 days. Reboots to restore services cannot be avoided once the memory leak begins. The device will self-recover after crashing and rebooting. Operator intervention isn't required to restart the device. This issue affects: Juniper Networks Junos OS Evolved on PTX10003: All versions prior to 20.4R3-S4-EVO; 21.3 versions prior to 21.3R3-S1-EVO; 21.4 versions prior to 21.4R2-S2-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R1-S2-EVO, 22.1R2-EVO; 22.2 versions prior to 22.2R2-EVO. To check memory, customers may VTY to the PFE first then execute the following show statement: show jexpr jtm ingress-main-memory chip 255 | no-more Alternatively one may execute from the RE CLI: request pfe execute target fpc0 command "show jexpr jtm ingress-main-memory chip 255 | no-more" Iteration 1: Example output: Mem type: NH, alloc type: JTM 136776 bytes used (max 138216 bytes used) 911568 bytes available (909312 bytes from free pages) Iteration 2: Example output: Mem type: NH, alloc type: JTM 137288 bytes used (max 138216 bytes used) 911056 bytes available (909312 bytes from free pages) The same can be seen in the CLI below, assuming the scale does not change: show npu memory info Example output: FPC0:NPU16 mem-util-jnh-nh-size 2097152 FPC0:NPU16 mem-util-jnh-nh-allocated 135272 FPC0:NPU16 mem-util-jnh-nh-utilization 6 | 2023-01-13 | 6.1 |
CVE-2023-22397 CONFIRM |
thinkst -- canarytokens | Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken (a URL) can use this to execute Javascript in the Canarytoken's trigger history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. This vulnerability is similar to CVE-2022-31113, but affected parameters reported differently from the Canarytoken trigger request. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. Canarytokens Docker images sha-fb61290 and later contain a patch for this issue. | 2023-01-06 | 6.1 |
CVE-2023-22475 MISC MISC MISC |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. E-Widgets does widget replacement in HTML attributes, which can lead to XSS, because widget authors often do not expect that their widget is executed in an HTML attribute context. | 2023-01-10 | 6.1 |
CVE-2023-22911 MISC |
weave -- weave_gitops | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. GitOps run has a local S3 bucket which it uses for synchronizing files that are later applied against a Kubernetes cluster. The communication between GitOps Run and the local S3 bucket is not encrypted. This allows privileged users or process to tap the local traffic to gain information permitting access to the s3 bucket. From that point, it would be possible to alter the bucket content, resulting in changes in the Kubernetes cluster's resources. There are no known workaround(s) for this vulnerability. This vulnerability has been fixed by commits ce2bbff and babd915. Users should upgrade to Weave GitOps version >= v0.12.0 released on 08/12/2022. | 2023-01-09 | 6 |
CVE-2022-23509 MISC MISC MISC |
N/A -- N/A |
A Use After Free vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Non Stop Routing (NSR) scenario, an unexpected kernel restart might be observed if "bgp auto-discovery" is enabled and if there is a BGP neighbor flap of auto-discovery sessions for any reason. This is a race condition which is outside of an attackers direct control and it depends on system internal timing whether this issue occurs. This issue affects Juniper Networks Junos OS Evolved: 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R2-EVO; 22.1 versions prior to 22.1R2-EVO; 22.2 versions prior to 22.2R1-S1-EVO, 22.2R2-EVO. | 2023-01-13 | 5.9 |
CVE-2023-22402 CONFIRM |
zip4j_project -- zip4j | Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. | 2023-01-10 | 5.9 |
CVE-2023-22899 MISC MISC MISC MISC MISC |
sap -- bank_account_management | In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application. | 2023-01-10 | 5.7 |
CVE-2023-0023 MISC MISC |
cesnet -- theme-cesnet | A vulnerability has been found in CESNET theme-cesnet up to 1.x and classified as problematic. Affected by this vulnerability is an unknown functionality of the file cesnet/core/lostpassword/templates/resetpassword.php. The manipulation leads to insufficiently protected credentials. Attacking locally is a requirement. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 2b857f2233ce5083b4d5bc9bfc4152f933c3e4a6. It is recommended to upgrade the affected component. The identifier VDB-217633 was assigned to this vulnerability. | 2023-01-07 | 5.5 |
CVE-2016-15014 MISC MISC MISC MISC MISC |
ibm -- security_verify_governance | IBM Security Verify Governance 10.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225232. | 2023-01-09 | 5.5 |
CVE-2022-22470 MISC MISC |
qualcomm -- apq8096au_firmware | Information exposure in DSP services due to improper handling of freeing memory | 2023-01-09 | 5.5 |
CVE-2022-25722 MISC |
qualcomm -- ar8035_firmware | Denial of service in MODEM due to improper pointer handling | 2023-01-09 | 5.5 |
CVE-2022-25725 MISC |
qualcomm -- aqt1000_firmware | Information disclosure due to buffer over-read in WLAN while handling IBSS beacons frame. | 2023-01-09 | 5.5 |
CVE-2022-33252 MISC |
qualcomm -- aqt1000_firmware | Transient DOS due to buffer over-read in WLAN while parsing corrupted NAN frames. | 2023-01-09 | 5.5 |
CVE-2022-33253 MISC |
zebra -- enterprise_home_screen | An issue was discovered in Zebra Enterprise Home Screen 4.1.19. By using the embedded Google Chrome application, it is possible to install an unauthorized application via a downloaded APK. | 2023-01-10 | 5.5 |
CVE-2022-36442 MISC MISC |
qualcomm -- aqt1000_firmware | Information disclosure due to buffer overread in Core | 2023-01-09 | 5.5 |
CVE-2022-40518 MISC |
qualcomm -- aqt1000_firmware | Information disclosure due to buffer overread in Core | 2023-01-09 | 5.5 |
CVE-2022-40519 MISC |
apache -- james | Unproper laxist permissions on the temporary files used by MIME4J TempFileStorageProvider may lead to information disclosure to other local users. This issue affects Apache James MIME4J version 0.8.8 and prior versions. We recommend users to upgrade to MIME4j version 0.8.9 or later. | 2023-01-06 | 5.5 |
CVE-2022-45787 MISC |
apache -- james | Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. Vulnerable components includes the SMTP stack and IMAP APPEND command. This issue affects Apache James server version 3.7.2 and prior versions. | 2023-01-06 | 5.5 |
CVE-2022-45935 MISC |
netis-systems -- netcore_router_firmware | A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592. | 2023-01-07 | 5.5 |
CVE-2023-0114 MISC MISC |
N/A -- N/A |
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21550, CVE-2023-21559. | 2023-01-10 | 5.5 |
CVE-2023-21540 MISC |
N/A -- N/A |
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21540, CVE-2023-21559. | 2023-01-10 | 5.5 |
CVE-2023-21550 MISC |
N/A -- N/A |
Windows Cryptographic Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21540, CVE-2023-21550. | 2023-01-10 | 5.5 |
CVE-2023-21559 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 5.5 |
CVE-2023-21591 MISC |
N/A -- N/A |
Adobe InDesign version 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 5.5 |
CVE-2023-21592 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 5.5 |
CVE-2023-21598 MISC |
N/A -- N/A |
Adobe InCopy versions 18.0 (and earlier), 17.4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2023-01-13 | 5.5 |
CVE-2023-21599 MISC |
N/A -- N/A |
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21536. | 2023-01-10 | 5.5 |
CVE-2023-21753 MISC |
N/A -- N/A |
Windows Kernel Information Disclosure Vulnerability. | 2023-01-10 | 5.5 |
CVE-2023-21776 MISC |
N/A -- N/A |
An Unchecked Input for Loop Condition vulnerability in a NAT library of Juniper Networks Junos OS allows a local authenticated attacker with low privileges to cause a Denial of Service (DoS). When an inconsistent "deterministic NAT" configuration is present on an SRX, or MX with SPC3 and then a specific CLI command is issued the SPC will crash and restart. Repeated execution of this command will lead to a sustained DoS. Such a configuration is characterized by the total number of port blocks being greater than the total number of hosts. An example for such configuration is: [ services nat source pool TEST-POOL address x.x.x.0/32 to x.x.x.15/32 ] [ services nat source pool TEST-POOL port deterministic block-size 1008 ] [ services nat source pool TEST-POOL port deterministic host address y.y.y.0/24] [ services nat source pool TEST-POOL port deterministic include-boundary-addresses] where according to the following calculation: 65536-1024=64512 (number of usable ports per IP address, implicit) 64512/1008=64 (number of port blocks per Nat IP) x.x.x.0/32 to x.x.x.15/32 = 16 (NAT IP addresses available in NAT pool) total port blocks in NAT Pool = 64 blocks per IP * 16 IPs = 1024 Port blocks host address y.y.y.0/24 = 256 hosts (with include-boundary-addresses) If the port block size is configured to be 4032, then the total port blocks are (64512/4032) * 16 = 256 which is equivalent to the total host addresses of 256, and the issue will not be seen. This issue affects Juniper Networks Junos OS on SRX Series, and MX Series with SPC3: All versions prior to 19.4R3-S10; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S3; 21.3 versions prior to 21.3R3-S3; 21.4 versions prior to 21.4R3-S1; 22.1 versions prior to 22.1R2-S2, 22.1R3; 22.2 versions prior to 22.2R2. | 2023-01-13 | 5.5 |
CVE-2023-22409 CONFIRM |
kluks -- xingwall | A vulnerability, which was classified as critical, has been found in kassi xingwall. This issue affects some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. The name of the patch is e9f0d509e1408743048e29d9c099d36e0e1f6ae7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217559. | 2023-01-06 | 5.4 |
CVE-2014-125048 MISC MISC MISC |
easyvista -- service_manager | An issue was discovered in EasyVista 2020.2.125.3 before 2022.1.110.1.02. It is prone to stored Cross-site Scripting (XSS). | 2023-01-10 | 5.4 |
CVE-2022-38489 MISC |
zte -- mf286r_firmware | There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks. | 2023-01-06 | 5.4 |
CVE-2022-39072 MISC |
vision_interactive_project -- vision_interactive | The Vision Interactive For WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-01-09 | 5.4 |
CVE-2022-4391 MISC |
ipanorama_360_wordpress_virtual_tour_builder_project -- ipanorama_360_wordpress_virtual_tour_builder | The iPanorama 360 WordPress Virtual Tour Builder plugin through 1.6.29 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-01-09 | 5.4 |
CVE-2022-4392 MISC |
imagelinks_interactive_image_builder_project -- imagelinks_interactive_image_builder | The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-01-09 | 5.4 |
CVE-2022-4393 MISC |
ipages_flipbook_project -- ipages_flipbook | The iPages Flipbook For WordPress plugin through 1.4.6 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2023-01-09 | 5.4 |
CVE-2022-4394 MISC |
bootstrapped -- wp_recipe_maker | The WP Recipe Maker WordPress plugin before 8.6.1 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin. | 2023-01-09 | 5.4 |
CVE-2022-4468 MISC |
table_of_contents_plus_project -- table_of_contents_plus | The Table of Contents Plus WordPress plugin before 2212 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | 2023-01-09 | 5.4 |
CVE-2022-4479 MISC |
wp-table_reloaded_project -- wp-table_reloaded | The WP-Table Reloaded WordPress plugin through 1.9.4 does not validate and escapes some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as a contributor to perform Stored Cross-Site Scripting attacks, which could be used against high privilege users such as admins. | 2023-01-09 | 5.4 |
CVE-2022-4491 MISC |
automattic -- jetpack_crm | The Jetpack CRM WordPress plugin before 5.5 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins | 2023-01-09 | 5.4 |
CVE-2022-4497 MISC |
apache -- sling_cms | An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Sling App CMS version 1.1.2 and prior may allow an authenticated remote attacker to perform a reflected cross-site scripting (XSS) attack in the site group feature. Upgrade to Apache Sling App CMS >= 1.1.4 | 2023-01-09 | 5.4 |
CVE-2022-46769 MISC |
pac3_project -- pac3 | A vulnerability was found in CapsAdmin PAC3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file lua/pac3/core/shared/http.lua. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. The name of the patch is 8fc9e12dfa21d757be6eb4194c763e848b299ac0. It is recommended to apply a patch to fix this issue. VDB-217646 is the identifier assigned to this vulnerability. | 2023-01-08 | 5.4 |
CVE-2022-4881 MISC MISC MISC MISC |
sap -- business_objects_business_intelligence_platform | In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS attacks. On successful exploitation an attacker can cause limited impact on confidentiality and integrity of the application. | 2023-01-10 | 5.4 |
