Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-01 CVE-2023-0454 Path Traversal vulnerability in Orangescrum 2.0.11
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server.
network
low complexity
orangescrum CWE-22
8.1
2023-02-01 CVE-2023-0524 Unspecified vulnerability in Tenable Nessus, Tenable.Io and Tenable.Sc
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally.
network
low complexity
tenable
8.8
2023-02-01 CVE-2023-24956 SQL Injection vulnerability in Forget Heart Message BOX Project Forget Heart Message BOX 1.1
Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php.
network
low complexity
forget-heart-message-box-project CWE-89
8.8
2023-01-31 CVE-2023-22610 Unspecified vulnerability in Schneider-Electric products
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port.
network
low complexity
schneider-electric
7.5
2023-01-31 CVE-2023-22611 Unspecified vulnerability in Schneider-Electric products
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port.
network
low complexity
schneider-electric
7.5
2023-01-31 CVE-2022-44645 Deserialization of Untrusted Data vulnerability in Apache Linkis
In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters.
network
low complexity
apache CWE-502
8.8
2023-01-31 CVE-2022-39059 ChangingTech MegaServiSignAdapter component has a path traversal vulnerability within its file reading function.
network
low complexity
CWE-22
7.5
2023-01-31 CVE-2022-25881 This affects versions of the package http-cache-semantics before 4.1.1.
network
low complexity
7.5
2023-01-31 CVE-2022-4041 Improper Privilege Management vulnerability in Hitachi Storage Plug-In 04.8.0/04.9.0
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.
network
low complexity
hitachi CWE-269
8.8
2023-01-31 CVE-2022-4441 Improper Privilege Management vulnerability in Hitachi Storage Plug-In 04.8.0/04.9.0
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.
network
low complexity
hitachi CWE-269
8.8