CVE-2023-0015 MISC MISC |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0106 CONFIRM MISC |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0107 CONFIRM MISC |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0108 MISC CONFIRM |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0110 MISC CONFIRM |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0111 MISC CONFIRM |
usememos -- memos | Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.10.0. | 2023-01-07 | 5.4 |
CVE-2023-0112 MISC CONFIRM |
easy-script_project -- easy-script | A vulnerability, which was classified as problematic, was found in agnivade easy-scrypt. Affected is the function VerifyPassphrase of the file scrypt.go. The manipulation leads to observable timing discrepancy. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is 477c10cf3b144ddf96526aa09f5fdea613f21812. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217596. | 2023-01-07 | 5.3 |
CVE-2014-125055 MISC MISC MISC MISC |
pylonsproject -- horus | A vulnerability was found in Pylons horus and classified as problematic. Affected by this issue is some unknown functionality of the file horus/flows/local/services.py. The manipulation leads to observable timing discrepancy. The name of the patch is fd56ccb62ce3cbdab0484fe4f9c25c4eda6c57ec. It is recommended to apply a patch to fix this issue. VDB-217598 is the identifier assigned to this vulnerability. | 2023-01-07 | 5.3 |
CVE-2014-125056 MISC MISC MISC |
maps-js-icoads_project -- maps-js-icoads | A vulnerability was found in saxman maps-js-icoads and classified as critical. This issue affects some unknown processing of the file http-server.js. The manipulation leads to path traversal. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217643. | 2023-01-08 | 5.3 |
CVE-2014-125068 MISC MISC MISC |
maps-js-icoads_project -- maps-js-icoads | A vulnerability was found in saxman maps-js-icoads. It has been classified as problematic. Affected is an unknown function. The manipulation leads to exposure of information through directory listing. It is possible to launch the attack remotely. The name of the patch is 34b8b0cce2807b119f4cffda2ac48fc8f427d69a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217644. | 2023-01-08 | 5.3 |
CVE-2014-125069 MISC MISC MISC |
surpass_project -- surpass | A vulnerability has been found in SUKOHI Surpass and classified as critical. This vulnerability affects unknown code of the file src/Sukohi/Surpass/Surpass.php. The manipulation of the argument dir leads to pathname traversal. Upgrading to version 1.0.0 is able to address this issue. The name of the patch is d22337d453a2a14194cdb02bf12cdf9d9f827aa7. It is recommended to upgrade the affected component. VDB-217642 is the identifier assigned to this vulnerability. | 2023-01-08 | 5.3 |
CVE-2015-10030 MISC MISC MISC MISC |
paysafe -- barzahlen_payment_module_php_sdk | A vulnerability, which was classified as problematic, was found in viafintech Barzahlen Payment Module PHP SDK up to 2.0.0. Affected is the function verify of the file src/Webhook.php. The manipulation leads to observable timing discrepancy. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 3e7d29dc0ca6c054a6d6e211f32dae89078594c1. It is recommended to upgrade the affected component. VDB-217650 is the identifier assigned to this vulnerability. | 2023-01-08 | 5.3 |
CVE-2016-15015 MISC MISC MISC MISC MISC |
afkmods -- qsf-portal | A vulnerability classified as critical was found in Arthmoor QSF-Portal. This vulnerability affects unknown code of the file index.php. The manipulation of the argument a leads to path traversal. The name of the patch is ea4f61e23ecb83247d174bc2e2cbab521c751a7d. It is recommended to apply a patch to fix this issue. VDB-217558 is the identifier assigned to this vulnerability. | 2023-01-06 | 5.3 |
CVE-2019-25099 MISC MISC MISC |
yunohost -- transmission_ynh | A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknown function of the file conf/nginx.conf. The manipulation leads to path traversal. The name of the patch is f136dfd44eda128129e5fd2d850a3a3c600e6a4a. It is recommended to apply a patch to fix this issue. VDB-217638 is the identifier assigned to this vulnerability. | 2023-01-08 | 5.3 |
CVE-2020-36647 MISC MISC MISC MISC |
jatos -- jatos | A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b42519f309d8164e8811392770ce604cdabb5da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217548. | 2023-01-06 | 5.3 |
CVE-2022-4878 MISC MISC MISC MISC |
N/A -- N/A |
Remote Procedure Call Runtime Denial of Service Vulnerability. | 2023-01-10 | 5.3 |
CVE-2023-21525 MISC |
N/A -- N/A |
Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability. | 2023-01-10 | 5.3 |
CVE-2023-21682 MISC |
N/A -- N/A |
Microsoft SharePoint Server Security Feature Bypass Vulnerability. | 2023-01-10 | 5.3 |
CVE-2023-21743 MISC |
N/A -- N/A |
An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO. | 2023-01-13 | 5.3 |
CVE-2023-22398 CONFIRM |
mediawiki -- mediawiki | An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. SpecialMobileHistory allows remote attackers to cause a denial of service because database queries are slow. | 2023-01-10 | 5.3 |
CVE-2023-22909 MISC |
tribe29 -- checkmk | Path-Traversal in MKP storing in Tribe29 Checkmk <=2.0.0p32 and <= 2.1.0p18 allows an administrator to write mkp files to arbitrary locations via a malicious mkp file. | 2023-01-09 | 4.9 |
CVE-2022-4884 MISC |
404_to_start_project -- 404_to_start | The 404 to Start WordPress plugin through 1.6.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-01-09 | 4.8 |
CVE-2022-3855 MISC |
mondula -- multi_step_form | The Multi Step Form WordPress plugin before 1.7.8 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2023-01-09 | 4.8 |
CVE-2022-4196 MISC |
machothemes -- cpo_companion | The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2023-01-10 | 4.8 |
CVE-2023-0162 MISC MISC |
N/A -- N/A |
Event Tracing for Windows Information Disclosure Vulnerability. This CVE ID is unique from CVE-2023-21753. | 2023-01-10 | 4.7 |
CVE-2023-21536 MISC |
N/A -- N/A |
Windows Overlay Filter Information Disclosure Vulnerability. | 2023-01-10 | 4.7 |
CVE-2023-21766 MISC |
qualcomm -- apq8009_firmware | Denial of service while processing fastboot flash command on mmc due to buffer over read | 2023-01-09 | 4.6 |
CVE-2022-22079 MISC |
avira -- avira_security | Avira Security for Windows contains an unquoted service path which allows attackers with local administrative privileges to cause a Denial of Service. The issue was fixed with Avira Security version 1.1.78 | 2023-01-10 | 4.4 |
CVE-2022-4429 MISC |
reddit-on-rails_project -- reddit-on-rails | A vulnerability classified as critical was found in koroket RedditOnRails. This vulnerability affects unknown code of the component Vote Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The name of the patch is 7f3c7407d95d532fcc342b00d68d0ea09ca71030. It is recommended to apply a patch to fix this issue. VDB-217594 is the identifier assigned to this vulnerability. | 2023-01-07 | 4.3 |
CVE-2014-125054 MISC MISC MISC |
mega -- hopex | A link-manipulation issue was discovered in Mega HOPEX 15.2.0.6110 before V5CP4. | 2023-01-10 | 4.3 |
CVE-2022-38482 MISC MISC |
activecampaign -- activecampaign_for_woocommerce | The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs. | 2023-01-09 | 4.3 |
CVE-2022-3923 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorisation and CSRF checks when creating a template, and does not ensure that the post created is a template. This could allow any authenticated users, such as subscriber to create a post (as well as any post type) with an arbitrary title | 2023-01-09 | 4.3 |
CVE-2022-4103 MISC |
wpswings -- mautic_integration_for_woocommerce | The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack. | 2023-01-09 | 4.3 |
CVE-2022-4426 MISC |
archibus -- archibus_web_central | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel (delete) a booking, created by someone else - even if this basic user is not a member of the booking | 2023-01-10 | 4.3 |
CVE-2022-45164 MISC |
archibus -- archibus_web_central | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | 2023-01-10 | 4.3 |
CVE-2022-45166 MISC |
archibus -- archibus_web_central | An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | 2023-01-10 | 4.3 |
CVE-2022-45167 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of preset site configuration templates, which can be chosen and imported via a separate action documented in CVE-2022-4704. | 2023-01-10 | 4.3 |
CVE-2022-4705 MISC MISC MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | 2023-01-10 | 4.3 |
CVE-2022-4711 MISC MISC MISC |
google -- chrome | Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | 2023-01-10 | 4.3 |
CVE-2023-0141 MISC MISC |
Low Vulnerabilities
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
2code -- wpqa_builder | The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. | 2023-01-09 | 3.5 |
CVE-2022-3343 MISC |
nextcloud -- deck | Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. When getting the reference preview for Deck cards the user has no access to, unauthorized user could eventually get the cached data of a user that has access. There are currently no known workarounds. It is recommended that the Nextcloud app Deck is upgraded to 1.8.2. | 2023-01-10 | 3.5 |
CVE-2023-22469 MISC MISC |
N/A -- N/A |
Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability. | 2023-01-10 | 3.3 |
CVE-2023-21759 MISC |
royal-elementor-addons -- royal_elementor_addons | The Royal Elementor Addons WordPress plugin before 1.3.56 does not have authorization and CSRF checks when deleting a template and does not ensure that the post to be deleted is a template. This could allow any authenticated users, such as subscribers, to delete arbitrary posts assuming they know the related slug. | 2023-01-09 | 3.1 |
CVE-2022-4102 MISC |
nextcloud -- talk | Talk-Android enables users to have video & audio calls through Nextcloud on Android. Due to passcode bypass, an attacker is able to access the user's Nextcloud files and view conversations. To exploit this the attacker needs to have physical access to the target's device. There are currently no known workarounds available. It is recommended that the Nextcloud Talk Android app is upgraded to 15.0.2. | 2023-01-09 | 2.1 |
CVE-2023-22473 MISC MISC MISC |
Severity Not Yet Assigned
Primary Vendor -- Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
cool-php-captcha -- cool-php-captcha |
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.3 is able to address this issue. The name of the patch is c84fb6b153bebaf228feee0cbf50728d27ae3f80. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218296. | 2023-01-13 | not yet calculated |
CVE-2009-10001 MISC MISC MISC MISC MISC |
dpup -- fittr-flickr |
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 08875dd8a2e5d0d16568bb0d67cb4328062fccde. It is recommended to apply a patch to fix this issue. The identifier VDB-218297 was assigned to this vulnerability. | 2023-01-13 | not yet calculated |
CVE-2009-10002 MISC MISC MISC |
backdrop_contrib -- basic_cart |
A vulnerability was found in backdrop-contrib Basic Cart. It has been classified as problematic. Affected is the function basic_cart_checkout_form_submit of the file basic_cart.cart.inc. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.x-1.1.1 is able to address this issue. The name of the patch is a10424ccd4b3b4b433cf33b73c1ad608b11890b4. It is recommended to upgrade the affected component. VDB-217950 is the identifier assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2012-10004 MISC MISC MISC MISC |
php-form-builder-class -- php-form-builder-class |
A vulnerability has been found in manikandan170890 php-form-builder-class and classified as problematic. Affected by this vulnerability is an unknown functionality of the file PFBC/Element/Textarea.php of the component Textarea Handler. The manipulation of the argument value leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 74897993818d826595fd5857038e6703456a594a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218155. | 2023-01-12 | not yet calculated |
CVE-2012-10005 MISC MISC MISC MISC |
zerochplus -- zerochplus |
A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007. | 2023-01-11 | not yet calculated |
CVE-2013-10010 MISC MISC MISC |
classroom-engagement-system -- classroom-engagement-system |
A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156. | 2023-01-12 | not yet calculated |
CVE-2013-10011 MISC MISC MISC |
voyager -- voyager |
A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The name of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2014-125074 MISC MISC MISC |
google -- gmail-servlet |
A vulnerability was found in gmail-servlet and classified as critical. This issue affects the function search of the file src/Model.java. The manipulation leads to sql injection. The name of the patch is 5d72753c2e95bb373aa86824939397dc25f679ea. It is recommended to apply a patch to fix this issue. The identifier VDB-218021 was assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2014-125075 MISC MISC MISC |
criminals -- criminals |
A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The name of the patch is 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2014-125076 MISC MISC MISC |
cis450project -- cis450project |
A vulnerability has been found in ssn2013 cis450Project and classified as critical. This vulnerability affects the function addUser of the file HeatMapServer/src/com/datformers/servlet/AddAppUser.java. The manipulation leads to sql injection. The name of the patch is 39b495011437a105c7670e17e071f99195b4922e. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218380. | 2023-01-14 | not yet calculated |
CVE-2015-10020 MISC MISC MISC |
dronfelipe -- dronfelipe |
A vulnerability was found in kylebebak dronfelipe. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 87405b74fe651892d79d0dff62ed17a7eaef6a60. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217951. | 2023-01-11 | not yet calculated |
CVE-2015-10036 MISC MISC MISC |
aci_escola -- aci_escola |
A vulnerability, which was classified as critical, was found in ACI_Escola. This affects an unknown part. The manipulation leads to sql injection. The name of the patch is 34eed1f7b9295d1424912f79989d8aba5de41e9f. It is recommended to apply a patch to fix this issue. The identifier VDB-217965 was assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2015-10037 MISC MISC MISC |
pplv2-- pplv2 |
A vulnerability was found in nym3r0s pplv2. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The name of the patch is 28f8b0550104044da09f04659797487c59f85b00. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218023. | 2023-01-11 | not yet calculated |
CVE-2015-10038 MISC MISC MISC |
domino-- domino |
A vulnerability was found in dobos domino. It has been rated as critical. Affected by this issue is some unknown functionality in the library src/Complex.Domino.Lib/Lib/EntityFactory.cs. The manipulation leads to sql injection. Upgrading to version 0.1.5524.38553 is able to address this issue. The name of the patch is 16f039073709a21a76526110d773a6cce0ce753a. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218024. | 2023-01-11 | not yet calculated |
CVE-2015-10039 MISC MISC MISC MISC |
gitlearn -- gitlearn |
A vulnerability was found in gitlearn. It has been declared as problematic. This vulnerability affects the function getGrade/getOutOf of the file scripts/config.sh of the component Escape Sequence Handler. The manipulation leads to injection. The attack can be initiated remotely. The name of the patch is 3faa5deaa509012069afe75cd03c21bda5050a64. It is recommended to apply a patch to fix this issue. VDB-218302 is the identifier assigned to this vulnerability. | 2023-01-13 | not yet calculated |
CVE-2015-10040 MISC MISC MISC MISC |
apollo -- apollo |
A vulnerability, which was classified as critical, was found in abreen Apollo. This affects an unknown part. The manipulation of the argument file leads to path traversal. The name of the patch is 6206406630780bbd074aff34f4683fb764faba71. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218307. | 2023-01-14 | not yet calculated |
CVE-2015-10043 MISC MISC MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the "control" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes. | 2023-01-12 | not yet calculated |
CVE-2017-14454 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014ebc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16256 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f28, the value for the `cmd3` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16257 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_sx, at 0x9d014f7c, the value for the `cmd4` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16258 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015430, the value for the `usr` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16259 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_auth, at 0x9d015478, the value for the `pwd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16260 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015714, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16261 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015864, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16262 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_b, at 0x9d015a8c, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16263 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_b, at 0x9d015cfc, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16264 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd l_bt, at 0x9d016104, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16265 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016530, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16266 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d016578, the value for the `val` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16267 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d0165c0, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16268 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01672c, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16269 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_b, at 0x9d01679c, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16270 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016c94, the value for the `as_c` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16271 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_l, at 0x9d016cf0, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16272 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_ml, at 0x9d016fa8, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16273 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd e_u, at 0x9d017364, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16274 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d01758c, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16275 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d0175f4, the value for the `gbt` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16276 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_grp, at 0x9d017658, the value for the `gcmd` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16277 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01815c, the value for the `ip` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16278 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181a4, the value for the `port` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16279 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d0181ec, the value for the `gate` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16280 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d018234, the value for the `sub` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16281 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_net, at 0x9d01827c, the value for the `dhcp` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16282 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d0188a8, the value for the `name` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16283 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_name, at 0x9d018958, the value for the `city` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16284 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018e58, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16285 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018ea0, the value for the `dststart` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16286 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f00, the value for the `dstend` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16287 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_time, at 0x9d018f60, the value for the `dst` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16288 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_utc, at 0x9d0193ac, the value for the `offset` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16289 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d01980c, the value for the `sunrise` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16290 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sun, at 0x9d019854, the value for the `sunset` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16291 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd g_schd, at 0x9d019c50, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16292 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a010, the value for the `grp` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16293 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a144, the value for the `on` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16294 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a18c, the value for the `off` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16295 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a1d4, the value for the `days` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16296 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a21c, the value for the `oncmd` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16297 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_schd, at 0x9d01a264, the value for the `offcmd` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16298 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_raw, at 0x9d01aad8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16299 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ac74, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16300 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad14, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16301 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ad78, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16302 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01addc, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16303 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_ex, at 0x9d01ae40, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16304 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b20c, the value for the `id` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16305 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b2ac, the value for the `flg` key is copied using `strcpy` to the buffer at `$sp+0x280`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16306 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b310, the value for the `cmd1` key is copied using `strcpy` to the buffer at `$sp+0x2d0`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16307 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b374, the value for the `cmd2` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16308 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd sn_exw, at 0x9d01b3d8, the value for the `d` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16309 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_ch, at 0x9d01b7b0, the value for the `ch` key is copied using `strcpy` to the buffer at `$sp+0x334`.This buffer is 100 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16310 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd UpdateCheck, at 0x9d01bb64, the value for the `type` key is copied using `strcpy` to the buffer at `$sp+0x270`.This buffer is 16 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16311 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c028, the value for the `sn_discover` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16312 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c084, the value for the `s_ddelay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16313 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c1cc, the value for the `s_speaker` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16314 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c3a0, the value for the `s_state` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16315 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01c898, the value for the `g_meta_page` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16316 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d068, the value for the `g_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16317 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d16c, the value for the `g_group_off` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16318 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01d7a8, the value for the `g_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16319 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01ddd4, the value for the `s_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x290`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16320 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e050, the value for the `s_sonos_index` key is copied using `strcpy` to the buffer at `$sp+0x1b4`.This buffer is 8 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16321 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e228, the value for the `c_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16322 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e2f4, the value for the `s_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16323 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e368, the value for the `s_group_vol` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16324 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e3a8, the value for the `s_group_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16325 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_sonos, at 0x9d01e5f4, the value for the `sn_sonos_cmd` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16326 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_init_event, at 0x9d01ea88, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16327 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb08, the value for the `s_event_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16328 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb44, the value for the `s_event_delay` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16329 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01eb8c, the value for the `s_event_group` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16330 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ebd4, the value for the `s_tid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16331 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_alarm, at 0x9d01ec34, the value for the `s_aid` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16332 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01ed7c, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16333 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event, at 0x9d01edb8, the value for the `s_raw` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16334 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01ee70, the value for the `s_offset` key is copied using `strcpy` to the buffer at `$sp+0x2b0`.This buffer is 32 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16335 MISC |
insteon -- hub |
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability. In cmd s_event_var, at 0x9d01eeb0, the value for the `s_value` key is copied using `strcpy` to the buffer at `$sp+0x10`.This buffer is 244 bytes large, sending anything longer will cause a buffer overflow. | 2023-01-11 | not yet calculated |
CVE-2017-16336 MISC |
minichan -- minichan |
A vulnerability, which was classified as problematic, was found in Minichan. This affects an unknown part of the file reports.php. The manipulation of the argument headline leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is fc0e732e58630cba318d6bf49d1388a7aa9d390e. It is recommended to apply a patch to fix this issue. The identifier VDB-217785 was assigned to this vulnerability. | 2023-01-14 | not yet calculated |
CVE-2017-20167 MISC MISC MISC MISC |
piwallet -- piwallet |
A vulnerability was found in jfm-so piWallet. It has been rated as critical. Affected by this issue is some unknown functionality of the file api.php. The manipulation of the argument key leads to sql injection. The name of the patch is b420f8c4cbe7f06a34d1b05e90ee5cdfe0aa83bb. It is recommended to apply a patch to fix this issue. VDB-218006 is the identifier assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2017-20168 MISC MISC MISC MISC |
ton-masterserver-- ton-masterserver |
A vulnerability, which was classified as critical, has been found in GGGGGGGG ToN-MasterServer. Affected by this issue is some unknown functionality of the file public_html/irc_updater/svr_request_pub.php. The manipulation leads to sql injection. The name of the patch is 3a4c7e6d51bf95760820e3245e06c6e321a7168a. It is recommended to apply a patch to fix this issue. VDB-218306 is the identifier assigned to this vulnerability. | 2023-01-13 | not yet calculated |
CVE-2017-20169 MISC MISC MISC |
rapid7 -- nextpose_virtual_appliance/insightvm_virtual_appliance |
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots. | 2023-01-12 | not yet calculated |
CVE-2017-5242 CONFIRM |
tsn-ranksystem -- tsn-ranksystem |
A vulnerability has been found in Newcomer1989 TSN-Ranksystem up to 1.2.6 and classified as problematic. This vulnerability affects the function getlog of the file webinterface/bot.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.7 is able to address this issue. The name of the patch is b3a3cd8efe2cd3bd3c5b3b7abf2fe80dbee51b77. It is recommended to upgrade the affected component. VDB-218002 is the identifier assigned to this vulnerability. | 2023-01-11 | not yet calculated |
CVE-2018-25073 MISC MISC MISC MISC MISC |
skeemas -- skeemas |
A vulnerability was found in Prestaul skeemas and classified as problematic. This issue affects some unknown processing of the file validators/base.js. The manipulation of the argument uri leads to inefficient regular expression complexity. The name of the patch is 65e94eda62dc8dc148ab3e59aa2ccc086ac448fd. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218003. | 2023-01-11 | not yet calculated |
CVE-2018-25074 MISC MISC MISC |
papaparse -- papaparse |
A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004. | 2023-01-11 | not yet calculated |
CVE-2020-36649 MISC MISC MISC MISC MISC MISC |
node-gry -- node-gry |
A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019. | 2023-01-11 | not yet calculated |
CVE-2020-36650 MISC MISC MISC MISC MISC |
amd -- multiple_products |
Failure to validate the communication buffer and communication service in the BIOS may allow an attacker to tamper with the buffer resulting in potential SMM (System Management Mode) arbitrary code execution. | 2023-01-11 | not yet calculated |
CVE-2021-26316 MISC MISC |
amd -- 3rd_gen_epyc |
Failure to verify the mode of CPU execution at the time of SNP_INIT may lead to a potential loss of memory integrity for SNP guests. | 2023-01-11 | not yet calculated |
CVE-2021-26328 MISC |
amd -- 3rd_gen_epyc |
Insufficient validation in ASP BIOS and DRTM commands may allow malicious supervisor x86 software to disclose the contents of sensitive memory which may result in information disclosure. | 2023-01-11 | not yet calculated |
CVE-2021-26343 MISC |
amd -- ryzen_5000_series |
Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service. | 2023-01-11 | not yet calculated |
CVE-2021-26346 MISC |
amd -- 3rd_gen_epyc |
Insufficient fencing and checks in System Management Unit (SMU) may result in access to invalid message port registers that could result in a potential denial-of-service. | 2023-01-11 | not yet calculated |
CVE-2021-26355 MISC |
amd -- 3rd_gen_epyc |
Insufficient validation of address mapping to IO in ASP (AMD Secure Processor) may result in a loss of memory integrity in the SNP guest. | 2023-01-11 | not yet calculated |
CVE-2021-26396 MISC |
amd -- 1st_gen_epyc |
Insufficient input validation in SYS_KEY_DERIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential arbitrary code execution. | 2023-01-11 | not yet calculated |
CVE-2021-26398 MISC |
amd -- 2nd_gen_epyc |
Insufficient bounds checking in ASP (AMD Secure Processor) firmware while handling BIOS mailbox commands, may allow an attacker to write partially-controlled data out-of-bounds to SMM or SEV-ES regions which may lead to a potential loss of integrity and availability. | 2023-01-11 | not yet calculated |
CVE-2021-26402 MISC |
amd -- 1st_gen_epyc/2nd_gen_epyc |
Insufficient checks in SEV may lead to a malicious hypervisor disclosing the launch secret potentially resulting in compromise of VM confidentiality. | 2023-01-11 | not yet calculated |
CVE-2021-26403 MISC |
amd -- 3rd_gen_epyc |
Improper input validation and bounds checking in SEV firmware may leak scratch buffer bytes leading to potential information disclosure. | 2023-01-11 | not yet calculated |
CVE-2021-26404 MISC |
amd -- 2nd_gen_epyc |
A randomly generated Initialization Vector (IV) may lead to a collision of IVs with the same key potentially resulting in information disclosure. | 2023-01-11 | not yet calculated |
CVE-2021-26407 MISC |
amd -- 3rd_gen_epyc |
Insufficient bounds checking in SEV-ES may allow an attacker to corrupt Reverse Map table (RMP) memory, potentially resulting in a loss of SNP (Secure Nested Paging) memory integrity. | 2023-01-11 | not yet calculated |
CVE-2021-26409 MISC |
johnson_controls -- metasys_ads/adx/oas |
Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text. | 2023-01-13 | not yet calculated |
CVE-2021-36204 CERT CONFIRM |
zephyr -- zephyr |
usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. | 2023-01-11 | not yet calculated |
CVE-2021-3966 MISC |
amd -- 2nd_gen_epyc |
Insufficient input validation in the ASP may allow an attacker with physical access, unauthorized write access to memory potentially leading to a loss of integrity or denial of service. | 2023-01-11 | not yet calculated |
CVE-2021-46767 MISC |
amd -- 2nd_gen_epyc |
Insufficient input validation in SEV firmware may allow an attacker to perform out-of-bounds memory reads within the ASP boot loader, potentially leading to a denial of service. | 2023-01-11 | not yet calculated |
CVE-2021-46768 MISC |
amd -- 1st_gen_epyc |
Insufficient input validation in SVC_ECC_PRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP (AMD Secure Processor) OS memory which may lead to potential loss of integrity and availability. | 2023-01-11 | not yet calculated |
CVE-2021-46779 MISC |
amd -- 3rd_gen_epyc |
Insufficient input validation during parsing of the System Management Mode (SMM) binary may allow a maliciously crafted SMM executable binary to corrupt Dynamic Root of Trust for Measurement (DRTM) user application memory that may result in a potential denial of service. | 2023-01-11 | not yet calculated |
CVE-2021-46791 MISC |
amd -- ryzen_5000_series/ryzen_3000_series |
A TOCTOU (time-of-check to time-of-use) vulnerability exists where an attacker may use a compromised BIOS to cause the TEE OS to read memory out of bounds that could potentially result in a denial of service. | 2023-01-11 | not yet calculated |
CVE-2021-46795 MISC |
nim -- nim |
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.) | 2023-01-13 | not yet calculated |
CVE-2021-46872 MISC MISC MISC MISC MISC |
zephyr -- zephyr |
There is no check to see if slot 0 is being uploaded from the device to the host. When using encrypted images this means the unencrypted firmware can be retrieved easily. | 2023-01-11 | not yet calculated |
CVE-2022-0553 MISC |
publify -- publify |
Integer Overflow or Wraparound in GitHub repository publify/publify prior to 9.2.10. | 2023-01-14 | not yet calculated |
CVE-2022-1812 CONFIRM MISC |
global-modules-path-- global-modules-path |
Versions of the package global-modules-path before 3.0.0 are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the getPath function. | 2023-01-13 | not yet calculated |
CVE-2022-21191 MISC MISC MISC MISC |
hitachi_energy -- lumada_apm |
A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:* | 2023-01-12 | not yet calculated |
CVE-2022-2155 MISC |
neo4j -- neo4j-apoc-procedures |
APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j that provides hundreds of procedures and functions. A path traversal vulnerability found in the apoc.export.* procedures of apoc plugins in Neo4j Graph database. The issue allows a malicious actor to potentially break out of the expected directory. The vulnerability is such that files could only be created but not overwritten. For the vulnerability to be exploited, an attacker would need access to execute an arbitrary query, either by having access to an authenticated Neo4j client, or a Cypher injection vulnerability in an application. The minimum versions containing patch for this vulnerability are 4.4.0.12 and 4.3.0.12 and 5.3.1. As a workaround, you can control the allowlist of the procedures that can be used in your system, and/or turn off local file access by setting apoc.export.file.enabled=false. | 2023-01-14 | not yet calculated |
CVE-2022-23532 MISC MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc |
The software interfaces to ASP and SMU may not enforce the SNP memory security policy resulting in a potential loss of integrity of guest memory in a confidential compute environment. | 2023-01-11 | not yet calculated |
CVE-2022-23813 MISC |
amd -- 3rd_gen_epyc |
Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | 2023-01-11 | not yet calculated |
CVE-2022-23814 MISC |
com.fasterxml.util:java-merge-sort -- com.fasterxml.util:java-merge-sort |
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | 2023-01-12 | not yet calculated |
CVE-2022-24913 MISC MISC MISC |
rocket -- trufusion_enterprise |
A Server-Side Request Forgery (SSRF) in Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to gain access to sensitive resources on the internal network via a crafted HTTP request to /trufusionPortal/upDwModuleProxy. | 2023-01-12 | not yet calculated |
CVE-2022-25026 MISC |
rocket -- trufusion_enterprise |
The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | 2023-01-12 | not yet calculated |
CVE-2022-25027 MISC |
publify -- publify |
Insecure Storage of Sensitive Information in GitHub repository publify/publify prior to 9.2.10. | 2023-01-14 | not yet calculated |
CVE-2022-2815 CONFIRM MISC |
talend -- administration_center |
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. | 2023-01-10 | not yet calculated |
CVE-2022-30332 MISC MISC |
wildfly-elytron -- wildfly-elytron |
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user. | 2023-01-13 | not yet calculated |
CVE-2022-3143 MISC |
okta -- oidc_middleware |
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | 2023-01-12 | not yet calculated |
CVE-2022-3145 MISC |
siemens --jt2go/teamcenter_visualization |
The APDFL.dll contains a stack-based buffer overflow vulnerability that could be triggered while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2023-01-13 | not yet calculated |
CVE-2022-3159 MISC MISC MISC |
siemens --jt2go/teamcenter_visualization |
The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2023-01-13 | not yet calculated |
CVE-2022-3160 MISC MISC MISC |
siemens --jt2go/teamcenter_visualization |
The APDFL.dll contains a memory corruption vulnerability while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process. | 2023-01-13 | not yet calculated |
CVE-2022-3161 MISC MISC MISC |
ffmpeg -- ffmpeg |
A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. | 2023-01-12 | not yet calculated |
CVE-2022-3341 MISC MISC |
ibm -- sterling_partner_engagement_manager |
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.1 could allow an authenticated user to exhaust server resources which could lead to a denial of service. IBM X-Force ID: 229705. | 2023-01-11 | not yet calculated |
CVE-2022-34335 MISC MISC |
samba-- samba |
A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. | 2023-01-12 | not yet calculated |
CVE-2022-3437 MISC MISC MISC |
dell_emc -- secure_connect_gateway_policy_manager | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 2023-01-11 | not yet calculated |
CVE-2022-34440 MISC |
dell_emc -- secure_connect_gateway_policy_manager | Dell EMC SCG Policy Manager, versions from 5.10 to 5.12, contain(s) a contain a Hard-coded Cryptographic Key vulnerability. An attacker with the knowledge of the hard-coded sensitive information, could potentially exploit this vulnerability to login to the system to gain admin privileges. | 2023-01-11 | not yet calculated |
CVE-2022-34441 MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. | 2023-01-12 | not yet calculated |
CVE-2022-3514 CONFIRM MISC MISC |
libksba -- libksba |
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. | 2023-01-12 | not yet calculated |
CVE-2022-3515 MISC MISC MISC MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. Due to the improper filtering of query parameters in the wiki changes page, an attacker can execute arbitrary JavaScript on the self-hosted instances running without strict CSP. | 2023-01-12 | not yet calculated |
CVE-2022-3573 MISC MISC CONFIRM |
samba-- samba |
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | 2023-01-12 | not yet calculated |
CVE-2022-3592 MISC MISC MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service. | 2023-01-12 | not yet calculated |
CVE-2022-3613 MISC MISC CONFIRM |
linux -- kernel |
A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges. | 2023-01-12 | not yet calculated |
CVE-2022-3628 MISC |
fileorbis -- file_management_system |
The File Management System developed by FileOrbis before version 10.6.3 has an unauthenticated local file inclusion and path traversal vulnerability. This has been fixed in the version 10.6.3 | 2023-01-13 | not yet calculated |
CVE-2022-3693 CONFIRM |
keycloak -- keycloak |
keycloak: path traversal via double URL encoding. A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. An attacker can use this flaw to construct a malicious request to bypass validation and access other URLs and potentially sensitive information within the domain or possibly conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field. | 2023-01-13 | not yet calculated |
CVE-2022-3782 MISC |
rhacm -- rhacm |
RHACM: unauthenticated SSRF in console API endpoint. A Server-Side Request Forgery (SSRF) vulnerability was found in the console API endpoint from Red Hat Advanced Cluster Management for Kubernetes (RHACM). An attacker could take advantage of this as the console API endpoint is missing an authentication check, allowing unauthenticated users making requests. | 2023-01-13 | not yet calculated |
CVE-2022-3841 MISC |
wordpress -- wordpress |
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver. | 2023-01-14 | not yet calculated |
CVE-2022-38467 MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. GitLab allows unauthenticated users to download user avatars using the victim's user ID, on private instances that restrict public level visibility. | 2023-01-12 | not yet calculated |
CVE-2022-3870 MISC MISC CONFIRM |
h_c_mingham-smith_ltd -- tardis_2000 |
H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | 2023-01-12 | not yet calculated |
CVE-2022-39182 MISC |
moodle_plugin-saml_auth -- moodle_plugin-saml_auth |
Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | 2023-01-12 | not yet calculated |
CVE-2022-39183 MISC |
exfo -- bv-10_performance_endpoint_unit |
EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass. | 2023-01-12 | not yet calculated |
CVE-2022-39184 MISC |
exfo -- bv-10_performance_endpoint_unit |
EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user. | 2023-01-12 | not yet calculated |
CVE-2022-39185 MISC |
exfo -- bv-10_performance_endpoint_unit |
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions | 2023-01-12 | not yet calculated |
CVE-2022-39186 MISC |
rumpus -- ftp_server |
Rumpus - FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors. | 2023-01-12 | not yet calculated |
CVE-2022-39187 MISC |
linux -- kernel |
A use-after-free flaw was found in the Linux kernel MCTP (Management Component Transport Protocol) functionality. This issue occurs when a user simultaneously calls DROPTAG ioctl and socket close happens, which could allow a local user to crash the system or potentially escalate their privileges on the system. | 2023-01-12 | not yet calculated |
CVE-2022-3977 MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A race condition can lead to verified email forgery and takeover of third-party accounts when using GitLab as an OAuth provider. | 2023-01-12 | not yet calculated |
CVE-2022-4037 MISC MISC CONFIRM |
ibm -- sterling_partner_engagement_manager |
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208. | 2023-01-11 | not yet calculated |
CVE-2022-40615 MISC MISC |
qt_project -- qt |
An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2022-40983 MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. | 2023-01-12 | not yet calculated |
CVE-2022-4131 CONFIRM MISC MISC |
gitlab -- gitlab |
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them. | 2023-01-12 | not yet calculated |
CVE-2022-4167 CONFIRM MISC |
go -- go |
A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which could be attacker-manipulated to represent arbitrary HTTP2 requests. | 2023-01-13 | not yet calculated |
CVE-2022-41721 MISC MISC MISC |
delta_electronics -- infrasuite_device_master |
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior deserialize user-supplied data provided through the Device-DataCollect service port without proper verification. An attacker could provide malicious serialized objects to execute arbitrary code upon deserialization. | 2023-01-13 | not yet calculated |
CVE-2022-41778 MISC |
autolab -- autolab |
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | 2023-01-14 | not yet calculated |
CVE-2022-41955 MISC |
autolab -- autolab |
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature, whereby users are able to hand-in assignments using paths outside their submission directory. Users can then view the submission to view the file's contents. The vulnerability has been patched in version 2.10.0. As a workaround, ensure that the field for the remote handin feature is empty (Edit Assessment > Advanced > Remote handin path), and that you are not running Autolab as `root` (or any user that has write access to `/`). Alternatively, disable the remote handin feature if it is unneeded by replacing the body of `local_submit` in `app/controllers/assessment/handin.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`. | 2023-01-14 | not yet calculated |
CVE-2022-41956 MISC MISC |
mailenable -- webmail |
Authenticated mail users, under specific circumstances, could add files with unsanitized content in public folders where the IIS user had permission to access. That action, could lead an attacker to store arbitrary code on that files and execute RCE commands. | 2023-01-13 | not yet calculated |
CVE-2022-42136 MISC MISC |
nvidia -- multiple_omniverse_products |
Omniverse Kit contains a vulnerability in the reference applications Create, Audio2Face, Isaac Sim, View, Code, and Machinima. These applications allow executable Python code to be embedded in Universal Scene Description (USD) files to customize all aspects of a scene. If a user opens a USD file that contains embedded Python code in one of these applications, the embedded Python code automatically runs with the privileges of the user who opened the file. As a result, an unprivileged remote attacker could craft a USD file containing malicious Python code and persuade a local user to open the file, which may lead to information disclosure, data tampering, and denial of service. | 2023-01-13 | not yet calculated |
CVE-2022-42268 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution | 2023-01-11 | not yet calculated |
CVE-2022-42271 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow, which may lead to code execution, denial of service or escalation of privileges. | 2023-01-12 | not yet calculated |
CVE-2022-42272 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in libwebsocket, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 2023-01-12 | not yet calculated |
CVE-2022-42273 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 2023-01-13 | not yet calculated |
CVE-2022-42274 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC IPMI handler allows an unauthenticated host to write to a host SPI flash bypassing secureboot protections. This may lead to a loss of integrity and denial of service. | 2023-01-13 | not yet calculated |
CVE-2022-42275 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | 2023-01-13 | not yet calculated |
CVE-2022-42276 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | 2023-01-13 | not yet calculated |
CVE-2022-42277 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42278 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42279 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST auth handler, where an un-authorized attacker can exploit a path traversal, which may lead to authentication bypass. | 2023-01-13 | not yet calculated |
CVE-2022-42280 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the FsRecovery, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. | 2023-01-13 | not yet calculated |
CVE-2022-42281 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure. | 2023-01-13 | not yet calculated |
CVE-2022-42282 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can cause a buffer overflow and cause a denial of service or gain code execution. | 2023-01-13 | not yet calculated |
CVE-2022-42283 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC stores user passwords in an obfuscated form in a database accessible by the host. This may lead to a credentials exposure. | 2023-01-13 | not yet calculated |
CVE-2022-42284 MISC |
nvidia -- nvidia_dgx_servers |
DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42285 MISC |
nvidia -- nvidia_dgx_servers |
DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges. | 2023-01-13 | not yet calculated |
CVE-2022-42286 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an authorized attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of privileges, information disclosure and data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42287 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure. | 2023-01-13 | not yet calculated |
CVE-2022-42288 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42289 MISC |
nvidia -- nvidia_dgx_servers |
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure and data tampering. | 2023-01-13 | not yet calculated |
CVE-2022-42290 MISC |
servicenow -- service_catalog_widget |
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget. | 2023-01-13 | not yet calculated |
CVE-2022-42704 MISC |
careteditor -- caret |
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview mode is enabled. This directly leads to client-side code execution. | 2023-01-11 | not yet calculated |
CVE-2022-42967 CONFIRM |
zyxel -- nr7101_firmware |
A buffer overflow vulnerability in the library of the web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 2023-01-11 | not yet calculated |
CVE-2022-43389 CONFIRM |
zyxel -- nr7101_firmware |
A command injection vulnerability in the CGI program of Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to execute some OS commands on a vulnerable device by sending a crafted HTTP request. | 2023-01-11 | not yet calculated |
CVE-2022-43390 CONFIRM |
zyxel -- nr7101_firmware |
A buffer overflow vulnerability in the parameter of the CGI program in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted HTTP request. | 2023-01-11 | not yet calculated |
CVE-2022-43391 CONFIRM |
zyxel -- nr7101_firmware |
A buffer overflow vulnerability in the parameter of web server in Zyxel NR7101 firmware prior to V1.15(ACCC.3)C0, which could allow an authenticated attacker to cause denial-of-service (DoS) conditions by sending a crafted authorization request. | 2023-01-11 | not yet calculated |
CVE-2022-43392 CONFIRM |
zyxel -- nr7101_firmware |
An improper check for unusual or exceptional conditions in the HTTP request processing function of Zyxel GS1920-24v2 firmware prior to V4.70(ABMH.8)C0, which could allow an unauthenticated attacker to corrupt the contents of the memory and result in a denial-of-service (DoS) condition on a vulnerable device. | 2023-01-11 | not yet calculated |
CVE-2022-43393 CONFIRM |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook. | 2023-01-12 | not yet calculated |
CVE-2022-4342 CONFIRM MISC MISC |
wireshark -- wireshark |
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | 2023-01-12 | not yet calculated |
CVE-2022-4344 CONFIRM MISC |
wireshark -- wireshark |
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file | 2023-01-12 | not yet calculated |
CVE-2022-4345 CONFIRM MISC |
qt_project -- qt |
A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2022-43591 MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page. | 2023-01-12 | not yet calculated |
CVE-2022-4365 MISC CONFIRM MISC |
systemd -- systemd |
A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting. | 2023-01-11 | not yet calculated |
CVE-2022-4415 MISC MISC |
cloudflare -- warp |
support_uri parameter in the WARP client local settings file (mdm.xml) lacked proper validation which allowed for privilege escalation and launching an arbitrary executable on the local machine upon clicking on the "Send feedback" option. An attacker with access to the local file system could use a crafted XML config file pointing to a malicious file or set a local path to the executable using Cloudflare Zero Trust Dashboard (for Zero Trust enrolled clients). | 2023-01-11 | not yet calculated |
CVE-2022-4428 MISC |
cloudflare -- warp |
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device. | 2023-01-11 | not yet calculated |
CVE-2022-4457 MISC |
tp-link -- wr710n/archer_c5 |
In TP-Link routers, Archer C5 and WR710N-V1, running the latest available code, when receiving HTTP Basic Authentication the httpd service can be sent a crafted packet that causes a heap overflow. This can result in either a DoS (by crashing the httpd process) or an arbitrary code execution. | 2023-01-11 | not yet calculated |
CVE-2022-4498 MISC |
tp-link -- wr710n/archer_c5 |
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password. | 2023-01-11 | not yet calculated |
CVE-2022-4499 MISC |
archibus -- web_central |
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection. | 2023-01-10 | not yet calculated |
CVE-2022-45165 MISC |
rust-lang_webbrowser-rs -- rust-lang_webbrowser-rs |
An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL. | 2023-01-13 | not yet calculated |
CVE-2022-45299 MISC |
wordpress -- wordpress |
Broken Access Control in Betheme theme <= 26.6.1 on WordPress. | 2023-01-14 | not yet calculated |
CVE-2022-45353 MISC |
linux -- kernel |
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. | 2023-01-11 | not yet calculated |
CVE-2022-4543 MISC MISC |
sourcecodester -- doctor_appointment_management_system |
Doctor Appointment Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2023-01-12 | not yet calculated |
CVE-2022-45728 MISC |
sourcecodester -- doctor_appointment_management_system |
A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Employee ID parameter. | 2023-01-12 | not yet calculated |
CVE-2022-45729 MISC |
sourcecodester -- hospital_management_system |
Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password. | 2023-01-13 | not yet calculated |
CVE-2022-46093 MISC |
delta_industrial_automation -- 4g_router_dx-3201 |
The webserver in Delta DX-3021 versions prior to 1.24 is vulnerable to command injection through the network diagnosis page. This vulnerability could allow a remote unauthenticated user to add files, delete files, and change file permissions. | 2023-01-13 | not yet calculated |
CVE-2022-4616 MISC MISC |
opensuse -- travel-support-program |
Travel support program is a rails app to support the travel support program of openSUSE (TSP). Sensitive user data (bank account details, password Hash) can be extracted via Ransack query injection. Every deployment of travel-support-program below the patched version is affected. The travel-support-program uses the Ransack library to implement search functionality. In its default configuration, Ransack will allow for query conditions based on properties of associated database objects [1]. The `*_start`, `*_end` or `*_cont` search matchers [2] can then be abused to exfiltrate sensitive string values of associated database objects via character-by-character brute-force (A match is indicated by the returned JSON not being empty). A single bank account number can be extracted with <200 requests, a password hash can be extracted with ~1200 requests, all within a few minutes. The problem has been patched in commit d22916275c51500b4004933ff1b0a69bc807b2b7. In order to work around this issue, you can also cherry pick that patch, however it will not work without the Rails 5.0 migration that was done in #150, which in turn had quite a few pull requests it depended on. | 2023-01-10 | not yet calculated |
CVE-2022-46163 MISC MISC MISC |
rust-lang_cargo -- rust-lang_cargo |
Cargo is a Rust package manager. The Rust Security Response WG was notified that Cargo did not perform SSH host key verification when cloning indexes and dependencies via SSH. An attacker could exploit this to perform man-in-the-middle (MITM) attacks. This vulnerability has been assigned CVE-2022-46176. All Rust versions containing Cargo before 1.66.1 are vulnerable. Note that even if you don't explicitly use SSH for alternate registry indexes or crate dependencies, you might be affected by this vulnerability if you have configured git to replace HTTPS connections to GitHub with SSH (through git's [`url.<base>.insteadOf`][1] setting), as that'd cause you to clone the crates.io index through SSH. Rust 1.66.1 will ensure Cargo checks the SSH host key and abort the connection if the server's public key is not already trusted. We recommend everyone to upgrade as soon as possible. | 2023-01-11 | not yet calculated |
CVE-2022-46176 MISC MISC |
black_box -- multiple_products |
Black Box KVM Firmware version 3.4.31307 on models ACR1000A-R-R2, ACR1000A-T-R2, ACR1002A-T, ACR1002A-R, and ACR1020A-T is vulnerable to path traversal, which may allow an attacker to steal user credentials and other sensitive information through local file inclusion. | 2023-01-10 | not yet calculated |
CVE-2022-4636 MISC |
rumpus -- ftp_server |
Rumpus - FTP server Cross-site request forgery (CSRF) – Privilege escalation vulnerability that may allow privilege escalation. | 2023-01-12 | not yet calculated |
CVE-2022-46367 MISC |
rumpus -- ftp_server |
Rumpus - FTP server version 9.0.7.1 Cross-site request forgery (CSRF) – vulnerability may allow unauthorized action on behalf of authenticated users. | 2023-01-12 | not yet calculated |
CVE-2022-46368 MISC |
rumpus -- ftp_server |
Rumpus - FTP server version 9.0.7.1 Persistent cross-site scripting (PXSS) – vulnerability may allow inserting scripts into unspecified input fields. | 2023-01-12 | not yet calculated |
CVE-2022-46369 MISC |
rumpus -- ftp_server |
Rumpus - FTP server version 9.0.7.1 Improper Token Verification– vulnerability may allow bypassing identity verification. | 2023-01-12 | not yet calculated |
CVE-2022-46370 MISC |
alotcer -- ar7088h-a |
Alotcer - AR7088H-A firmware version 16.10.3 Information disclosure. Unspecified error message contains the default administrator user name. | 2023-01-12 | not yet calculated |
CVE-2022-46371 MISC |
alotcer -- ar7088h-a |
Alotcer - AR7088H-A firmware version 16.10.3 Command execution Improper validation of unspecified input field may allow Authenticated command execution. | 2023-01-12 | not yet calculated |
CVE-2022-46372 MISC |
douphp -- douphp |
A cross-site scripting (XSS) vulnerability in the /admin/article_category.php component of DouPHP v1.7 20221118 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the description parameter. | 2023-01-13 | not yet calculated |
CVE-2022-46438 MISC |
harbor -- harbor |
An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication. | 2023-01-13 | not yet calculated |
CVE-2022-46463 MISC |
sourcecodester -- online-health_care_system |
Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php. | 2023-01-13 | not yet calculated |
CVE-2022-46471 MISC |
sourcecodester -- helmet_store_showroom_site |
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /hss/classes/Users.php?f=delete. | 2023-01-12 | not yet calculated |
CVE-2022-46472 MISC |
datax-web -- datax-web |
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized data. | 2023-01-13 | not yet calculated |
CVE-2022-46478 MISC |
sourcecodester -- online_student_enrollment_system |
Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php. | 2023-01-13 | not yet calculated |
CVE-2022-46502 MISC |
sourcecodester -- online_student_enrollment_system |
A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter. | 2023-01-12 | not yet calculated |
CVE-2022-46503 MISC |
sourcecodester -- judging_management_system |
A cross-site scripting (XSS) vulnerability in Judging Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | 2023-01-12 | not yet calculated |
CVE-2022-46622 MISC |
sourcecodester -- judging_management_system |
Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the username parameter. | 2023-01-12 | not yet calculated |
CVE-2022-46623 MISC |
sourcecodester -- helmet_store_showroom_site |
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_brand. | 2023-01-13 | not yet calculated |
CVE-2022-46946 MISC |
sourcecodester -- helmet_store_showroom_site |
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 2023-01-13 | not yet calculated |
CVE-2022-46947 MISC |
sourcecodester -- helmet_store_showroom_site |
Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_helmet. | 2023-01-13 | not yet calculated |
CVE-2022-46949 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_window. | 2023-01-13 | not yet calculated |
CVE-2022-46950 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_uploads. | 2023-01-13 | not yet calculated |
CVE-2022-46951 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_user. | 2023-01-13 | not yet calculated |
CVE-2022-46952 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_window. | 2023-01-13 | not yet calculated |
CVE-2022-46953 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction. | 2023-01-13 | not yet calculated |
CVE-2022-46954 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue. | 2023-01-13 | not yet calculated |
CVE-2022-46955 MISC |
sourcecodester -- dynamic_transaction_queing_system |
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. | 2023-01-13 | not yet calculated |
CVE-2022-46956 MISC |
linux -- kernel |
There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above | 2023-01-11 | not yet calculated |
CVE-2022-4696 MISC MISC |
student_study_center_management_system -- student_study_center_management_system |
A cross-site scripting (XSS) vulnerability in Student Study Center Management System V 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 2023-01-12 | not yet calculated |
CVE-2022-47102 MISC |
sdl2 -- sdl2 |
A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. | 2023-01-12 | not yet calculated |
CVE-2022-4743 MISC MISC MISC MISC |
mediawiki -- mediawiki |
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data. | 2023-01-12 | not yet calculated |
CVE-2022-47927 MISC MISC |
siemens -- multiple_products |
A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a memory corruption vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19078) | 2023-01-10 | not yet calculated |
CVE-2022-47935 MISC |
siemens -- solid_edge |
A vulnerability has been identified in Solid Edge (All versions < V2023 MP1). The DOCMGMT.DLL contains a memory corruption vulnerability that could be triggered while parsing files in different file formats such as PAR, ASM, DFT. This could allow an attacker to execute code in the context of the current process. | 2023-01-10 | not yet calculated |
CVE-2022-47967 MISC |
hotel-mgmt-system -- hotel-mgmt-system |
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php. | 2023-01-13 | not yet calculated |
CVE-2022-48090 MISC |
hotel-mgmt-system -- hotel-mgmt-system |
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to Cross Site Scripting (XSS) via process_update_profile.php. | 2023-01-13 | not yet calculated |
CVE-2022-48091 MISC |
pi.alert -- pi.altert |
The jokob-sk/Pi.Alert fork (before 22.12.20) of Pi.Alert allows Remote Code Execution via nmap_scan.php (scan parameter) OS Command Injection. | 2023-01-11 | not yet calculated |
CVE-2022-48252 MISC |
nostromo -- nostromo |
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to execute arbitrary commands on the remote server. The vulnerability occurs when the homedirs option is used. | 2023-01-11 | not yet calculated |
CVE-2022-48253 MISC MISC |
technitium_software -- dns_server |
Technitium DNS Server before 10.0 allows a self-CNAME denial-of-service attack in which a CNAME loop causes an answer to contain hundreds of records. | 2023-01-13 | not yet calculated |
CVE-2022-48256 MISC |
multiple_products -- multiple_products |
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. | 2023-01-13 | not yet calculated |
CVE-2022-48257 MISC MISC |
multiple_products -- multiple_products |
In Eternal Terminal 6.2.1, etserver and etclient have world-readable logfiles. | 2023-01-13 | not yet calculated |
CVE-2022-48258 MISC MISC |
linux -- kernel |
A flaw NULL Pointer Dereference in the Linux kernel NTFS3 driver function attr_punch_hole() was found. A local user could use this flaw to crash the system. | 2023-01-12 | not yet calculated |
CVE-2022-4842 MISC |
netcomm -- multiple_products |
On Netcomm router models NF20MESH, NF20, and NL1902 a stack based buffer overflow affects the sessionKey parameter. By providing a specific number of bytes, the instruction pointer is able to be overwritten on the stack and crashes the application at a known location. | 2023-01-11 | not yet calculated |
CVE-2022-4873 MISC |
netcomm -- multiple_products | Authentication bypass in Netcomm router models NF20MESH, NF20, and NL1902 allows an unauthenticated user to access content. In order to serve static content, the application performs a check for the existence of specific characters in the URL (.css, .png etc). If it exists, it performs a "fake login" to give the request an active session to load the file and not redirect to the login page. | 2023-01-11 | not yet calculated |
CVE-2022-4874 MISC |
jefferson -- jefferson |
A vulnerability has been found in sviehb jefferson up to 0.3 and classified as critical. This vulnerability affects unknown code of the file src/scripts/jefferson. The manipulation leads to path traversal. The attack can be initiated remotely. Upgrading to version 0.4 is able to address this issue. The name of the patch is 53b3f2fc34af0bb32afbcee29d18213e61471d87. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218020. | 2023-01-11 | not yet calculated |
CVE-2022-4885 MISC MISC MISC MISC MISC |
sap -- bmc_ms |
SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries. The exploitation of this issue could lead to SQL injection vulnerability and could allow an attacker to access, modify, and/or delete data from the backend database. | 2023-01-10 | not yet calculated |
CVE-2023-0016 MISC MISC |
sap -- businessobjects_business_intelligence_platform_analysis_edition_for_olap |
SAP BusinessObjects Business Intelligence Analysis edition for OLAP allows an authenticated attacker to inject malicious code that can be executed by the application over the network. On successful exploitation, an attacker can perform operations that may completely compromise the application causing a high impact on the confidentiality, integrity, and availability of the application. | 2023-01-10 | not yet calculated |
CVE-2023-0022 MISC MISC |
gitlab -- gitlab |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | 2023-01-12 | not yet calculated |
CVE-2023-0042 MISC CONFIRM |
keycloak -- keycloak |
A flaw was found in Keycloak, where it did not properly check client tokens for possible revocation in its client credential flow. This flaw allows an attacker to access or modify potentially sensitive information. | 2023-01-13 | not yet calculated |
CVE-2023-0091 MISC |
keycloak -- keycloak | A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them. | 2023-01-13 | not yet calculated |
CVE-2023-0105 MISC |
google -- chrome | Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | not yet calculated |
CVE-2023-0130 MISC MISC |
google -- chrome | Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | 2023-01-10 | not yet calculated |
CVE-2023-0131 MISC MISC |
trellix -- application_and_change_control | Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | 2023-01-13 | not yet calculated |
CVE-2023-0221 MISC |
pyload -- pyload | Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | 2023-01-12 | not yet calculated |
CVE-2023-0227 CONFIRM MISC |
tuzicms -- tuzicms | A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file App\Manage\Controller\ArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151. | 2023-01-12 | not yet calculated |
CVE-2023-0243 MISC MISC MISC |
tuzicms -- tuzicms | A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file \App\Manage\Controller\KefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152. | 2023-01-12 | not yet calculated |
CVE-2023-0244 MISC MISC MISC |
sourcecodester -- online-flight-booking-management-system | A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System. This issue affects some unknown processing of the file add_contestant.php. The manipulation of the argument add_contestant leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218153 was assigned to this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2023-0245 MISC MISC MISC |
earthlink -- espcms | A vulnerability, which was classified as problematic, was found in earthlink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2023-0246 MISC MISC MISC |
bits-and-blooms -- blooms | Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1. | 2023-01-12 | not yet calculated |
CVE-2023-0247 CONFIRM MISC |
wordpress -- wordpress | The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2023-01-12 | not yet calculated |
CVE-2023-0254 MISC MISC |
sourcecodester -- online_food_ordering_system | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /fos/admin/ajax.php?action=login of the component Login Page. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-218184. | 2023-01-12 | not yet calculated |
CVE-2023-0256 MISC MISC |
sourcecodester -- online_food_ordering_system | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image with the input <?php system($_GET['c']); ?> leads to unrestricted upload. The attack can be launched remotely. The identifier VDB-218185 was assigned to this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2023-0257 MISC MISC |
sourcecodester -- online_food_ordering_system | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input "><script>prompt(1)</script> leads to cross site scripting. The attack may be launched remotely. VDB-218186 is the identifier assigned to this vulnerability. | 2023-01-12 | not yet calculated |
CVE-2023-0258 MISC MISC |
sourcecodester -- online_flight_booking_management_system | A vulnerability was found in SourceCodester Online Flight Booking Management System. It has been rated as critical. Affected by this issue is some unknown functionality of the file judge_panel.php. The manipulation of the argument subevent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218276. | 2023-01-13 | not yet calculated |
CVE-2023-0281 MISC MISC MISC |
sourcecodester -- online_flight_booking_management_system | A vulnerability classified as critical has been found in SourceCodester Online Flight Booking Management System. This affects an unknown part of the file review_search.php of the component POST Parameter Handler. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-218277 was assigned to this vulnerability. | 2023-01-13 | not yet calculated |
CVE-2023-0283 MISC MISC MISC |
ityouknow -- favorites-web | A vulnerability was found in ityouknow favorites-web. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-218294 is the identifier assigned to this vulnerability. | 2023-01-13 | not yet calculated |
CVE-2023-0287 MISC MISC MISC |
vim -- vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1189. | 2023-01-13 | not yet calculated |
CVE-2023-0288 CONFIRM MISC |
webcalendar -- webcalendar | Cross-site Scripting (XSS) - Stored in GitHub repository craigk5n/webcalendar prior to master. | 2023-01-13 | not yet calculated |
CVE-2023-0289 CONFIRM MISC |
wordpress -- wordpress | The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change image categories, which it uses to arrange them in folder views. | 2023-01-13 | not yet calculated |
CVE-2023-0293 MISC MISC |
wordpress -- wordpress | The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2023-01-13 | not yet calculated |
CVE-2023-0294 MISC MISC |
wordpress -- wordpress | The Launchpad plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its settings parameters in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2023-01-13 | not yet calculated |
CVE-2023-0295 MISC MISC |
pyload -- pyload | Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. | 2023-01-14 | not yet calculated |
CVE-2023-0297 MISC CONFIRM |
firefly-iii -- firefly-iii | Improper Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. | 2023-01-14 | not yet calculated |
CVE-2023-0298 MISC CONFIRM |
publify -- publify | Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. | 2023-01-14 | not yet calculated |
CVE-2023-0299 CONFIRM MISC |
alfio-event --alfi.io | Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. | 2023-01-14 | not yet calculated |
CVE-2023-0300 CONFIRM MISC |
alfio-event --alfi.io | Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. | 2023-01-14 | not yet calculated |
CVE-2023-0301 CONFIRM MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20522 MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20523 MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20525 MISC |
amd -- multiple_products | Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. | 2023-01-11 | not yet calculated |
CVE-2023-20527 MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. | 2023-01-11 | not yet calculated |
CVE-2023-20528 MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20529 MISC |
amd -- 3rd_gen_epyc | Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20530 MISC |
amd -- 2nd_gen_epyc | Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20531 MISC |
amd -- 2nd_gen_epyc/3rd_gen_epyc | Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. | 2023-01-11 | not yet calculated |
CVE-2023-20532 MISC |
nextcloud -- security_advisories | Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. A database error can be generated potentially causing a DoS when performed multiple times. There are currently no known workarounds. It is recommended that the Nextcloud Server is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | 2023-01-14 | not yet calculated |
CVE-2023-22470 MISC MISC |
nextcloud -- security_advisories |
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Broken access control allows a user to delete attachments of other users. There are currently no known workarounds. It is recommended that the Nextcloud Deck app is upgraded to 1.6.5 or 1.7.3 or 1.8.2. | 2023-01-14 | not yet calculated |
CVE-2023-22471 MISC MISC |
kubeoperator -- kubepi | KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds. | 2023-01-14 | not yet calculated |
CVE-2023-22478 MISC MISC MISC |
kubeoperator -- kubeoperator | KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4. | 2023-01-14 | not yet calculated |
CVE-2023-22480 MISC MISC MISC |
flarum -- framework | Flarum is a forum software for building communities. Using the mentions feature provided by the flarum/mentions extension, users can mention any post ID on the forum with the special `@"<username>"#p<id>` syntax. The following behavior never changes no matter if the actor should be able to read the mentioned post or not: A URL to the mentioned post is inserted into the actor post HTML, leaking its discussion ID and post number. The `mentionsPosts` relationship included in the `POST /api/posts` and `PATCH /api/posts/<id>` JSON responses leaks the full JSON:API payload of all mentioned posts without any access control. This includes the content, date, number and attributes added by other extensions. An attacker only needs the ability to create new posts on the forum to exploit the vulnerability. This works even if new posts require approval. If they have the ability to edit posts, the attack can be performed even more discreetly by using a single post to scan any size of database and hiding the attack post content afterward. The attack allows the leaking of all posts in the forum database, including posts awaiting approval, posts in tags the user has no access to, and private discussions created by other extensions like FriendsOfFlarum Byobu. This also includes non-comment posts like tag changes or renaming events. The discussion payload is not leaked but using the mention HTML payload it's possible to extract the discussion ID of all posts and combine all posts back together into their original discussions even if the discussion title remains unknown. All Flarum versions prior to 1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. As a workaround, user can disable the mentions extension. | 2023-01-11 | not yet calculated |
CVE-2023-22487 MISC MISC |
flarum -- framework | Flarum is a forum software for building communities. Using the notifications feature, one can read restricted/private content and bypass access checks that would be in place for such content. The notification-sending component does not check that the subject of the notification can be seen by the receiver, and proceeds to send notifications through their different channels. The alerts do not leak data despite this as they are listed based on a visibility check, however, emails are still sent out. This means that, for extensions which restrict access to posts, any actor can bypass the restriction by subscribing to the discussion if the Subscriptions extension is enabled. The attack allows the leaking of some posts in the forum database, including posts awaiting approval, posts in tags the user has no access to if they could subscribe to a discussion before it becomes private, and posts restricted by third-party extensions. All Flarum versions prior to v1.6.3 are affected. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible to v1.6.3. As a workaround, disable the Flarum Subscriptions extension or disable email notifications altogether. There are no other supported workarounds for this issue for Flarum versions below 1.6.3. | 2023-01-12 | not yet calculated |
CVE-2023-22488 MISC MISC |
flarum -- framework | Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot successfully create a reply because the API will fail with a 500 error when the user ID 0 is inserted into the database. This happens because when the first post of a discussion is permanently deleted, the `first_post_id` attribute of the discussion becomes `null` which causes access control to be skipped for all new replies. Flarum automatically makes discussions with zero comments invisible so an additional condition for this vulnerability is that the discussion must have at least one approved reply so that `discussions.comment_count` is still above zero after the post deletion. This can open the discussion to uncontrolled spam or just unintentional replies if users still had their tab open before the vulnerable discussion was locked and then post a reply when they shouldn't be able to. In combination with the email notification settings, this could also be used as a way to send unsolicited emails. Versions between `v1.3.0` and `v1.6.3` are impacted. The vulnerability has been fixed and published as flarum/core v1.6.3. All communities running Flarum should upgrade as soon as possible. There are no known workarounds. | 2023-01-13 | not yet calculated |
CVE-2023-22489 MISC MISC MISC |
gatsby -- gatsby | Gatsby is a free and open source framework based on React that helps developers build websites and apps. The gatsby-transformer-remark plugin prior to versions 5.25.1 and 6.3.2 passes input through to the `gray-matter` npm package, which is vulnerable to JavaScript injection in its default configuration, unless input is sanitized. The vulnerability is present in gatsby-transformer-remark when passing input in data mode (querying MarkdownRemark nodes via GraphQL). Injected JavaScript executes in the context of the build server. To exploit this vulnerability untrusted/unsanitized input would need to be sourced by or added into a file processed by gatsby-transformer-remark. A patch has been introduced in `gatsby-transformer-remark@5.25.1` and `gatsby-transformer-remark@6.3.2` which mitigates the issue by disabling the `gray-matter` JavaScript Frontmatter engine. As a workaround, if an older version of `gatsby-transformer-remark` must be used, input passed into the plugin should be sanitized ahead of processing. It is encouraged for projects to upgrade to the latest major release branch for all Gatsby plugins to ensure the latest security updates and bug fixes are received in a timely manner. | 2023-01-13 | not yet calculated |
CVE-2023-22491 MISC |
zitadel -- zitadel | ZITADEL is a combination of Auth0 and Keycloak. RefreshTokens is an OAuth 2.0 feature that allows applications to retrieve new access tokens and refresh the user's session without the need for interacting with a UI. RefreshTokens were not invalidated when a user was locked or deactivated. The deactivated or locked user was able to obtain a valid access token only through a refresh token grant. When the locked or deactivated user’s session was already terminated (“logged out”) then it was not possible to create a new session. Renewal of access token through a refresh token grant is limited to the configured amount of time (RefreshTokenExpiration). As a workaround, ensure the RefreshTokenExpiration in the OIDC settings of your instance is set according to your security requirements. This issue has been patched in versions 2.17.3 and 2.16.4. | 2023-01-11 | not yet calculated |
CVE-2023-22492 MISC MISC MISC |
rsshub -- rsshub | RSSHub is an open source RSS feed generator. RSSHub is vulnerable to Server-Side Request Forgery (SSRF) attacks. This vulnerability allows an attacker to send arbitrary HTTP requests from the server to other servers or resources on the network. An attacker can exploit this vulnerability by sending a request to the affected routes with a malicious URL. An attacker could also use this vulnerability to send requests to internal or any other servers or resources on the network, potentially gain access to sensitive information that would not normally be accessible and amplifying the impact of the attack. The patch for this issue can be found in commit a66cbcf. | 2023-01-13 | not yet calculated |
CVE-2023-22493 MISC MISC MISC |
maif -- izanami | Izanami is a shared configuration service well-suited for micro-service architecture implementation. Attackers can bypass the authentication in this application when deployed using the official Docker image. Because a hard coded secret is used to sign the authentication token (JWT), an attacker could compromise another instance of Izanami. This issue has been patched in version 1.11.0. | 2023-01-14 | not yet calculated |
CVE-2023-22495 MISC MISC |
netdata -- netdata | Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. An attacker with the ability to establish a streaming connection can execute arbitrary commands on the targeted Netdata agent. When an alert is triggered, the function `health_alarm_execute` is called. This function performs different checks and then enqueues a command by calling `spawn_enq_cmd`. This command is populated with several arguments that are not sanitized. One of them is the `registry_hostname` of the node for which the alert is raised. By providing a specially crafted `registry_hostname` as part of the health data that is streamed to a Netdata (parent) agent, an attacker can execute arbitrary commands at the remote host as a side-effect of the raised alert. Note that the commands are executed as the user running the Netdata Agent. This user is usually named `netdata`. The ability to run arbitrary commands may allow an attacker to escalate privileges by escalating other vulnerabilities in the system, as that user. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, streaming is not enabled by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability. | 2023-01-14 | not yet calculated |
CVE-2023-22496 MISC |
netdata -- netdata | Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Each Netdata Agent has an automatically generated MACHINE GUID. It is generated when the agent first starts and it is saved to disk, so that it will persist across restarts and reboots. Anyone who has access to a Netdata Agent has access to its MACHINE_GUID. Streaming is a feature that allows a Netdata Agent to act as parent for other Netdata Agents (children), offloading children from various functions (increased data retention, ML, health monitoring, etc) that can now be handled by the parent Agent. Configuration is done via `stream.conf`. On the parent side, users configure in `stream.conf` an API key (any random UUID can do) to provide common configuration for all children using this API key and per MACHINE GUID configuration to customize the configuration for each child. The way this was implemented, allowed an attacker to use a valid MACHINE_GUID as an API key. This affects all users who expose their Netdata Agents (children) to non-trusted users and they also expose to the same users Netdata Agent parents that aggregate data from all these children. The problem has been fixed in: Netdata agent v1.37 (stable) and Netdata agent v1.36.0-409 (nightly). As a workaround, do not enable streaming by default. If you have previously enabled this, it can be disabled. Limiting access to the port on the recipient Agent to trusted child connections may mitigate the impact of this vulnerability. | 2023-01-14 | not yet calculated |
CVE-2023-22497 MISC MISC |
inhands_network -- inrouter_302/inrouter_615 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal sensitive information such as configuration information and MQTT credentials; this could allow MQTT command injection. | 2023-01-12 | not yet calculated |
CVE-2023-22597 MISC |
inhands_network -- inrouter_302/inrouter_615 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges. | 2023-01-12 | not yet calculated |
CVE-2023-22598 MISC |
inhands_network -- inrouter_302/inrouter_615 |
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into an MD5 hash. This string could be easily calculated by an unauthorized user who spoofed sending an HTTP/HTTPS request to the devices. This could result in the affected devices being temporarily disconnected from the cloud platform and allow the user to receive MQTT commands with potentially sensitive information. | 2023-01-12 | not yet calculated |
CVE-2023-22599 MISC |
inhands_network -- inrouter_302/inrouter_615 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send and receive messages to and from that topic. This includes the ability to send GET/SET configuration commands, reboot commands, and push firmware updates. | 2023-01-12 | not yet calculated |
CVE-2023-22600 MISC |
inhands_network -- inrouter_302/inrouter_615 | InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about other InHand devices managed on the same cloud platform. | 2023-01-12 | not yet calculated |
CVE-2023-22601 MISC |
apache -- shiro | When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` | 2023-01-14 | not yet calculated |
CVE-2023-22602 MISC |
tiki -- tiki | Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. | 2023-01-14 | not yet calculated |
CVE-2023-22850 MISC MISC |
wordpress -- wordpress | Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. | 2023-01-14 | not yet calculated |
CVE-2023-22851 MISC MISC |
tiki -- tiki |
Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. | 2023-01-14 | not yet calculated |
CVE-2023-22852 MISC MISC |
tiki -- tiki |
Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. | 2023-01-14 | not yet calculated |
CVE-2023-22853 MISC MISC |
growthexperiments -- growthexperiments | In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 2023-01-11 | not yet calculated |
CVE-2023-22945 MISC MISC |
sugarcrm -- sugarcrm | In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. | 2023-01-11 | not yet calculated |
CVE-2023-22952 CONFIRM |
secure_login -- secure_login | The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | 2023-01-11 | not yet calculated |
CVE-2023-22958 MISC |
webchess -- webchess | WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). | 2023-01-11 | not yet calculated |
CVE-2023-22959 MISC MISC |
personnummer -- personnummer | The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. | 2023-01-11 | not yet calculated |
CVE-2023-22963 MISC MISC |
linux -- kernel | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 2023-01-12 | not yet calculated |
CVE-2023-23454 MISC MISC MISC |
linux -- kernel | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 2023-01-12 | not yet calculated |
CVE-2023-23455 MISC MISC MISC |
upx -- upx | A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. | 2023-01-12 | not yet calculated |
CVE-2023-23456 MISC MISC MISC |
upx -- upx | A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. | 2023-01-12 | not yet calculated |
CVE-2023-23457 MISC MISC MISC |
linux -- kernel | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | 2023-01-13 | not yet calculated |
CVE-2023-23559 MISC |
axigen -- axigen | A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. | 2023-01-13 | not yet calculated |
CVE-2023-23566 MISC MISC MISC MISC |
tor -- safesocks | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 2023-01-14 | not yet calculated |
CVE-2023-23589 MISC MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.